Skip to content
PERSEUS

LDAP configuration

This part of the configuration requires knowledge of the LDAP server structure of your institution.

LDAP_SERVER_URI required

Section titled “LDAP_SERVER_URI ”
  • Default value: None

A complete URI with following format: scheme://hostname(:port).

Example: ldaps://ldapd.my-university.de

LDAP_BASE_DN required

Section titled “LDAP_BASE_DN ”
  • Default value: None

The base DN of LDAP from where all users and groups can be accessed.

Example: dc=my-university,dc=de

LDAP_BIND_USER_DN recommended

Section titled “LDAP_BIND_USER_DN ”
  • Default value: None

The LDAP bind user must have permissions to perform searches in the LDAP directory.

Leave empty for an anonymous bind.

Example: uid=perseussysuser,cn=sysuser,dc=my-university,dc=de

LDAP_BIND_PASSWORD recommended

Section titled “LDAP_BIND_PASSWORD ”
  • Default value: None

The corresponding password for LDAP_BIND_USER_DN.

LDAP_USE_SSL

Section titled “LDAP_USE_SSL”
  • Default value: True

Enable/Disable LDAP SSL.

LDAP_USER_FILTER

Section titled “LDAP_USER_FILTER”
  • Default value: (&(objectClass=person)(uid={username}))

LDAP user filter to search for a user. Used to search for an user. Make sure to filter out locked users.

{username} will be replaced with the user’s login username.

LDAP_ALLOWED_GROUPS

Section titled “LDAP_ALLOWED_GROUPS”
  • Default value: []

A comma-separated whitelist of LDAP groups which are allowed to login into PERSEUS.

Leave empty for no restriction.

Example: tech-member,allocation-member-group

LDAP_USER_EMAIL_ATTRIBUTE

Section titled “LDAP_USER_EMAIL_ATTRIBUTE”

The preferred email address attribute of a user.

  • Default value: mail

LDAP_USER_FULL_NAME_ATTRIBUTE

Section titled “LDAP_USER_FULL_NAME_ATTRIBUTE”

The full user’s display name attribute.

  • Default value: displayName

LDAP_USER_GROUPS_ATTRIBUTE

Section titled “LDAP_USER_GROUPS_ATTRIBUTE”

The group attributes of which the user is a member.

  • Default value: memberOf

LDAP_CONNECTION_TIMEOUT

Section titled “LDAP_CONNECTION_TIMEOUT”

ldap3.Server() connect timeout. In seconds.

  • Default value: 5

LDAP_RECEIVE_TIMEOUT

Section titled “LDAP_RECEIVE_TIMEOUT”

ldap3.Connection() timeout. In seconds.

  • Default value: 10

LDAP_SSL_SKIP_VERIFY

Section titled “LDAP_SSL_SKIP_VERIFY”

Skip SSL certificate verification. Useful for local development.

  • Default value: False

Example configuration

Section titled “Example configuration”

Minimal configuration

Section titled “Minimal configuration”

Minimal LDAP configuration with using the default values described above.

Terminal window
LDAP_SERVER_URI="ldaps://ldapd.example-university.de"
LDAP_BASE_DN="dc=example-university,dc=de"

Advanced configuration

Section titled “Advanced configuration”
Terminal window
LDAP_SERVER_URI="ldaps://ldapd.example-university.d"
LDAP_BASE_DN="dc=example-university,dc=de"


LDAP_BIND_USER_DN="cn=perseususer,ou=sysuser,dc=example-university,dc=de"
LDAP_BIND_PASSWORD="<BIND_USER_PASSWORD>"


LDAP_USER_FILTER="(&(objectClass=person)(uid={username})(!(pwdAccountLockedTime=*)))"
LDAP_ALLOWED_GROUPS="perseusgroup,operationalstaff"