Using LDAPS

If you plan to configure authentication using LDAPS instead of LDAP there are 3 extra steps in the configuration that need to be considered.

  1. Update the LDAP Server URI and port to use LDAPS protocol.
    
                            AUTH_LDAP_SERVER_URI = "ldaps://ad-readonly.sjc.cloudera.com:636"
                        
  2. Uncomment this section and add a valid path to a SSL certificate file.
    
                            AUTH_LDAP_GLOBAL_OPTIONS = {
                            ldap.OPT_X_TLS_CACERTFILE: "/path/to/bla.cert", # Point to CA Cert file
                            ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, # Disable cert checking
                            }                        
                        
  3. [Optional] Enable TLS if not already running