Version 2020.0.dev2 with basic LDAP support is now available for testing

Ralph Seichter automx2 at seichter.de
Fri Jan 17 23:36:08 CET 2020


Good evening.

I have uploaded the first automx2 developer release[1] with basic LDAP
support. If you want to test it, I suggest you create a new database.
The updated DB schema is available on GitLab[2].

[1] https://pypi.org/project/automx2/2020.0.dev2/
[2] https://gitlab.com/automx/automx2/blob/master/contrib/sqlite-sample.sql

With version 2020.0.dev2 you can create 0..N records in a new table
'ldapserver'. Each Domain record can now contain a 'ldapserver_id' to
tie the domain to one of the defined LDAP servers. If that ID is NULL,
the domain will not cause LDAP lookups.

Example DB content:

  CREATE TABLE ldapserver (
    id INTEGER NOT NULL,
    name VARCHAR NOT NULL,
    port INTEGER NOT NULL,
    use_ssl BOOLEAN NOT NULL,
    search_base VARCHAR NOT NULL,
    search_filter VARCHAR NOT NULL,
    attr_uid VARCHAR NOT NULL,
    attr_cn VARCHAR,
    bind_password VARCHAR,
    bind_user VARCHAR,
    PRIMARY KEY (id),
    CHECK (use_ssl IN (0, 1))
  );

  INSERT INTO ldapserver VALUES(4321, 'ldap.example.com', 636, 1,
    'dc=example,dc=com', '(mail={0})', 'uid', 'cn',
    'secret', 'cn=automx2,dc=example,dc=com');

I hope that most columns are self-explanatory. The 'search_filter' value
should contain a {0} placeholder, which will be replaced with the email
address, e.g. '(mail={0})'. 'attr_uid' is mandatory and should contain
the name of the UID (Login-ID) attribute. 'attr_cn' is optional, and if
defined, it should contain the name of the CN (real name) attribute.

If you wish to specify 'bind_user' and 'bind_password', be aware that
the password is saved as a cleartext string in the database, so I highly
recommend you create a special user for automx2 and use SSL connections.
If no user/password is specified, the bind operation will be anonymous.

I hope I did not forget anything important. Of course the documentation
needs to be updated in the near future.

-Ralph


More information about the automx-users mailing list