Active Directory

Using an existing Active Directory server to do your user authentication is a great way to simply the management of users for your QATrack+ system. It’s especially convenient for your users that they don’t have to remember “yet another password” and can simply use their network logon. QATrack+ comes with an Active Directory backend and it’s configuration will be described below.

Installation of python-ldap

Windows

If you happen to be on a Windows system with Visual Studio installed, you should just be able to do pip install python-ldap and have the latest version of the pyldap package installed. Otherwise, there are binaries available on this page: https://www.lfd.uci.edu/~gohlke/pythonlibs/#python-ldap. Download the binary relevant to your Python 3 installation (e.g. python_ldap‑3.3.1‑cp36‑cp36m‑win_amd64.whl) and then pip install it:

pip install C:\path\to\python_ldap‑3.3.1‑cp36‑cp36m‑win_amd64.whl

To confirm your installation is working, activate your virtual env

cd C:\deploy
.\venvs\qatrack3\scripts\activate
python -c "import ldap; print(ldap.__version__)"

If that commands prints the ldap version then ldap is installed correctly.

Linux

There are some pre-requisistes that need to be installed before python-ldap.

At the time of writing on Ubuntu this looks like:

sudo apt-get install build-essential python3-dev python2.7-dev \
    libldap2-dev libsasl2-dev slapd ldap-utils

source ~/venvs/qatrack3/bin/activate
pip install python-ldap

See https://www.python-ldap.org/en/latest/installing.html for more details.

Configuring QATrack+ to use your Active Directory Server

Copy the following lines to your local_settings.py file:

#-----------------------------------------------------------------------------
# Account settings
# a list of group names to automatically add users to when they sign up
DEFAULT_GROUP_NAMES = ["Therapists"]  # Replace Therapists with whatever group name you want

#-----------------------------------------------------------------------------
# Authentication backend settings
AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
    'qatrack.accounts.backends.ActiveDirectoryGroupMembershipSSLBackend',
)

# active directory settings (not required if only using ModelBackend
AD_DNS_NAME = 'your.ad.server.yourhospital.com'

# If using non-SSL use these
AD_LDAP_PORT = 389
AD_LDAP_URL = 'ldap://%s:%s' % (AD_DNS_NAME, AD_LDAP_PORT)

# If using SSL use these:
# AD_LDAP_PORT=636
# AD_LDAP_URL='ldaps://%s:%s' % (AD_DNS_NAME,AD_LDAP_PORT)

AD_CERT_FILE = None  # AD_CERT_FILE='/path/to/your/cert.txt'

AD_SEARCH_DN = "dc=yourdomain,dc=yourhospital,dc=com"
AD_NT4_DOMAIN = "YOURDOMAIN"  # Network domain that AD server is part of

AD_SEARCH_FIELDS = ['mail', 'givenName', 'sn', 'sAMAccountName', 'memberOf']
AD_MEMBERSHIP_REQ = []  # not implemented. See issue # 360

AD_DEBUG_FILE = "C:/deploy/qatrackplus/logs/ad_log.txt"
AD_DEBUG = False # set to True and restart QATrack+ CherryPy Service if you need to debug AD Connection

You will also obviously have to modify AD_DNS_NAME1, `AD_SEARCH_DN and AD_NT4_DOMAIN to suit your own Active Directory setup. The complete set of Active Directory settings are described here: Active Directory Settings.

After you have saved that file, you will need to restart your application server (or for example your CherryPy service).