Active Direcotry settings using django-auth-ldap

ad_settings.py

########################################################################
# LDAP Authentication
########################################################################
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
from django_auth_ldap.config import NestedActiveDirectoryGroupType

#AUTH_LDAP_START_TLS = True
AUTH_LDAP_GLOBAL_OPTIONS = {
    ldap.OPT_X_TLS_REQUIRE_CERT: False,
    ldap.OPT_REFERRALS: False,
    ldap.OPT_DEBUG_LEVEL: 1,
}

# Baseline configuration.
AUTH_LDAP_SERVER_URI = "ldap://myad.com:389" 

AUTH_LDAP_BIND_DN = 'CN=Bind User,OU=ArtificialUsers,OU=All Users,DC=MYAD,DC=COM'
AUTH_LDAP_BIND_PASSWORD = 'MyBindUserPassword!'
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
    LDAPSearch("OU=Administrators,OU=All Users,DC=MYAD,DC=COM", ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)'),
    LDAPSearch("OU=Editors,OU=All Users,DC=MYAD,DC=COM", ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)'),
    LDAPSearch("OU=Readers,OU=All Users,DC=MYAD,DC=COM", ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)'),
)
# or perhaps:
# AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=example,dc=com" 

AUTH_LDAP_ALWAYS_UPDATE_USER = True

# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=User Groups,OU=All Users,DC=MYAD,DC=COM", \
                    ldap.SCOPE_SUBTREE, "(objectClass=organizationalUnit)"),

#!important! set group type
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()

# Simple group restrictions
#~ AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=django,ou=groups,dc=example,dc=com" 
#~ AUTH_LDAP_DENY_GROUP = "cn=disabled,ou=django,ou=groups,dc=example,dc=com" 

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail" 
}

#~ AUTH_LDAP_PROFILE_ATTR_MAP = {
    #~ "employee_number": "employeeNumber" 
#~ }

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": ["CN=Administrators,OU=User Groups,OU=All Users,DC=MYAD,DC=COM", 
                "CN=Editors,OU=User Groups,OU=All Users,DC=MYAD,DC=COM",
                "CN=Readers,OU=User Groups,OU=All Users,DC=MYAD,DC=COM"],
    "is_staff": "CN=Editors,OU=All Users,DC=MYAD,DC=COM",
    "is_superuser": "CN=Administrators,OU=All Users,DC=MYAD,DC=COM",
}

#~ AUTH_LDAP_PROFILE_FLAGS_BY_GROUP = {
    #~ "is_awesome": "cn=awesome,ou=django,ou=groups,dc=example,dc=com",
#~ }

# important! to use the group's permission
#~ AUTH_LDAP_MIRROR_GROUPS = True

# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True

# Cache group memberships for an hour to minimize LDAP traffic
#~ AUTH_LDAP_CACHE_GROUPS = True
#~ AUTH_LDAP_GROUP_CACHE_TIMEOUT = 2

# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

import logging

logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel(logging.DEBUG)

##################################
# End LDAP Authentication Settings
###################################