Native LDAP support (#5226)

* Added basic ldap support * Added new settings to config template * Added missing apk dependency to dockerfile * update requirements.txt * Remove requirements and added docs * Update advanced.md * Added more ldap options * allow direct bind * add ldap debug mode * add ldap global_options * add start_tls * use get_boolean_setting * Update advanced.md to use a warning box * fix: style * Update advanced.md * Remove ldap install instructions for non docker installs
2025-06-19 13:35:40 +00:00 · 2023-10-04 22:52:36 +02:00
parent a6dbe185c6
commit 8ec04028d5
6 changed files with 130 additions and 3 deletions
--- a/InvenTree/config_template.yaml
+++ b/InvenTree/config_template.yaml
@ -233,6 +233,43 @@ remote_login_header: HTTP_REMOTE_USER
 #     KEYCLOAK_URL: 'https://keycloak.custom/auth'
 #     KEYCLOAK_REALM: 'master'

+# Add LDAP support
+# ldap:
+#   enabled: false
+#   debug: false  # enable debug mode to troubleshoot ldap configuration
+#   server_uri: ldaps://example.org
+#   bind_dn: cn=admin,dc=example,dc=org
+#   bind_password: admin_password
+#   search_base_dn: cn=Users,dc=example,dc=org
+
+#   # enable TLS encryption over the standard LDAP port,
+#   # see: https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-start-tls
+#   # start_tls: false
+
+#   # uncomment if you want to use direct bind, bind_dn and bin_password is not necessary then
+#   # user_dn_template: "uid=%(user)s,dc=example,dc=org"
+
+#   # uncomment to set advanced global options, see https://www.python-ldap.org/en/latest/reference/ldap.html#ldap-options
+#   # for all available options (keys and values starting with OPT_ get automatically converted to python-ldap keys)
+#   # global_options:
+#   #   OPT_X_TLS_REQUIRE_CERT: OPT_X_TLS_NEVER
+#   #   OPT_X_TLS_CACERTFILE: /opt/inventree/ldapca.pem
+
+#   # uncomment for advanced filter search, default: uid=%(user)s
+#   # search_filter_str:
+
+#   # uncomment for advanced user attribute mapping (in the format <InvenTree attribute>: <LDAP attribute>)
+#   # user_attr_map:
+#   #   first_name: givenName
+#   #   last_name: sn
+#   #   email: mail
+
+#   # always update the user on each login, default: true
+#   # always_update_user: true
+
+#   # cache timeout to reduce traffic with LDAP server, default: 3600 (1h)
+#   # cache_timeout: 3600
+
 # Customization options
 # Add custom messages to the login page or main interface navbar or exchange the logo
 # Use environment variable INVENTREE_CUSTOMIZE or INVENTREE_CUSTOM_LOGO