{"id":19974585,"url":"https://github.com/elan-ev/leihs-ldap-authenticator","last_synced_at":"2025-05-04T02:32:51.107Z","repository":{"id":60380078,"uuid":"533438682","full_name":"elan-ev/leihs-ldap-authenticator","owner":"elan-ev","description":"LDAP based authentication handler for Leihs","archived":false,"fork":false,"pushed_at":"2023-06-20T12:59:13.000Z","size":508,"stargazers_count":0,"open_issues_count":4,"forks_count":3,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-04-30T21:13:54.175Z","etag":null,"topics":["authentication","hacktoberfest","ldap","leihs"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elan-ev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2022-09-06T17:45:54.000Z","updated_at":"2022-10-09T23:07:33.000Z","dependencies_parsed_at":"2023-02-19T17:00:39.074Z","dependency_job_id":null,"html_url":"https://github.com/elan-ev/leihs-ldap-authenticator","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elan-ev%2Fleihs-ldap-authenticator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elan-ev%2Fleihs-ldap-authenticator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elan-ev%2Fleihs-ldap-authenticator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elan-ev%2Fleihs-ldap-authenticator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elan-ev","download_url":"https://codeload.github.com/elan-ev/leihs-ldap-authenticator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252279082,"owners_count":21722835,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","hacktoberfest","ldap","leihs"],"created_at":"2024-11-13T03:15:28.532Z","updated_at":"2025-05-04T02:32:50.613Z","avatar_url":"https://github.com/elan-ev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Leihs LDAP Authenticator\n\n[![GPLv3+ license](https://img.shields.io/github/license/elan-ev/leihs-ldap-authenticator)\n](https://github.com/elan-ev/leihs-ldap-authenticator/blob/main/LICENSE)\n[![PyPI](https://img.shields.io/pypi/v/leihs-ldap-authenticator?color=blue)\n](https://pypi.org/project/leihs-ldap-authenticator/)\n![Status: Beta](https://img.shields.io/badge/status-beta-yellow)\n\nLDAP based authentication handler for [Leihs](https://github.com/leihs/leihs).\n\n![Leihs Login Process](leihs-ldap-login.gif)\n\n## Features\n\n- Provides __LDAP authentication__ for [Leihs](https://github.com/leihs/leihs) 6.x.\n\n  When users want to log in, Leihs will redirect them to this authentication handler where they can authenticate themselves using an LDAP backend\n\n- Automatically __create new users__ in Leihs when they first log in.\n\n  When logging in, users must be registered with Leihs.\n  The LDAP authenticator takes care of this automatically when the user first logs in.\n\n- Register or log-in __via email address or username__.\n\n  Users can log in via username or email address.\n  For technical details about how LDAP users are mapped, see [LDAP Username Mapping](#ldap-username-mapping) below.\n\n- Automatic __group assignment__ based on LDAP attributes.\n\n  When creating the users, they can be assigned to groups in Leihs based on their LDAP attributes. Groups will be automatically created if they do not yet exist.\n\n- Provides __automatic configuration__ of the Leihs authentication system.\n\n  The authenticator will automatically register itself in Leihs.\n\n## Getting Started\n\n1. Install the tool via pip:\n\n   ```\n   ❯ pip install leihs-ldap-authenticator\n   ```\n\n2. Download and edit the [example configuration](https://github.com/elan-ev/leihs-ldap-authenticator/blob/main/leihs-ldap.yml).\n   The configuration keys are documented in the file:\n\n   ```\n   ❯ wget https://github.com/elan-ev/leihs-ldap-authenticator/blob/main/leihs-ldap.yml\n   ```\n\n3. Run the tool:\n\n   ```\n   ❯ python -m leihsldap -c /path/to/leihs-ldap.yml\n   ```\n\n\tThe tool should automatically register itself in Leihs.\n\n### Development Version\n\nIf you want to work with the development version instead,\nyou can just clone this repository, install the requirements\nand run the project from the root repository path:\n\n```\n❯ pip install -r requirements.txt\n❯ python -m leihsldap\n * Serving Flask app 'leihsldap.web'\n * Debug mode: off\n * Running on http://127.0.0.1:5000\n```\n\n## Production Deployment\n\nWhile you can just start and test the authenticator with the built-in web server,\nusing this is _not_ safe for production.\nFor a production deployment, use a WSGI server like [Gunicorn](https://gunicorn.org/).\nA basic example of running this application with Gunicorn is:\n\n```\n❯ gunicorn --config=/path/to/gunicorn.conf.py leihsldap.web:app\n```\n\nFor a systemd unit to turn leisldap into a service and for an example Gunicorn configuration file, take a look at the `init` folder:\n\n- Example [systemd unit](init/leihsldap.service)\n- Example [Gunicorn configuration](init/gunicorn.conf.py)\n\n## Ansible\n\nTo run the authenticator in production you can use our [ansible role](https://github.com/elan-ev/leihs_ldap_authenticator).\n\n## Technical Notes\n\n### LDAP Username Mapping\n\nIf a user does not yet exist in Leihs, the system will always transfer the user input as an email address to the authenticator, regardless of it actually being a valid email address.\n\nTo circumvent this, the authenticator will treat the input up to the first `@` character as username and use this for the LDAP login.\n\nOnce registered, Leihs will also transfer the login field which is used from there on for authentication.\n\n### Update of Data in Leihs\n\nAs a general rule, the authenticator will only ever create,\nbut never update data in Leihs.\nIf you want updated data in Leihs,\neither update this manually,\nor remove the resource to have it recreated with new data.\n\nThis applies to:\n\n- Authentication system\n- Groups\n- Users\n\nThis also means that you can update data if you need to.\nFor example, you can add users to additional groups without the authentication system interfering (potentially removing them again).\n\n## Support\n\nThis project is free software. It was initially developed by [ELAN e.V.](https://elan-ev.de) for [Osnabrück University](https://uos.de). We hope that this is helpful, and you can use this as well.\n\nIf you need commercial support installing this tool or want to commission further development you aren't able to do yourself, please [contact the ELAN e.V.](https://elan-ev.de)\n\n## Development\n\nTo cut a new release:\n\n1. Update the version in [setup.py](setup.py), commit changes, create pull request and merge\n1. Update the `main` branch locally and create a release tag: `git tag -s v0.4`\n1. Push the tag upstream: `git push upstream v0.4:v0.4`\n1. Create a [new release on GitHub](https://github.com/elan-ev/leihs-ldap-authenticator/releases/new).\n1. Build Python package and upload it to [pypi.org](https://pypi.org): `python setup.py sdist; twine upload dist/leihs-ldap-authenticator-0.2.tar.gz`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felan-ev%2Fleihs-ldap-authenticator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felan-ev%2Fleihs-ldap-authenticator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felan-ev%2Fleihs-ldap-authenticator/lists"}