Created
May 11, 2021 23:02
-
-
Save born2discover/7aa98db522fbd842af478b9f7c5cc8ba to your computer and use it in GitHub Desktop.
Redash LDAP Authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def auth_ldap_user(username, password): | |
| server = Server(settings.LDAP_HOST_URL, use_ssl=settings.LDAP_SSL) | |
| if settings.LDAP_BIND_DN is not None: | |
| conn = Connection( | |
| server, | |
| settings.LDAP_BIND_DN, | |
| password=settings.LDAP_BIND_DN_PASSWORD, | |
| authentication=settings.LDAP_AUTH_METHOD, | |
| auto_bind=True, | |
| ) | |
| else: | |
| conn = Connection(server, auto_bind=True) | |
| conn.search( | |
| settings.LDAP_SEARCH_DN, | |
| settings.LDAP_SEARCH_TEMPLATE % {"username": username}, | |
| attributes=[settings.LDAP_DISPLAY_NAME_KEY, settings.LDAP_EMAIL_KEY], | |
| ) | |
| if len(conn.entries) == 0: | |
| return None | |
| user = conn.entries[0] | |
| if not conn.rebind(user=user.entry_dn, password=password): | |
| return None | |
| return user |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If the organization setting auth_password_login_enabled is not false, then users will still be | |
| # able to login through Redash instead of the LDAP server | |
| LDAP_LOGIN_ENABLED = parse_boolean(os.environ.get("REDASH_LDAP_LOGIN_ENABLED", "false")) | |
| # Bind LDAP using SSL. Default is False | |
| LDAP_SSL = parse_boolean(os.environ.get("REDASH_LDAP_USE_SSL", "false")) | |
| # Choose authentication method(SIMPLE, ANONYMOUS or NTLM). Default is SIMPLE | |
| LDAP_AUTH_METHOD = os.environ.get("REDASH_LDAP_AUTH_METHOD", "SIMPLE") | |
| # The LDAP directory address (ex. ldap://10.0.10.1:389) | |
| LDAP_HOST_URL = os.environ.get("REDASH_LDAP_URL", None) | |
| # The DN & password used to connect to LDAP to determine the identity of the user being authenticated. | |
| # For AD this should be "org\\user". | |
| LDAP_BIND_DN = os.environ.get("REDASH_LDAP_BIND_DN", None) | |
| LDAP_BIND_DN_PASSWORD = os.environ.get("REDASH_LDAP_BIND_DN_PASSWORD", "") | |
| # AD/LDAP email and display name keys | |
| LDAP_DISPLAY_NAME_KEY = os.environ.get("REDASH_LDAP_DISPLAY_NAME_KEY", "displayName") | |
| LDAP_EMAIL_KEY = os.environ.get("REDASH_LDAP_EMAIL_KEY", "mail") | |
| # Prompt that should be shown above username/email field. | |
| LDAP_CUSTOM_USERNAME_PROMPT = os.environ.get( | |
| "REDASH_LDAP_CUSTOM_USERNAME_PROMPT", "LDAP/AD/SSO username:" | |
| ) | |
| # LDAP Search DN TEMPLATE (for AD this should be "(sAMAccountName=%(username)s)"") | |
| LDAP_SEARCH_TEMPLATE = os.environ.get( | |
| "REDASH_LDAP_SEARCH_TEMPLATE", "(cn=%(username)s)" | |
| ) | |
| # The schema to bind to (ex. cn=users,dc=ORG,dc=local) | |
| LDAP_SEARCH_DN = os.environ.get( | |
| "REDASH_LDAP_SEARCH_DN", os.environ.get("REDASH_SEARCH_DN") | |
| ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment