Skip to content

Importing Roles from LDAP/AD

For version 11.0, please follow the new document LDAP in version 11.0.

Since version 6.1.5, the Pro Edition supports syncing roles from LDAP or Active Directory.

To enable this feature, add config option ROLE_NAME_ATTR to ccnet.conf

[LDAP_SYNC]
ROLE_NAME_ATTR = title

ROLE_NAME_ATTR is the attribute field to configure roles in LDAP . We provide a user-defined function to map the role:Create custom_functions.py under conf/ and edit it like:

#coding=utf-8
import sys 
reload(sys)
sys.setdefaultencoding('utf8')

def ldap_role_mapping(role):
    if 'staff' in role:
        return 'Staff'
    if 'guest' in role:
        return 'Guest'
    if 'manager' in role:
        return 'Manager'

you can rewrite this function (in python) to make your own mapping rules. If the file or function doesn't exist, all roles in ROLE_NAME_ATTR will be synced.

** NOTE: **Make sure that ccnet-server keeps running while doing LDAP role sync.

Note: If you are using 7.1 version or later, and with Python 3, you should remove the following code from `custom_functions.py`:

import sys 
reload(sys)
sys.setdefaultencoding('utf8')