How to add LDAP & Active Directory Authentication to Mayan 4.4.5 direct deployment

kapitanspaulding · March 17, 2023, 1:32pm

Hello,
I need help with configure Active Directory in Mayan 4.4.5 “direct deployment”.
Regards,
KS

roberto.rosario · March 22, 2023, 1:55am

Hi,

The first thing you need to do is switch to a Docker Compose installation. Direct deployment is deprecated and requires advanced experience with Python, Django, and Linux.

Active Directory/LDAP authentication requires additional Python and Linux packages which are already included in the Docker image.

mgerges · August 25, 2023, 6:54pm

I need help with the same thing in LDAP, I have it working perfectly on version 3 here is the code that currently working

Do I need to generate a new Secret Key for the new deployment?
I copied the database and everything over to the newer version.

Here is where the ldap_settings.py is located /opt/mayan-edms/media/mayan_settings

LDAP FILE
from future import absolute_import

from mayan.settings.production import *

import ldap
from django_auth_ldap.config import (
LDAPSearch, LDAPSearchUnion, NestedActiveDirectoryGroupType
)

from django.contrib.auth import get_user_model

SECRET_KEY = ‘’

makes sure this works in Active Directory

ldap.set_option(ldap.OPT_REFERRALS, 0)

Turn of debug output, turn this off when everything is working as expected

ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)

This is the default, but I like to be explicit.

AUTH_LDAP_ALWAYS_UPDATE_USER = True

LDAP_USER_AUTO_CREATION = “False”

LDAP_URL = “ldap://”
LDAP_BASE_DN = “DC=usit,DC=com”
LDAP_ADMIN_DN = “CN=,OU=,DC=usit,DC=com”
LDAP_PASSWORD = “”

AUTH_LDAP_SERVER_URI = LDAP_URL
AUTH_LDAP_BIND_DN = LDAP_ADMIN_DN
AUTH_LDAP_BIND_PASSWORD = LDAP_PASSWORD

AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch(
‘OU=WebDevelopment,DC=USIT,DC=com’,
ldap.SCOPE_SUBTREE,‘(samaccountname=%(user)s)’
),
LDAPSearch(
‘OU=Information Technology,DC=USIT,DC=com’,
ldap.SCOPE_SUBTREE,‘(samaccountname=%(user)s)’
),
LDAPSearch(
‘OU=Service Accounts,DC=USIT,DC=com’,
ldap.SCOPE_SUBTREE,‘(samaccountname=%(user)s)’
),
LDAPSearch(
‘OU=Environmental,DC=USIT,DC=com’,
ldap.SCOPE_SUBTREE,‘(samaccountname=%(user)s)’
),
LDAPSearch(
‘OU=Fish & Wildlife,DC=USIT,DC=com’,
ldap.SCOPE_SUBTREE,‘(samaccountname=%(user)s)’
),
LDAPSearch(
‘OU=Law,DC=USIT,DC=com’,
ldap.SCOPE_SUBTREE,‘(samaccountname=%(user)s)’
),

)

AUTH_LDAP_USER_ATTR_MAP = {
‘first_name’: ‘givenName’,
‘last_name’: ‘sn’,
‘email’: ‘mail’
}
AUTHENTICATION_BACKENDS = (
‘django_auth_ldap.backend.LDAPBackend’,
‘django.contrib.auth.backends.ModelBackend’,
‘mayan.media.mayan_settings.ldaplogin.EmailOrUsernameModelBackend’,
)

class EmailOrUsernameModelBackend(object):
“”"
This is a ModelBacked that allows authentication with either a username or $
“”"
def authenticate(self, username=None, password=None):
if ‘@’ in username:
kwargs = {‘email’: username}
else:
kwargs = {‘username’: username}
try:
user = get_user_model().objects.get(**kwargs)
if user.check_password(password):
return user
except get_user_model().DoesNotExist:
return None

def get_user(self, username):
    try:
        return get_user_model().objects.get(pk=username)
    except get_user_model().DoesNotExist:
        return None

Mayan CONF file settings
environment=
PYTHONPATH=“/opt/mayan-edms/media/user_settings”,
MAYAN_ALLOWED_HOSTS=‘[“*”]’,
MAYAN_MEDIA_ROOT=“/opt/mayan-edms/media”,
MAYAN_PYTHON_BIN_DIR=/opt/mayan-edms/bin/,
MAYAN_GUNICORN_BIN=/opt/mayan-edms/bin/gunicorn,
MAYAN_GUNICORN_LIMIT_REQUEST_LINE=4094,
MAYAN_GUNICORN_MAX_REQUESTS=500,
MAYAN_GUNICORN_REQUESTS_JITTER=50,
MAYAN_GUNICORN_TEMPORARY_DIRECTORY=“”,
MAYAN_GUNICORN_TIMEOUT=120,
MAYAN_GUNICORN_WORKER_CLASS=sync,
MAYAN_GUNICORN_WORKERS=3,
MAYAN_SETTINGS_MODULE=mayan.settings.production,
MAYAN_WORKER_A_CONCURRENCY=“”,
MAYAN_WORKER_A_MAX_MEMORY_PER_CHILD=“–max-memory-per-child=300000”,
MAYAN_WORKER_A_MAX_TASKS_PER_CHILD=“–max-tasks-per-child=100”,
MAYAN_WORKER_B_CONCURRENCY=“”,
MAYAN_WORKER_B_MAX_MEMORY_PER_CHILD=“–max-memory-per-child=300000”,
MAYAN_WORKER_B_MAX_TASKS_PER_CHILD=“–max-tasks-per-child=100”,
MAYAN_WORKER_C_CONCURRENCY=“”,
MAYAN_WORKER_C_MAX_MEMORY_PER_CHILD=“–max-memory-per-child=300000”,
MAYAN_WORKER_C_MAX_TASKS_PER_CHILD=“–max-tasks-per-child=100”,
MAYAN_WORKER_D_CONCURRENCY=“–concurrency=1”,
MAYAN_WORKER_D_MAX_MEMORY_PER_CHILD=“–max-memory-per-child=300000”,
MAYAN_WORKER_D_MAX_TASKS_PER_CHILD=“–max-tasks-per-child=10”,
_LAST_LINE=“”

Thank you