starred/webvirtmgr
1
0
Fork 0
mirror of https://github.com/retspen/webvirtmgr.git synced 2026-04-25 23:55:57 +03:00
Code Issues 209 Projects Releases 7 Packages Wiki Activity

[GH-ISSUE #109] Improvement: LDAP-Authentification #92

New issue
Closed
opened 2026-02-27 16:01:03 +03:00 by kerem · 10 comments
kerem commented 2026-02-27 16:01:03 +03:00
Owner
Copy link

Originally created by @dennobaby on GitHub (Sep 5, 2013).
Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/109

Hi,

it would be nice to have LDAP-Authentification for WebVirtMgr. We use a big ApacheDS-Directory for authentification on other Services, only WebVirtMgr needs extra Accounts.

Maybe you will implement this in future versions?

Thanks!

Originally created by @dennobaby on GitHub (Sep 5, 2013). Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/109 Hi, it would be nice to have LDAP-Authentification for WebVirtMgr. We use a big ApacheDS-Directory for authentification on other Services, only WebVirtMgr needs extra Accounts. Maybe you will implement this in future versions? Thanks!
kerem closed this issue 2026-02-27 16:01:03 +03:00
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@retspen commented on GitHub (Sep 6, 2013):

Auth for all users, maybe login can only for admins account?

<!-- gh-comment-id:23942292 --> @retspen commented on GitHub (Sep 6, 2013): Auth for all users, maybe login can only for admins account?
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@dennobaby commented on GitHub (Sep 9, 2013):

For example we have a LDAP-Group "admins". It would be nice, if the users in this group could login in to webvirtmgr. It is not necessary to have different UIs for the users/groups. Just authentification for a LDAP-Group so we have not to create every user who should have access to webvirtmgr twice or give them all the same credentials.

<!-- gh-comment-id:24067668 --> @dennobaby commented on GitHub (Sep 9, 2013): For example we have a LDAP-Group "admins". It would be nice, if the users in this group could login in to webvirtmgr. It is not necessary to have different UIs for the users/groups. Just authentification for a LDAP-Group so we have not to create every user who should have access to webvirtmgr twice or give them all the same credentials.
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@kokel commented on GitHub (Oct 30, 2013):

+1 for this feature!

<!-- gh-comment-id:27416691 --> @kokel commented on GitHub (Oct 30, 2013): +1 for this feature!
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@jmarceno commented on GitHub (Feb 28, 2014):

+1 This feature.

<!-- gh-comment-id:36405906 --> @jmarceno commented on GitHub (Feb 28, 2014): +1 This feature.
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@dennobaby commented on GitHub (Mar 1, 2014):

@CamJGaming: maybe YOU don't need this! May other people need something like that. be objective and unbiased, please!

<!-- gh-comment-id:36420759 --> @dennobaby commented on GitHub (Mar 1, 2014): @CamJGaming: maybe YOU don't need this! May other people need something like that. be objective and unbiased, please!
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@dapak commented on GitHub (Mar 1, 2014):

Another +1 for this feature.

<!-- gh-comment-id:36427524 --> @dapak commented on GitHub (Mar 1, 2014): Another +1 for this feature.
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@hogarth-sv commented on GitHub (Mar 31, 2014):

Login based ldap can be added fairly simply ...

First install django-auth-ldap on the system via your preferred method (pip or pyp2rpm and build and RPM to install or similar) and then add to settings.py as follows:

from django_auth_ldap.config import LDAPSearch,GroupOfUniqueNamesType
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_GLOBAL_OPTIONS = {
  ldap.OPT_X_TLS_REQUIRE_CERT: True,
  ldap.OPT_X_TLS_DEMAND: True,
  ldap.OPT_REFERRALS: False,
  ldap.OPT_X_TLS_CACERTDIR: "/etc/pki/tls/certs/",
}
AUTH_LDAP_SERVER_URI = "ldaps://ldapserverhostname.example.com"
AUTH_LDAP_BIND_DN = "uid=binduser,ou=systemusers,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "<ldapbindpassword>"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com",
    ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=example,dc=com",
    ldap.SCOPE_SUBTREE, "(objectClass=groupOfUniqueNames)"
)
AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": ["cn=grouptopermit1,ou=groups,dc=example,dc=com", "cn=grouptopermit2,ou=groups,dc=example,dc=com"],
    "is_staff": "cn=grouptopermit2,ou=groups,dc=example,dc=com",
    "is_superuser": "cn=grouptopermit2,ou=groups,dc=example,dc=com"
}

In this example LDAPS is required to encrypt the login to the LDAP server - make sure the CA cert (or the LDAP SSL cert) is considered valid by your system when using this method. If SSL verification is not required then set the options to allow self certs as required:

http://python-ldap.org/doc/html/ldap.html#tls-options

The two groups listed in the is_active list is the groups that can log into (and change since the app currently only checks is_authenticated and not permissions) webvirtmgr with the second group also having permissions in the django admin interface (if you have enabled it).

There's further information at the django ldap auth site if you need it:

http://pythonhosted.org/django-auth-ldap/

<!-- gh-comment-id:39095153 --> @hogarth-sv commented on GitHub (Mar 31, 2014): Login based ldap can be added fairly simply ... First install django-auth-ldap on the system via your preferred method (pip or pyp2rpm and build and RPM to install or similar) and then add to settings.py as follows: ``` from django_auth_ldap.config import LDAPSearch,GroupOfUniqueNamesType AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', ) AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: True, ldap.OPT_X_TLS_DEMAND: True, ldap.OPT_REFERRALS: False, ldap.OPT_X_TLS_CACERTDIR: "/etc/pki/tls/certs/", } AUTH_LDAP_SERVER_URI = "ldaps://ldapserverhostname.example.com" AUTH_LDAP_BIND_DN = "uid=binduser,ou=systemusers,dc=example,dc=com" AUTH_LDAP_BIND_PASSWORD = "<ldapbindpassword>" AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=groupOfUniqueNames)" ) AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType() AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": ["cn=grouptopermit1,ou=groups,dc=example,dc=com", "cn=grouptopermit2,ou=groups,dc=example,dc=com"], "is_staff": "cn=grouptopermit2,ou=groups,dc=example,dc=com", "is_superuser": "cn=grouptopermit2,ou=groups,dc=example,dc=com" } ``` In this example LDAPS is required to encrypt the login to the LDAP server - make sure the CA cert (or the LDAP SSL cert) is considered valid by your system when using this method. If SSL verification is not required then set the options to allow self certs as required: http://python-ldap.org/doc/html/ldap.html#tls-options The two groups listed in the is_active list is the groups that can log into (and change since the app currently only checks is_authenticated and not permissions) webvirtmgr with the second group also having permissions in the django admin interface (if you have enabled it). There's further information at the django ldap auth site if you need it: http://pythonhosted.org/django-auth-ldap/
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@retspen commented on GitHub (Apr 15, 2014):

https://github.com/retspen/webvirtmgr/wiki/Enable-LDAP

<!-- gh-comment-id:40468995 --> @retspen commented on GitHub (Apr 15, 2014): https://github.com/retspen/webvirtmgr/wiki/Enable-LDAP
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@dennobaby commented on GitHub (Apr 15, 2014):

Nice :) I will test it today and report!

<!-- gh-comment-id:40469211 --> @dennobaby commented on GitHub (Apr 15, 2014): Nice :) I will test it today and report!
kerem commented 2026-02-27 16:37:52 +03:00
Author
Owner
Copy link

@dennobaby commented on GitHub (Apr 15, 2014):

Hi,

in the settings.py is the line "import ldap" also required!
By the way, i use PosixGroup. If someone needs an example:

import ldap
from django_auth_ldap.config import LDAPSearch, PosixGroupType

AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

AUTH_LDAP_GLOBAL_OPTIONS = {
  ldap.OPT_X_TLS_REQUIRE_CERT: False,
  ldap.OPT_X_TLS_DEMAND: True,
  ldap.OPT_REFERRALS: False,
  ldap.OPT_X_TLS_CACERTDIR: "/etc/pki/tls/certs/",
}
AUTH_LDAP_SERVER_URI = "ldap://10.0.1.6:10389"
AUTH_LDAP_BIND_DN = "uid=admin,ou=system"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,o=company",
    ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,o=company",
    ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"
)
AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr='cn')

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": ["cn=nda,ou=groups,o=company"],
    "is_staff": "cn=nda,ou=groups,o=company",
    "is_superuser": "cn=nda,ou=groups,o=company"
}
<!-- gh-comment-id:40477369 --> @dennobaby commented on GitHub (Apr 15, 2014): Hi, in the settings.py is the line "import ldap" also required! By the way, i use PosixGroup. If someone needs an example: ``` import ldap from django_auth_ldap.config import LDAPSearch, PosixGroupType AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', ) AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: False, ldap.OPT_X_TLS_DEMAND: True, ldap.OPT_REFERRALS: False, ldap.OPT_X_TLS_CACERTDIR: "/etc/pki/tls/certs/", } AUTH_LDAP_SERVER_URI = "ldap://10.0.1.6:10389" AUTH_LDAP_BIND_DN = "uid=admin,ou=system" AUTH_LDAP_BIND_PASSWORD = "password" AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,o=company", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,o=company", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)" ) AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr='cn') AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": ["cn=nda,ou=groups,o=company"], "is_staff": "cn=nda,ou=groups,o=company", "is_superuser": "cn=nda,ou=groups,o=company" } ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v4.8.9
v4.8.8
4.8.7
v4.1.0
v4.0.1
v3.0.0
v2.3.2
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
wontfix
No labels
bug
pull-request
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/webvirtmgr#92
No description provided.