# django-auth-ldap Integration Notes
## Overview
1. Setup LDAP (details below)
2. Enable pulpcore to use django-auth-ldap
## Setup LDAP
Run [openLDAP in a container](https://github.com/osixia/docker-openldap) with podman.
It's easy to run on the same system as Pulp, but it could be on another system too.
When starting the container you'll need to use `sudo` due to port<1024 requiring root perms.
#### Start the container
Run this:
`sudo podman run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.3.0`
This will create an openLDAP container that has a user `cn=admin,dc=example,dc=org` with the password `admin` (the container defaults).
#### Read some data out of ldap using ldapsearch
You can run the `ldapsearch` command to show the state of ldap's data. This is run using `podman exec`:
`sudo podman exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin`
You could also run the `ldapsearch` command outside of the contianer also like this:
`sudo dnf install /usr/bin/ldapsearch`
`ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin`
#### Populate some organization units into ldap
This will create an Organization Unit for "users" and "groups".
Create a file named ou.ldif with these contents:
```
dn: ou=users,dc=example,dc=org
objectClass: organizationalUnit
ou: users
dn: ou=groups,dc=example,dc=org
objectClass: organizationalUnit
ou: groups
```
Add that data to ldap with:
`ldapadd -x -H ldap://localhost -D "cn=admin,dc=example,dc=org" -w admin -f ~/devel/ldap/ou.ldif`
#### Populate some users into ldap
This will populate three users: Alice, Bob, and Eve.
Create a file named users.ldif with these contents:
```
dn: uid=alice,ou=users,dc=example,dc=org
changetype: add
objectClass: inetOrgPerson
givenName: Alice
sn: Smith
mail: alice@example.com
cn: Alice Smith
uid: alice
dn: uid=bob,ou=users,dc=example,dc=org
changetype: add
objectClass: inetOrgPerson
givenName: Bob
sn: Traveller
mail: bob@example.com
cn: Bob Traveller
uid: bob
dn: uid=eve,ou=users,dc=example,dc=org
changetype: add
objectClass: inetOrgPerson
givenName: Eve
sn: Evil
mail: eve@example.com
cn: Eve Evil
uid: eve
```
Add that data to ldap with:
`ldapadd -x -H ldap://localhost -D "cn=admin,dc=example,dc=org" -w admin -f ~/devel/ldap/users.ldif`
#### Populate a group into ldap
This will populate one group users: fileGlobalAdmin
Create a file named group.ldif with these contents:
```
dn: cn=fileGlobalAdmin,ou=groups,dc=example,dc=org
cn: fileGlobalAdmin
gidnumber: 10004
memberuid: alice
objectclass: posixGroup
objectclass: top
```
Add that data to ldap with:
`ldapadd -x -H ldap://localhost -D "cn=admin,dc=example,dc=org" -w admin -f ~/devel/ldap/users.ldif`
#### Set the passwords for the 3 users:
This set's the password for `alice` to `alice`, `bob` to `bob`, and `eve` to `eve` for simplicity.
```
ldappasswd -s alice -D "cn=admin,dc=example,dc=org" -x "uid=alice,ou=users,dc=example,dc=org" -w admin
ldappasswd -s bob -D "cn=admin,dc=example,dc=org" -x "uid=bob,ou=users,dc=example,dc=org" -w admin
ldappasswd -s eve -D "cn=admin,dc=example,dc=org" -x "uid=eve,ou=users,dc=example,dc=org" -w admin
```
## Enable Pulp to connect to this ldap
1. Use this branch: https://github.com/pulp/pulpcore/compare/master...bmbouter:ldap-integration
It's designed to work with the data populated by ^ files.
2. Restart Pulp services
#### Have the users/groups populated into Django by logging in with each
Remove your ~/.netrc if you have one, then use the `Authorization` header on each API command.
```
http localhost/pulp/api/v3/remotes/file/file/ 'Authorization: Basic YWxpY2U6YWxpY2U='
http localhost/pulp/api/v3/remotes/file/file/ 'Authorization: Basic Ym9iOmJvYg=='
http localhost/pulp/api/v3/remotes/file/file/ 'Authorization: Basic ZXZlOmV2ZQ=='
```
Alice's is: 'Authorization: Basic YWxpY2U6YWxpY2U='
Bob's is: 'Authorization: Basic Ym9iOmJvYg=='
Eve's is: 'Authorization: Basic ZXZlOmV2ZQ=='
Sign in with Wallet
Connect another wallet