[PR #1214] [MERGED] Add LDAP support #1354

New issue

Closed

opened 2026-03-01 14:49:27 +03:00 by kerem · 0 comments

kerem commented 2026-03-01 14:49:27 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/ArchiveBox/ArchiveBox/pull/1214
Author: @DanielBatteryStapler
Created: 8/18/2023
Status: ✅ Merged
Merged: 9/4/2023
Merged by: @pirate

Base: dev ← Head: DanielBatteryStapler-patch-1

---

📝 Commits (2)

• 23f086a add LDAP support
• 110a22e Merge branch 'dev' into DanielBatteryStapler-patch-1

📊 Changes

4 files changed (+65 additions, -4 deletions)

View changed files

📝 Dockerfile (+2 -2)
📝 archivebox/config.py (+11 -1)
📝 archivebox/core/settings.py (+51 -1)
📝 setup.py (+1 -0)

📄 Description

Summary

This project uses Django, which has an LDAP authentication backend that can be enabled (if you install it). These changes add the required configuration options to select and configure this backend to be used instead of Django's internal user backend.

Example environment variable configuration:

LDAP: "True"
LDAP_SERVER_URI: "ldap://daniel-authenticator:3389"
LDAP_BIND_DN: "ou=archivebox,ou=services,dc=daniel-authenticator"
LDAP_BIND_PASSWORD: "secret-bind-user-password"
LDAP_USER_BASE: "ou=users,ou=archivebox,ou=services,dc=daniel-authenticator"
LDAP_USER_FILTER: "(objectClass=user)"

LDAP_USERNAME_ATTR: "uid"
LDAP_FIRSTNAME_ATTR: "givenName"
LDAP_LASTNAME_ATTR: "sn"
LDAP_EMAIL_ATTR: "mail"

This configuration works against the LDAP server I use. There should be sufficient configuration options to work with any LDAP server, if properly configured.

The "LDAP" option defaults to False, in which case there are no changes to how Django handles authentication.

There is a bit of an annoyance with how this currently works, which is that when a user logins in for the first time, they are denied because they are not "staff". Once they get denied login for the first time, an existing superuser can mark them as "superuser" and then they will be able to login properly. I tried to figure out a way to set all LDAP users to superuser by default as a workaround, but I couldn't figure it out so that is not included in this PR. For now though, this behavior is okay for me personally because user authentication is still handled centrally, even if I have to specifically set all the users I want to have superuser permissions to actually be able to login. If in the future ArchiveBox does not require any special user permissions to login, then first-time logins will succeed.

Related issues

#554
Also I want all user authentication to go through LDAP on my personal server, so I went ahead and add that functionality.

Changes these areas

• Bugfixes
• Feature behavior
• Command line interface
• Configuration options
• Internal architecture
• Snapshot data layout on disk

Let me know if there is anything I can do to help get this merged.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ArchiveBox/ArchiveBox/pull/1214 **Author:** [@DanielBatteryStapler](https://github.com/DanielBatteryStapler) **Created:** 8/18/2023 **Status:** ✅ Merged **Merged:** 9/4/2023 **Merged by:** [@pirate](https://github.com/pirate) **Base:** `dev` ← **Head:** `DanielBatteryStapler-patch-1` --- ### 📝 Commits (2) - [`23f086a`](https://github.com/ArchiveBox/ArchiveBox/commit/23f086aa403b68045da704e6b5f3509c1b650190) add LDAP support - [`110a22e`](https://github.com/ArchiveBox/ArchiveBox/commit/110a22ee32d01b81bde11f8445bdb4b54e84f891) Merge branch 'dev' into DanielBatteryStapler-patch-1 ### 📊 Changes **4 files changed** (+65 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `Dockerfile` (+2 -2) 📝 `archivebox/config.py` (+11 -1) 📝 `archivebox/core/settings.py` (+51 -1) 📝 `setup.py` (+1 -0) </details> ### 📄 Description <!-- IMPORTANT: Do not submit PRs with only formatting / PEP8 / line length changes. --> # Summary This project uses Django, which has an LDAP authentication backend that can be enabled (if you install it). These changes add the required configuration options to select and configure this backend to be used instead of Django's internal user backend. Example environment variable configuration: ``` LDAP: "True" LDAP_SERVER_URI: "ldap://daniel-authenticator:3389" LDAP_BIND_DN: "ou=archivebox,ou=services,dc=daniel-authenticator" LDAP_BIND_PASSWORD: "secret-bind-user-password" LDAP_USER_BASE: "ou=users,ou=archivebox,ou=services,dc=daniel-authenticator" LDAP_USER_FILTER: "(objectClass=user)" LDAP_USERNAME_ATTR: "uid" LDAP_FIRSTNAME_ATTR: "givenName" LDAP_LASTNAME_ATTR: "sn" LDAP_EMAIL_ATTR: "mail" ``` This configuration works against [the LDAP server I use](https://github.com/DanielBatteryStapler/daniel-authenticator). There should be sufficient configuration options to work with any LDAP server, if properly configured. The "LDAP" option defaults to False, in which case there are no changes to how Django handles authentication. There is a bit of an annoyance with how this currently works, which is that when a user logins in for the first time, they are denied because they are not "staff". Once they get denied login for the first time, an existing superuser can mark them as "superuser" and then they will be able to login properly. I tried to figure out a way to set all LDAP users to superuser by default as a workaround, but I couldn't figure it out so that is not included in this PR. For now though, this behavior is okay for me personally because user authentication is still handled centrally, even if I have to specifically set all the users I want to have superuser permissions to actually be able to login. If in the future ArchiveBox does not require any special user permissions to login, then first-time logins will succeed. # Related issues #554 Also I want all user authentication to go through LDAP on my personal server, so I went ahead and add that functionality. # Changes these areas - [ ] Bugfixes - [X] Feature behavior - [ ] Command line interface - [X] Configuration options - [ ] Internal architecture - [ ] Snapshot data layout on disk Let me know if there is anything I can do to help get this merged. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-01 14:49:27 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-03-01 14:49:35 +03:00

[PR #1354] [CLOSED] Bump the npm_and_yarn group across 1 directories with 1 update #1387

kerem referenced this issue 2026-03-01 18:01:04 +03:00

[PR #1354] Bump the npm_and_yarn group across 1 directories with 1 update #2897

kerem referenced this issue 2026-03-15 01:42:33 +03:00

[PR #1354] [CLOSED] Bump the npm_and_yarn group across 1 directories with 1 update #4401

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

main

abx-dl-refactor

claude/issue-1688-20251229-2233

claude/s3-support-migration-JZQcf

claude/review-snapshot-archive-RJOkr

claude/review-code-quality-macdO

claude/reduce-chrome-duplication-JgWVr

fix/chrome-args-comma-parsing

claude/issue-668-20251229-2145

claude/issue-1664-20251229-2236

v086

claude/improve-test-suite-xm6Bh

claude/typescript-archivebox-rewrite-011CUmPyEmECnkXwyHRT9RPF

claude/archivebox-schema-orm-comparison-011CUn26GurEpLiBUq4zjVLJ

stable

logfire

plugins-browsertrix

v072

link-removal2

v0.8.6rc1

v0.7.3

v0.8.6rc0

v0.8.5rc53

v0.8.5rc51

v0.8.5rc50

v0.8.5rc49

v0.8.5rc48

v0.8.5rc47

v0.8.5rc46

v0.8.5rc45

v0.8.5rc44

v0.8.5rc43

v0.8.5rc42

v0.8.5rc41

v0.8.5rc40

v0.8.5rc39

v0.8.5rc38

v0.8.5rc37

v0.8.5rc36

v0.8.5rc35

v0.8.5rc34

v0.8.5rc33

v0.8.5rc32

v0.8.5rc31

v0.8.5rc30

v0.8.5rc29

v0.8.5rc28

v0.8.5rc27

v0.8.5rc26

v0.8.5rc25

v0.8.5rc24

v0.8.5rc23

v0.8.5rc22

v0.8.5rc13

v0.8.5rc12

v0.8.5rc11

v0.8.5rc10

v0.8.5rc9

v0.8.5rc8

v0.8.5rc6

v0.8.5rc5

v0.8.5rc4

v0.8.5rc3

v0.8.5rc2

v0.8.5-rc

v0.8.4-rc

v0.8.3-rc

v0.8.2-rc

v0.8.0-rc

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.0

v0.5.6

v0.5.4

v0.5.3

v0.4.24

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.9

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.0

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

expected: maybe someday

  

expected: next release

  

expected: release after next

  

expected: unlikely unless contributed

  

good first ticket

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

scope: all users

  

scope: windows users

  

size: easy

  

size: hard

  

size: medium

  

size: medium

  

status: backlog

  

status: blocked

  

status: done

  

status: idea-phase

  

status: needs followup

  

status: wip

  

status: wontfix

  

touches: API/CLI/Spec

  

touches: configuration

  

touches: data/schema/architecture

  

touches: dependencies/packaging

  

touches: docs

  

touches: js

  

touches: views/replayers/html/css

  

why: correctness

  

why: functionality

  

why: performance

  

why: security

No labels

expected: maybe someday

expected: next release

expected: release after next

expected: unlikely unless contributed

good first ticket

help wanted

pull-request

scope: all users

scope: windows users

size: easy

size: hard

size: medium

size: medium

status: backlog

status: blocked

status: done

status: idea-phase

status: needs followup

status: wip

status: wontfix

touches: API/CLI/Spec

touches: configuration

touches: data/schema/architecture

touches: dependencies/packaging

touches: docs

touches: js

touches: views/replayers/html/css

why: correctness

why: functionality

why: performance

why: security

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ArchiveBox#1354

No description provided.