If you plan to configure authentication using LDAPS instead of LDAP there are 3 extra
steps in the configuration that need to be considered.
-
Update the LDAP Server URI and port to use LDAPS protocol.
AUTH_LDAP_SERVER_URI = "ldaps://ad-readonly.sjc.cloudera.com:636"
-
Uncomment this section and add a valid path to a SSL certificate file.
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_CACERTFILE: "/path/to/bla.cert", # Point to CA Cert file
ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, # Disable cert checking
}
-
[Optional] Enable TLS if not already running