Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP Authentication. Create two envars REDASH_LDAP_USE_SSL and REDASH_LDAP_AUTH_BIND #2776

Merged
merged 8 commits into from
Feb 28, 2019
6 changes: 3 additions & 3 deletions redash/authentication/ldap_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from flask_login import current_user, login_required, login_user, logout_user

try:
from ldap3 import Server, Connection, SIMPLE
from ldap3 import Server, Connection, SIMPLE, ANONYMOUS, NTLM
except ImportError:
if settings.LDAP_LOGIN_ENABLED:
logger.error("The ldap3 library was not found. This is required to use LDAP authentication (see requirements.txt).")
Expand Down Expand Up @@ -58,8 +58,8 @@ def login(org_slug=None):


def auth_ldap_user(username, password):
server = Server(settings.LDAP_HOST_URL)
conn = Connection(server, settings.LDAP_BIND_DN, password=settings.LDAP_BIND_DN_PASSWORD, authentication=SIMPLE, auto_bind=True)
server = Server(settings.LDAP_HOST_URL, use_ssl=settings.LDAP_SSL)
conn = Connection(server, settings.LDAP_BIND_DN, password=settings.LDAP_BIND_DN_PASSWORD, authentication=settings.LDAP_AUTH_METHOD, auto_bind=True)

conn.search(settings.LDAP_SEARCH_DN, settings.LDAP_SEARCH_TEMPLATE % {"username": username}, attributes=[settings.LDAP_DISPLAY_NAME_KEY, settings.LDAP_EMAIL_KEY])

Expand Down
4 changes: 4 additions & 0 deletions redash/settings/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,10 @@ def all_settings():
# If the organization setting auth_password_login_enabled is not false, then users will still be
# able to login through Redash instead of the LDAP server
LDAP_LOGIN_ENABLED = parse_boolean(os.environ.get('REDASH_LDAP_LOGIN_ENABLED', 'false'))
# Bind LDAP using SSL. Default is False
LDAP_SSL = parse_boolean(os.environ.get('REDASH_LDAP_USE_SSL', 'false'))
# Choose authentication method(SIMPLE, ANONYMOUS or NTLM). Default is SIMPLE
LDAP_AUTH_METHOD = os.environ.get('REDASH_LDAP_AUTH_METHOD', 'SIMPLE')
# The LDAP directory address (ex. ldap://10.0.10.1:389)
LDAP_HOST_URL = os.environ.get('REDASH_LDAP_URL', None)
# The DN & password used to connect to LDAP to determine the identity of the user being authenticated.
Expand Down