Discussion:
[Mayan EDMS: 598] Re: Active directory, LDAP integration
Brian Dunnette
2013-07-03 13:35:01 UTC
Permalink
Roberto-

Thanks - this was a huge help! I've gotten our install of Mayan
authenticating against our LDAP server; however, I'm also seeing frequent
errors in the logs, along the lines of:

ImproperlyConfigured: Error importing middleware common.middleware.
login_required_middleware: "cannot import name models"

Any idea what the fix for this might be?

Thanks,
Brian Dunnette
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.
Daniel Pastusek
2013-10-18 21:11:24 UTC
Permalink
Robert, Thanks for the great product. I am running into a similar issue
now. We have another Django instance running django-auth-ldap and it serves
as our CMS.

What I would like to do is be able to have a single sign on system (the CMS
be the provider, and Mayan be a consumer), so users don't have to
authenticate against both. I am trying to use
https://github.com/Nitron/django-cas-consumer and
https://github.com/Nitron/django-cas-provider but I am not sure Mayan is
actually authenticating hitting the authentication backends, despite adding
their config to the AUTHENTICATION_BACKENDS tuple. Does mayan do something
else with the authentication mechanism that would explain why this module
isn't being hit?

Thanks!
-Dan
Just recently at work I had to get our Mayan EDMS instance to authenticate
users against the main HQ Microsoft AD. The process was not difficult, but
it wasn't a breeze in the park either. This is how I did it in case it's
of help for anyone else.
I used these two libraries as they seemed the most maintained from the
quick search I did.
http://www.python-ldap.org/
http://packages.python.org/django-auth-ldap/
After figuring out the corresponding OU, CN and such (which took quite a
while since I'm not well versed in LDAP). For configuration options, Mayan
EDMS imports settings_local.py after importing settings.py to allow users
to override the defaults without modifying any file tracked by Git, this
makes upgrading by using Git's pull command extremely easy. My
import ldap
from django_auth_ldap.config import LDAPSearch
# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)
AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"
AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario
Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX'
AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX'
AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because
anonymous queries are not allowed in out organization's tree, my user
account is being used to do the query, but a dummy account will be created
and used later on. The AUTH_LDAP_USER_SEARCH =
LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't
very intuitive to figure out, this is not an issue of the library, but of
Active Directory and of our particular LDAP forrest.
http://stackoverflow.com/questions/6493985/django-auth-ldap
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.
Daniel Pastusek
2013-10-18 21:18:00 UTC
Permalink
Disregard. I simply didn't realize LOGIN_URL was defined further down in
the settings file. This now works perfectly! (with some minor modifications
to those 2 libraries to make them django 1.5+ compatible... I will submit a
pull request with my changes shortly in case anyone is interested)

Thanks again for your dedication Robert.

-Dan Pastusek
Just recently at work I had to get our Mayan EDMS instance to authenticate
users against the main HQ Microsoft AD. The process was not difficult, but
it wasn't a breeze in the park either. This is how I did it in case it's
of help for anyone else.
I used these two libraries as they seemed the most maintained from the
quick search I did.
http://www.python-ldap.org/
http://packages.python.org/django-auth-ldap/
After figuring out the corresponding OU, CN and such (which took quite a
while since I'm not well versed in LDAP). For configuration options, Mayan
EDMS imports settings_local.py after importing settings.py to allow users
to override the defaults without modifying any file tracked by Git, this
makes upgrading by using Git's pull command extremely easy. My
import ldap
from django_auth_ldap.config import LDAPSearch
# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)
AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"
AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario
Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX'
AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX'
AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because
anonymous queries are not allowed in out organization's tree, my user
account is being used to do the query, but a dummy account will be created
and used later on. The AUTH_LDAP_USER_SEARCH =
LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't
very intuitive to figure out, this is not an issue of the library, but of
Active Directory and of our particular LDAP forrest.
http://stackoverflow.com/questions/6493985/django-auth-ldap
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.
Pierluigi Tozzi
2013-11-25 07:30:25 UTC
Permalink
Thank You very much !!!
Pierluigi

Il giorno venerdì 13 gennaio 2012 20:10:52 UTC+1, Roberto Rosario ha
Just recently at work I had to get our Mayan EDMS instance to authenticate
users against the main HQ Microsoft AD. The process was not difficult, but
it wasn't a breeze in the park either. This is how I did it in case it's
of help for anyone else.
I used these two libraries as they seemed the most maintained from the
quick search I did.
http://www.python-ldap.org/<http://www.google.com/url?q=http%3A%2F%2Fwww.python-ldap.org%2F&sa=D&sntz=1&usg=AFQjCNGeTree8NYveTgXzZyZWO5FR8sG8Q>
http://packages.python.org/django-auth-ldap/<http://www.google.com/url?q=http%3A%2F%2Fpackages.python.org%2Fdjango-auth-ldap%2F&sa=D&sntz=1&usg=AFQjCNG_ezG4UjvIaWIHOLPhkkwkVgr3Xw>
After figuring out the corresponding OU, CN and such (which took quite a
while since I'm not well versed in LDAP). For configuration options, Mayan
EDMS imports settings_local.py after importing settings.py to allow users
to override the defaults without modifying any file tracked by Git, this
makes upgrading by using Git's pull command extremely easy. My
import ldap
from django_auth_ldap.config import LDAPSearch
# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)
AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"
AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario
Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX'
AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX'
AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because
anonymous queries are not allowed in out organization's tree, my user
account is being used to do the query, but a dummy account will be created
and used later on. The AUTH_LDAP_USER_SEARCH =
LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't
very intuitive to figure out, this is not an issue of the library, but of
Active Directory and of our particular LDAP forrest.
http://stackoverflow.com/questions/6493985/django-auth-ldap<http://www.google.com/url?q=http%3A%2F%2Fstackoverflow.com%2Fquestions%2F6493985%2Fdjango-auth-ldap&sa=D&sntz=1&usg=AFQjCNHlxZS2z8v0MLf6N7ZH6NHm3Fwerw>
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.
bikerfreak714
2014-08-07 18:30:37 UTC
Permalink
I can't seem to make this work. Where doe this file needs to go?
Currently have 1.0rc3 installed. I created a file under
venv/lib/python2.6/site-packages/mayan/apps/main/conf/settings_local.py and
it doesn't seem to be reading it.

Thanks
Just recently at work I had to get our Mayan EDMS instance to authenticate
users against the main HQ Microsoft AD. The process was not difficult, but
it wasn't a breeze in the park either. This is how I did it in case it's
of help for anyone else.
I used these two libraries as they seemed the most maintained from the
quick search I did.
http://www.python-ldap.org/
http://packages.python.org/django-auth-ldap/
After figuring out the corresponding OU, CN and such (which took quite a
while since I'm not well versed in LDAP). For configuration options, Mayan
EDMS imports settings_local.py after importing settings.py to allow users
to override the defaults without modifying any file tracked by Git, this
makes upgrading by using Git's pull command extremely easy. My
import ldap
from django_auth_ldap.config import LDAPSearch
# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)
AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"
AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario
Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX'
AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX'
AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because
anonymous queries are not allowed in out organization's tree, my user
account is being used to do the query, but a dummy account will be created
and used later on. The AUTH_LDAP_USER_SEARCH =
LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't
very intuitive to figure out, this is not an issue of the library, but of
Active Directory and of our particular LDAP forrest.
http://stackoverflow.com/questions/6493985/django-auth-ldap
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/d/optout.
Roberto Rosario
2014-08-07 21:38:39 UTC
Permalink
It should go in
*venv/lib/python2.6/site-packages/mayan/settings/settings_local.py* and
then specify the settings module when launching Mayan with mayan-edms.py
--settings=mayan.settings.setting_local

http://mayan.readthedocs.org/en/latest/intro/installation.html#production-use
Post by bikerfreak714
I can't seem to make this work. Where doe this file needs to go?
Currently have 1.0rc3 installed. I created a file under
venv/lib/python2.6/site-packages/mayan/apps/main/conf/settings_local.py and
it doesn't seem to be reading it.
Thanks
Just recently at work I had to get our Mayan EDMS instance to
authenticate users against the main HQ Microsoft AD. The process was not
difficult, but it wasn't a breeze in the park either. This is how I did it
in case it's of help for anyone else.
I used these two libraries as they seemed the most maintained from the
quick search I did.
http://www.python-ldap.org/
http://packages.python.org/django-auth-ldap/
After figuring out the corresponding OU, CN and such (which took quite a
while since I'm not well versed in LDAP). For configuration options, Mayan
EDMS imports settings_local.py after importing settings.py to allow users
to override the defaults without modifying any file tracked by Git, this
makes upgrading by using Git's pull command extremely easy. My
import ldap
from django_auth_ldap.config import LDAPSearch
# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)
AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"
AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario
Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX'
AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX'
AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because
anonymous queries are not allowed in out organization's tree, my user
account is being used to do the query, but a dummy account will be created
and used later on. The AUTH_LDAP_USER_SEARCH =
LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't
very intuitive to figure out, this is not an issue of the library, but of
Active Directory and of our particular LDAP forrest.
http://stackoverflow.com/questions/6493985/django-auth-ldap
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/d/optout.
bikerfreak714
2014-08-12 02:07:39 UTC
Permalink
Thanks Roberto. I was able to get LDAP authentication to work! But when a
new user logs in for the first time using LDAP, it creates a user account,
but marks the user as not having a "usable password" Is there a way to
prevent this so full user creation can be automated? At the moment, each
user that logs in needs to wait for the admin to go in and reset the
password.
Just recently at work I had to get our Mayan EDMS instance to authenticate
users against the main HQ Microsoft AD. The process was not difficult, but
it wasn't a breeze in the park either. This is how I did it in case it's
of help for anyone else.
I used these two libraries as they seemed the most maintained from the
quick search I did.
http://www.python-ldap.org/
http://packages.python.org/django-auth-ldap/
After figuring out the corresponding OU, CN and such (which took quite a
while since I'm not well versed in LDAP). For configuration options, Mayan
EDMS imports settings_local.py after importing settings.py to allow users
to override the defaults without modifying any file tracked by Git, this
makes upgrading by using Git's pull command extremely easy. My
import ldap
from django_auth_ldap.config import LDAPSearch
# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)
AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"
AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario
Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX'
AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX'
AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because
anonymous queries are not allowed in out organization's tree, my user
account is being used to do the query, but a dummy account will be created
and used later on. The AUTH_LDAP_USER_SEARCH =
LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't
very intuitive to figure out, this is not an issue of the library, but of
Active Directory and of our particular LDAP forrest.
http://stackoverflow.com/questions/6493985/django-auth-ldap
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/d/optout.
Victor Zele
2016-04-22 16:34:24 UTC
Permalink
Any updates for this to work on 2.0.2 Mayan? I have tried the below
changes to my local.py but the users do not seem to show up or work?

thanks,
Victor
Just recently at work I had to get our Mayan EDMS instance to authenticate
users against the main HQ Microsoft AD. The process was not difficult, but
it wasn't a breeze in the park either. This is how I did it in case it's
of help for anyone else.
I used these two libraries as they seemed the most maintained from the
quick search I did.
http://www.python-ldap.org/
http://packages.python.org/django-auth-ldap/
After figuring out the corresponding OU, CN and such (which took quite a
while since I'm not well versed in LDAP). For configuration options, Mayan
EDMS imports settings_local.py after importing settings.py to allow users
to override the defaults without modifying any file tracked by Git, this
makes upgrading by using Git's pull command extremely easy. My
import ldap
from django_auth_ldap.config import LDAPSearch
# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)
AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"
AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario
Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX'
AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX'
AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because
anonymous queries are not allowed in out organization's tree, my user
account is being used to do the query, but a dummy account will be created
and used later on. The AUTH_LDAP_USER_SEARCH =
LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't
very intuitive to figure out, this is not an issue of the library, but of
Active Directory and of our particular LDAP forrest.
http://stackoverflow.com/questions/6493985/django-auth-ldap
--
*CONFIDENTIALITY NOTICE: *

*This transmission may contain information which is Vimo, Inc. (DBA
Getinsured) confidential and/or legally privileged. The information is
intended only for the use of the individual or entity named on this
transmission. If you are not the intended recipient, you are hereby
notified that any disclosure, copying, or distribution of the contents of
this transmission is strictly prohibited. If you have received this
transmission in error, please immediately notify me by return e-mail and
destroy all copies of the original message.*
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Victor Zele
2016-04-22 17:11:20 UTC
Permalink
I can confirm this works for 2.0.2 LDAP authentication adding to the
local.py settings file. The usable password is marked red which is correct
since the password is managed in LDAP/AD.
--
*CONFIDENTIALITY NOTICE: *

*This transmission may contain information which is Vimo, Inc. (DBA
Getinsured) confidential and/or legally privileged. The information is
intended only for the use of the individual or entity named on this
transmission. If you are not the intended recipient, you are hereby
notified that any disclosure, copying, or distribution of the contents of
this transmission is strictly prohibited. If you have received this
transmission in error, please immediately notify me by return e-mail and
destroy all copies of the original message.*
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Roberto Rosario
2016-04-26 22:34:49 UTC
Permalink
Thank you for confirming that this still works!
Post by Victor Zele
I can confirm this works for 2.0.2 LDAP authentication adding to the
local.py settings file. The usable password is marked red which is correct
since the password is managed in LDAP/AD.
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subhash Pant
2016-06-03 18:01:05 UTC
Permalink
Roberto,

I am adding the following code segment to local.py, with my LDAP setting. I
have an older version of Mayan that has LDAP working, but looks like a few
filenames have changed on the new releases.

I included the code in the local.py and ran mayan-edms.py initialsetup.
However, I could not get the LDAP/AD to work. Am I missing anything?

Thanks.
Post by Roberto Rosario
Thank you for confirming that this still works!
Post by Victor Zele
I can confirm this works for 2.0.2 LDAP authentication adding to the
local.py settings file. The usable password is marked red which is correct
since the password is managed in LDAP/AD.
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Victor Zele
2016-06-07 21:08:37 UTC
Permalink
I ran the update to 2.1.1 and my Active Director/LDAP auth is still working
as expected.

Below is what I had to set in my /usr/share/mayan-edms/local.py file after
PIP installing the LDAP modules with:

*pip install ldap*
*pip install python-ldap*
*pip install django-auth-ldap*

Victor
========================
from __future__ import absolute_import

from .base import *

import ldap
from django_auth_ldap.config import LDAPSearch

#### ----cut ---
# End of file inserted

AUTH_LDAP_SERVER_URI = "ldap://AD-Servername:389"
AUTH_LDAP_BIND_DN = 'CN=BINDUSERNAME,CN=BINDUSERCN,DC=YOURDOMAIN,DC=com'
AUTH_LDAP_BIND_PASSWORD = 'BindPassword'
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=youruserOU,DC=yourdomain,DC=com',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)

===========================
Then run,

*supervisorctl stop all*
*mayan-edms.py collectstatic --noinput*
*supervisorctl start all*
Post by Subhash Pant
Roberto,
I am adding the following code segment to local.py, with my LDAP setting.
I have an older version of Mayan that has LDAP working, but looks like a
few filenames have changed on the new releases.
I included the code in the local.py and ran mayan-edms.py initialsetup.
However, I could not get the LDAP/AD to work. Am I missing anything?
Thanks.
Post by Roberto Rosario
Thank you for confirming that this still works!
Post by Victor Zele
I can confirm this works for 2.0.2 LDAP authentication adding to the
local.py settings file. The usable password is marked red which is correct
since the password is managed in LDAP/AD.
--
*CONFIDENTIALITY NOTICE: *

*This transmission may contain information which is Vimo, Inc. (DBA
Getinsured) confidential and/or legally privileged. The information is
intended only for the use of the individual or entity named on this
transmission. If you are not the intended recipient, you are hereby
notified that any disclosure, copying, or distribution of the contents of
this transmission is strictly prohibited. If you have received this
transmission in error, please immediately notify me by return e-mail and
destroy all copies of the original message.*
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Roberto Rosario
2016-06-09 22:13:40 UTC
Permalink
I see a lot of value in including this in the documentation. Are you
willing to maintain this part of the docs if included? How about adding a
basic install step for a standalone OpenLDAP server?
Post by Victor Zele
I ran the update to 2.1.1 and my Active Director/LDAP auth is still
working as expected.
Below is what I had to set in my /usr/share/mayan-edms/local.py file after
*pip install ldap*
*pip install python-ldap*
*pip install django-auth-ldap*
Victor
========================
from __future__ import absolute_import
from .base import *
import ldap
from django_auth_ldap.config import LDAPSearch
#### ----cut ---
# End of file inserted
AUTH_LDAP_SERVER_URI = "ldap://AD-Servername:389"
AUTH_LDAP_BIND_DN = 'CN=BINDUSERNAME,CN=BINDUSERCN,DC=YOURDOMAIN,DC=com'
AUTH_LDAP_BIND_PASSWORD = 'BindPassword'
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=youruserOU,DC=yourdomain,DC=com',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
===========================
Then run,
*supervisorctl stop all*
*mayan-edms.py collectstatic --noinput*
*supervisorctl start all*
Post by Subhash Pant
Roberto,
I am adding the following code segment to local.py, with my LDAP setting.
I have an older version of Mayan that has LDAP working, but looks like a
few filenames have changed on the new releases.
I included the code in the local.py and ran mayan-edms.py initialsetup.
However, I could not get the LDAP/AD to work. Am I missing anything?
Thanks.
Post by Roberto Rosario
Thank you for confirming that this still works!
Post by Victor Zele
I can confirm this works for 2.0.2 LDAP authentication adding to the
local.py settings file. The usable password is marked red which is correct
since the password is managed in LDAP/AD.
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Victor Zele
2016-06-16 22:47:44 UTC
Permalink
Sure. But I find the documention build process complex and hard to figure
out. Its easy for a novice to just post to this Google forum. I don't use
OpenLDAP just linked to our existing Corp AD.

:)
Post by Roberto Rosario
I see a lot of value in including this in the documentation. Are you
willing to maintain this part of the docs if included? How about adding a
basic install step for a standalone OpenLDAP server?
Post by Victor Zele
I ran the update to 2.1.1 and my Active Director/LDAP auth is still
working as expected.
Below is what I had to set in my /usr/share/mayan-edms/local.py file
*pip install ldap*
*pip install python-ldap*
*pip install django-auth-ldap*
Victor
========================
from __future__ import absolute_import
from .base import *
import ldap
from django_auth_ldap.config import LDAPSearch
#### ----cut ---
# End of file inserted
AUTH_LDAP_SERVER_URI = "ldap://AD-Servername:389"
AUTH_LDAP_BIND_DN = 'CN=BINDUSERNAME,CN=BINDUSERCN,DC=YOURDOMAIN,DC=com'
AUTH_LDAP_BIND_PASSWORD = 'BindPassword'
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=youruserOU,DC=yourdomain,DC=com',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
===========================
Then run,
*supervisorctl stop all*
*mayan-edms.py collectstatic --noinput*
*supervisorctl start all*
Post by Subhash Pant
Roberto,
I am adding the following code segment to local.py, with my LDAP
setting. I have an older version of Mayan that has LDAP working, but looks
like a few filenames have changed on the new releases.
I included the code in the local.py and ran mayan-edms.py initialsetup.
However, I could not get the LDAP/AD to work. Am I missing anything?
Thanks.
Post by Roberto Rosario
Thank you for confirming that this still works!
Post by Victor Zele
I can confirm this works for 2.0.2 LDAP authentication adding to the
local.py settings file. The usable password is marked red which is correct
since the password is managed in LDAP/AD.
--
*CONFIDENTIALITY NOTICE: *

*This transmission may contain information which is Vimo, Inc. (DBA
Getinsured) confidential and/or legally privileged. The information is
intended only for the use of the individual or entity named on this
transmission. If you are not the intended recipient, you are hereby
notified that any disclosure, copying, or distribution of the contents of
this transmission is strictly prohibited. If you have received this
transmission in error, please immediately notify me by return e-mail and
destroy all copies of the original message.*
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Roberto Rosario
2016-06-16 23:10:25 UTC
Permalink
How about switching documentation to something like http://www.mkdocs.org/?
Uses markdown which simpler.
Post by Victor Zele
Sure. But I find the documention build process complex and hard to
figure out. Its easy for a novice to just post to this Google forum. I
don't use OpenLDAP just linked to our existing Corp AD.
:)
Post by Roberto Rosario
I see a lot of value in including this in the documentation. Are you
willing to maintain this part of the docs if included? How about adding a
basic install step for a standalone OpenLDAP server?
Post by Victor Zele
I ran the update to 2.1.1 and my Active Director/LDAP auth is still
working as expected.
Below is what I had to set in my /usr/share/mayan-edms/local.py file
*pip install ldap*
*pip install python-ldap*
*pip install django-auth-ldap*
Victor
========================
from __future__ import absolute_import
from .base import *
import ldap
from django_auth_ldap.config import LDAPSearch
#### ----cut ---
# End of file inserted
AUTH_LDAP_SERVER_URI = "ldap://AD-Servername:389"
AUTH_LDAP_BIND_DN = 'CN=BINDUSERNAME,CN=BINDUSERCN,DC=YOURDOMAIN,DC=com'
AUTH_LDAP_BIND_PASSWORD = 'BindPassword'
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=youruserOU,DC=yourdomain,DC=com',
ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)')
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
===========================
Then run,
*supervisorctl stop all*
*mayan-edms.py collectstatic --noinput*
*supervisorctl start all*
Post by Subhash Pant
Roberto,
I am adding the following code segment to local.py, with my LDAP
setting. I have an older version of Mayan that has LDAP working, but looks
like a few filenames have changed on the new releases.
I included the code in the local.py and ran mayan-edms.py
initialsetup. However, I could not get the LDAP/AD to work. Am I missing
anything?
Thanks.
Post by Roberto Rosario
Thank you for confirming that this still works!
Post by Victor Zele
I can confirm this works for 2.0.2 LDAP authentication adding to the
local.py settings file. The usable password is marked red which is correct
since the password is managed in LDAP/AD.
*CONFIDENTIALITY NOTICE: *
*This transmission may contain information which is Vimo, Inc. (DBA
Getinsured) confidential and/or legally privileged. The information is
intended only for the use of the individual or entity named on this
transmission. If you are not the intended recipient, you are hereby
notified that any disclosure, copying, or distribution of the contents of
this transmission is strictly prohibited. If you have received this
transmission in error, please immediately notify me by return e-mail and
destroy all copies of the original message.*
--
---
You received this message because you are subscribed to the Google Groups
"Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Victor Zele
2016-06-22 20:51:48 UTC
Permalink
I can try that if you think its easier.
Post by Roberto Rosario
How about switching documentation to something like http://www.mkdocs.org/?
Uses markdown which simpler.
Post by Victor Zele
Sure. But I find the documention build process complex and hard to
figure out. Its easy for a novice to just post to this Google forum. I
don't use OpenLDAP just linked to our existing Corp AD.
:)
Post by Roberto Rosario
I see a lot of value in including this in the documentation. Are you
willing to maintain this part of the docs if included? How about adding a
basic install step for a standalone OpenLDAP server?
---
You received this message because you are subscribed to the Google Groups
"Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.
--
*CONFIDENTIALITY NOTICE: *

*This transmission may contain information which is Vimo, Inc. (DBA
Getinsured) confidential and/or legally privileged. The information is
intended only for the use of the individual or entity named on this
transmission. If you are not the intended recipient, you are hereby
notified that any disclosure, copying, or distribution of the contents of
this transmission is strictly prohibited. If you have received this
transmission in error, please immediately notify me by return e-mail and
destroy all copies of the original message.*
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Roberto Rosario
2016-07-05 23:13:30 UTC
Permalink
I gave it a try and it has too many shortcomings. Retaining the current
custom setup of Sphinx for the time being.
Post by Victor Zele
I can try that if you think its easier.
Post by Roberto Rosario
How about switching documentation to something like
http://www.mkdocs.org/? Uses markdown which simpler.
Post by Victor Zele
Sure. But I find the documention build process complex and hard to
figure out. Its easy for a novice to just post to this Google forum. I
don't use OpenLDAP just linked to our existing Corp AD.
:)
Post by Roberto Rosario
I see a lot of value in including this in the documentation. Are you
willing to maintain this part of the docs if included? How about adding a
basic install step for a standalone OpenLDAP server?
---
You received this message because you are subscribed to the Google
Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
concasau
2017-09-15 02:02:19 UTC
Permalink
Hi all,

I am using Mayan EDMS through Docker, how can and where I configure and
enable LDAP function on.

Thanks all,

Joe Nguyen



--
Sent from: http://mayan-edms.1003.x6.nabble.com/
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Roberto Rosario
2017-09-15 20:07:13 UTC
Permalink
We are working on
it: https://gitlab.com/mayan-edms/mayan-edms-docker/issues/16#note_40193691

Subscribe to the issue to get the latest updates.
Post by concasau
Hi all,
I am using Mayan EDMS through Docker, how can and where I configure and
enable LDAP function on.
Thanks all,
Joe Nguyen
--
Sent from: http://mayan-edms.1003.x6.nabble.com/
--
---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mayan-edms+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...