Active Directory Integration

IScorE has the ability to authenticate users against an Active Directory domain. In order to activate and configure the integration, several things need to be set in your localsettings.py. They are described below.

AD_DNS_NAME

The FQDN or IP address of your domain controller. (Ex. “ad.iserink.org”)

AD_LDAP_PORT

If your DC is not listing on the standard LDAP port, you will need to set this value. If using SSL, you will need to set this to 636 if using the default LDAPS port.

AD_LDAP_URL

Set this to 'ldap://%s:%s' % (AD_DNS_NAME, AD_LDAP_PORT)'; replace the protocol with ldaps if using SSL.

AD_SEARCH_DN

Set this to the DN of your domain. (Ex. “dc=iserink,dc=org”)

AD_NT4_DOMAIN

Set this to the NT4 version of your domain. (Ex. “ISERINK”)

AD_MEMBERSHIP_ADMIN

A list of all ad groups that should get super user status in IScorE. ‘Domain Admins’ by default.

AD_MEMBERSHIP_REQ

A list of all ad groups that should be able to login to IScorE. Defaults to the value of AD_MEMBERSHIP_ADMIN plus “CDCUsers”, “Green”, “White”, and “Red”. Does need to be set again if AD_MEMBERSHIP_ADMIN has changed.

AD_WHITE_GROUP

A list of ad groups that will be considered White team. Defaults to “White”.

AD_GREEN_GROUP

A list of ad groups that will be considered Green team. Defaults to “Green”.

AD_GREEN_ADMIN_GROUP

A list of ad groups that will be considered Green team leaders. Defaults to “GreenAdmin”.

AD_RED_GROUP

A list of ad groups that will be considered Red team. Defaults to “Red”.

AD_BLUE_GROUP_PREFIX

The prefix for groups that will be considered Blue team. Defaults to “Blue”.

AUTHENTICATION_BACKENDS

In order to use the AD integration, auth.ActiveDirectoryAuthenticationBackend should be listed first in this setting.

AD_PW_CHANGE_URL

If specified, all LDAP users’ profile page will show this link instead of a password reset button.

AD_PW_CHANGE_INSTRUCTION

If not using AD_PW_CHANGE_URL, you can give users instructions on how to change their passwords. If neither option is selected, the text “Please content White Team for password changes” will be displayed to LDAP users on their profile pages instead of a password change button.

LOGIN_DOMAIN

The domain to show on the login page. Defaults to “iseage.org”.

Assumptions

The AD integration assumes that you have a group for each team that followings the pattern “AD_BLUE_GROUP_PREFIX #” (Ex. Blue 1, Blue 2, etc.).