Add instruction to enable LDAP auth
See original GitHub issueI see LDAP only in user_guide.md
Probably it is related to django-auth-ldap
Issue Analytics
- State:
- Created 5 years ago
- Comments:21 (13 by maintainers)
Top Results From Across the Web
How to enable LDAP signing - Windows Server - Microsoft Learn
Select Start > Run, type mmc.exe, and then select OK. · Select File > Add/Remove Snap-in. · In the Add or Remove Snap-ins...
Read more >Configure LDAP Authentication - WatchGuard Technologies
Configure LDAP ; Click the Authentication Servers icon . Or, select Setup > Authentication > Authentication Servers. The Authentication Servers dialog box opens....
Read more >13.7. Configuring a System to Authenticate Using OpenLDAP
To do this, run the Authentication Configuration Tool (system-config-authentication) and select Enable LDAP Support under the User Information tab. If editing / ...
Read more >Enable LDAP authentication with the Element user interface
Enable LDAP authentication with the Element user interface · Click Cluster > LDAP. · Click Yes to enable LDAP authentication. · Click Add...
Read more >How to enable LDAP authentication - GoCanvas Help Center
Enabling LDAP authentication for your account allows you to leverage your existing Active Directory or other LDAP server infrastructure...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
It is necessary because it is how CVAT will determine if the user has admin, user, annotator or observer roles. In case of basic authorization you do it manually in
admin
panel. In case of LDAP,admin
panel can not be used anymore for specifying roles (you can but such settings will be reseted after LDAP cache is reinitialized) as far as I remember.Ok this information is pretty far out of date. Configuration settings, environment variables and flow have all changed from 2.x. Here is what I did to get it to work.
We need override several settings in the
./cvat/settings/base.py
that isn’t listed here.Make a
docker-compose.override.yml
in your./cvat/
folder (where your docker-compose.yml file is).Create a
settings.py
file in your./cvat
folder (same directory as above)Key things we need to override in
settings.py
areIAM_TYPE = 'LDAP'
andDJANGO_AUTH_LDAP_GROUPS
Here is my full working settings.py file (with my LDAP services redacted)
Three notable changes
IAM_TYPE = 'LDAP'
,AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
(I’m using FreeIPA so we have to use GroupOfNames), andDJANGO_AUTH_LDAP_GROUPS = {"admin": AUTH_LDAP_ADMIN_GROUPS, "business": AUTH_LDAP_WORKER_GROUPS, "user": AUTH_LDAP_USER_GROUPS, "worker":AUTH_LDAP_BUSINESS_GROUPS}
.DJANGO_AUTH_LDAP_GROUPS
admin
,business
,user
,worker
is coming fromIAM_ROLES = [IAM_ADMIN_ROLE, 'business', 'user', 'worker']
in./cvat/settings/base.py
in the code it “matches” based on the keywords inIAM_ROLES
. TheAUTH_LDAP_ADMIN_GROUPS
,AUTH_LDAP_WORKER_GROUPS
,AUTH_LDAP_USER_GROUPS
,AUTH_LDAP_BUSINESS_GROUPS
need to be added toDJANGO_AUTH_LDAP_GROUPS
list depending on your groups. If you want to add more groups, just add more in your settings.py file. Hopefully this helps someone else for v2.x+. This works for me for CVAT v2.1.