Version 2020.0.dev2 with basic LDAP support is now available for testing
Ralph Seichter
automx2 at seichter.de
Fri Jan 17 23:36:08 CET 2020
Good evening.
I have uploaded the first automx2 developer release[1] with basic LDAP
support. If you want to test it, I suggest you create a new database.
The updated DB schema is available on GitLab[2].
[1] https://pypi.org/project/automx2/2020.0.dev2/
[2] https://gitlab.com/automx/automx2/blob/master/contrib/sqlite-sample.sql
With version 2020.0.dev2 you can create 0..N records in a new table
'ldapserver'. Each Domain record can now contain a 'ldapserver_id' to
tie the domain to one of the defined LDAP servers. If that ID is NULL,
the domain will not cause LDAP lookups.
Example DB content:
CREATE TABLE ldapserver (
id INTEGER NOT NULL,
name VARCHAR NOT NULL,
port INTEGER NOT NULL,
use_ssl BOOLEAN NOT NULL,
search_base VARCHAR NOT NULL,
search_filter VARCHAR NOT NULL,
attr_uid VARCHAR NOT NULL,
attr_cn VARCHAR,
bind_password VARCHAR,
bind_user VARCHAR,
PRIMARY KEY (id),
CHECK (use_ssl IN (0, 1))
);
INSERT INTO ldapserver VALUES(4321, 'ldap.example.com', 636, 1,
'dc=example,dc=com', '(mail={0})', 'uid', 'cn',
'secret', 'cn=automx2,dc=example,dc=com');
I hope that most columns are self-explanatory. The 'search_filter' value
should contain a {0} placeholder, which will be replaced with the email
address, e.g. '(mail={0})'. 'attr_uid' is mandatory and should contain
the name of the UID (Login-ID) attribute. 'attr_cn' is optional, and if
defined, it should contain the name of the CN (real name) attribute.
If you wish to specify 'bind_user' and 'bind_password', be aware that
the password is saved as a cleartext string in the database, so I highly
recommend you create a special user for automx2 and use SSL connections.
If no user/password is specified, the bind operation will be anonymous.
I hope I did not forget anything important. Of course the documentation
needs to be updated in the near future.
-Ralph
More information about the automx-users
mailing list