LDAPSettings#
- pydantic model gafaelfawr.config.LDAPSettings#
pydantic model of LDAP configuration.
- Parameters:
data (
Any) –
Show JSON schema
{ "title": "LDAPSettings", "description": "pydantic model of LDAP configuration.", "type": "object", "properties": { "url": { "title": "Url", "type": "string" }, "userDn": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Userdn" }, "useKerberos": { "default": false, "title": "Usekerberos", "type": "boolean" }, "passwordFile": { "anyOf": [ { "format": "path", "type": "string" }, { "type": "null" } ], "default": null, "title": "Passwordfile" }, "groupBaseDn": { "title": "Groupbasedn", "type": "string" }, "groupObjectClass": { "default": "posixGroup", "title": "Groupobjectclass", "type": "string" }, "groupMemberAttr": { "default": "member", "title": "Groupmemberattr", "type": "string" }, "userBaseDn": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Userbasedn" }, "userSearchAttr": { "default": "uid", "title": "Usersearchattr", "type": "string" }, "nameAttr": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": "displayName", "title": "Nameattr" }, "emailAttr": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": "mail", "title": "Emailattr" }, "uidAttr": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Uidattr" }, "gidAttr": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Gidattr" }, "addUserGroup": { "default": false, "title": "Addusergroup", "type": "boolean" } }, "required": [ "url", "groupBaseDn" ] }
- Fields:
- field addUserGroup: bool = False (name 'add_user_group')#
Whether to synthesize a user private group with GID matching UID.
If set to True, synthesize a group for the user whose name and GID matches the username and UID, adding it to the group list without requiring it to appear in LDAP.
- field emailAttr: str | None = 'mail' (name 'email_attr')#
LDAP email attribute.
The attribute from which the user’s email address should be taken, or None to not look up email addresses. This should normally be
mail.
- field gidAttr: str | None = None (name 'gid_attr')#
LDAP GID attirbute.
If set, the user’s primary GID will be taken from this sttribute. If GID lookups are desired, this should usually be
gidNumber, as specified in RFC 2307 and RFC 2307bis. If not set, the primary GID will match the UID ifadd_user_groupis true, and otherwise will not be set.
- field groupBaseDn: str [Required] (name 'group_base_dn')#
Base DN to use when executing an LDAP search for user groups.
- field groupMemberAttr: str = 'member' (name 'group_member_attr')#
LDAP group member attribute.
memberuidin RFC 2307 andmemberin RFC 2307bis.
- field groupObjectClass: str = 'posixGroup' (name 'group_object_class')#
LDAP group object class.
Usually
posixGroup, as specified in RFC 2307 and RFC 2307bis.
- field nameAttr: str | None = 'displayName' (name 'name_attr')#
LDAP full name attribute.
The attribute from which the user’s full name will be taken, or None to not look up full names. This should normally be
displayName, but sometimes it may be desirable to use a different name attribute. This should hold the whole name that should be used by the Science Platform, not just a surname or family name (which are not universally valid concepts anyway).
- field passwordFile: Path | None = None (name 'password_file')#
File containing simple bind password for the LDAP server.
- field uidAttr: str | None = None (name 'uid_attr')#
LDAP UID attribute.
If set, the user’s UID will be taken from this sttribute. If UID lookups are desired, this should usually be
uidNumber, as specified in RFC 2307 and RFC 2307bis.
- field url: str [Required]#
LDAP server URL.
Use the
ldapsscheme if you’re using TLS. Only anonymous binds are supported.
- field useKerberos: bool = False (name 'use_kerberos')#
Whether to use Kerberos GSSAPI binds.
If both this and
user_dnare set, simple binds take precedence. This allows triggering all of the other Kerberos handling while still using simple binds instead of GSSAPI binds, to make testing easier.
- field userBaseDn: str | None = None (name 'user_base_dn')#
Base DN to use to search for user information.
If set, the base DN used to search for the user record, from which other information such as full name, email, and (if configured) numeric UID will be retrieved.
- field userDn: str | None = None (name 'user_dn')#
Simple bind user DN for the LDAP server.
- field userSearchAttr: str = 'uid' (name 'user_search_attr')#
Search attribute for finding the user record.
This attribute must hold the username of the user that Gafaelfawr knows them by. Used if
user_base_dnis set. The default isuid, which is the LDAP convention for the attribute holding the username.
- model_dump(**kwargs)#
Export the model as a dictionary.
Overridden to change the default of
by_aliasfrom False to True, so that by default the exported dictionary uses camel-case.