LDAP

New in version 0.10.

Ganeti Web Manager supports LDAP authentication through the use of django-auth-ldap and python-ldap. A fabric command has been written to easily handle enabling and disabling LDAP support.

Dependencies

In order to use python-ldap a couple of system level packages need to be installed first.

For a Debian based systems:

• libldap2-dev
• libsasl2-dev

For a Red Hat based systems:

• openldap-devel

Deploying

To deploy Ganeti Web Manager with LDAP

1. Copy ldap_settings.py.dist to ldap_settings.py.

   $ cd ganeti_webmgr/ganeti_web/settings
   $ cp ldap_settings.py.dist ldap_settings.py
   

2. Change ldap_settings.py to fit your LDAP configuration.

   $ vi ldap_settings.py
   

   Note

   ldap_settings.py.dist has been thoroughly commented so that external documentation shouldn’t be needed. If you have specific questions about options or want an overview of the package, please consult the django-auth-ldap documentation.

3. Install the LDAP-specific requirements.

$ pip install -r requirements/ldap.txt # in root of repository

Disabling

If you would like to later disable LDAP support, all that is required is to remove your ldap_settings file:

$ cd ganeti_webmgr/ganeti_web/settings
$ rm ldap_settings.py

Note

This will not remove django-auth-ldap and python-ldap, nor the the system specific dependencies. If you want to remove these, use pip and your system’s package manager.