jdupouy_radicale3-auth-ldap/README.md

# What is this?
This is an authentication plugin for Radicale 3. It adds an LDAP authentication backend which can be used for authenticating users against an LDAP server.

# How to configure
You will need to set a few options inside your radicale config file. Example:

```
[auth]
type = radicale_auth_ldap

# LDAP server URL, with protocol and port
ldap_url = ldap://ldap:389

# LDAP base path
ldap_base = ou=Users,dc=TESTDOMAIN

# LDAP login attribute
ldap_attribute = uid

# LDAP filter string
# placed as X in a query of the form (&(...)X)
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
ldap_filter = (objectClass=person)

# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
# Leave empty if searches are anonymous
ldap_binddn = cn=admin,dc=TESTDOMAIN

# LDAP password for initial login, used with ldap_binddn
ldap_password = verysecurepassword

# LDAP scope of the search
ldap_scope = LEVEL

# LDAP extended option
# If the server is samba, ldap_support_extended is should be no
ldap_support_extended = yes
```
Add README 2017-06-25 13:38:41 +00:00			`# What is this?`
Update to support Radicale 3.x 2021-04-07 03:52:54 +00:00			`This is an authentication plugin for Radicale 3. It adds an LDAP authentication backend which can be used for authenticating users against an LDAP server.`
Add README 2017-06-25 13:38:41 +00:00
			`# How to configure`
			`You will need to set a few options inside your radicale config file. Example:`

			```
			`[auth]`
			`type = radicale_auth_ldap`

			`# LDAP server URL, with protocol and port`
			`ldap_url = ldap://ldap:389`

			`# LDAP base path`
			`ldap_base = ou=Users,dc=TESTDOMAIN`

			`# LDAP login attribute`
			`ldap_attribute = uid`

			`# LDAP filter string`
			`# placed as X in a query of the form (&(...)X)`
			`# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)`
			`ldap_filter = (objectClass=person)`

			`# LDAP dn for initial login, used if LDAP server does not allow anonymous searches`
			`# Leave empty if searches are anonymous`
			`ldap_binddn = cn=admin,dc=TESTDOMAIN`

			`# LDAP password for initial login, used with ldap_binddn`
			`ldap_password = verysecurepassword`

			`# LDAP scope of the search`
			`ldap_scope = LEVEL`
Add ldap_support_extended configuration * Add ldap_support_extended configuration For samba, extended command is not supported. To solve, add configuration to call whoami or not. ``` DEBUG:ldap3:EXTENDED:ldap message received via <ldaps://samba:636 - ssl - user: CN=test2,CN=Users,DC=samba,DC=dom - not lazy - bound - open - <local: 172.18.0.0:33916 - remote: 172.18.0.0:636> - tls not started - listening - SyncStrategy - internal decoder>: <<{'controls': None, << 'messageID': 9, << 'payload': [(0, False, 10, 2), << (0, False, 4, b''), << (0, << False, << 4, << b'Extended Operation(1.3.6.1.4.1.4203.1.11.3) not supported'), << (2, False, 10, b'1.3.6.1.4.1.4203.1.11.3')], << 'protocolOp': 24} DEBUG:ldap3:PROTOCOL:EXTENDED response <[{'result': 2, 'description': 'protocolError', 'dn': '', 'message': 'Extended Operation(1.3.6.1.4.1.4203.1.11.3) not supported', 'referrals': None, 'responseName': '1.3.6.1.4.1.4203.1.11.3', 'responseValue': b'', 'type': 'extendedResp'}]> received via <ldaps://samba:636 - ssl - user: CN=test2,CN=Users,DC=samba,DC=dom - not lazy - bound - open - <local: 172.18.0.0:33916 - remote: 172.18.0.0:636> - tls not started - listening - SyncStrategy - internal decoder> DEBUG:ldap3:BASIC:done EXTENDED operation, result <False> ``` * Update README.md 2019-05-23 12:35:06 +00:00
			`# LDAP extended option`
			`# If the server is samba, ldap_support_extended is should be no`
			`ldap_support_extended = yes`
Add README 2017-06-25 13:38:41 +00:00			```