Active Directory Integration¶
IScorE has the ability to authenticate users against an Active Directory domain. In order to activate and configure the
integration, several things need to be set in your
localsettings.py. They are described below.
- The FQDN or IP address of your domain controller. (Ex. “ad.iserink.org”)
- If your DC is not listing on the standard LDAP port, you will need to set this value. If using SSL, you will need to set this to 636 if using the default LDAPS port.
- Set this to
'ldap://%s:%s' % (AD_DNS_NAME, AD_LDAP_PORT)'; replace the protocol with
ldapsif using SSL.
- Set this to the DN of your domain. (Ex. “dc=iserink,dc=org”)
- Set this to the NT4 version of your domain. (Ex. “ISERINK”)
- A list of all ad groups that should get super user status in IScorE. ‘Domain Admins’ by default.
- A list of all ad groups that should be able to login to IScorE. Defaults to the value of
AD_MEMBERSHIP_ADMINplus “CDCUsers”, “Green”, “White”, and “Red”. Does need to be set again if
- A list of ad groups that will be considered White team. Defaults to “White”.
- A list of ad groups that will be considered Green team. Defaults to “Green”.
- A list of ad groups that will be considered Green team leaders. Defaults to “GreenAdmin”.
- A list of ad groups that will be considered Red team. Defaults to “Red”.
- The prefix for groups that will be considered Blue team. Defaults to “Blue”.
- In order to use the AD integration,
auth.ActiveDirectoryAuthenticationBackendshould be listed first in this setting.
The AD integration assumes that you have a group for each team that followings the pattern “AD_BLUE_GROUP_PREFIX #” (Ex. Blue 1, Blue 2, etc.).