This application ships with a docker-compose file. The values within it are set for debugging, not for production use.
An OpenLDAP server is provided using the osixia/openldap docker image.
Do not use this setup for persistent data, as no persistence is configured!
Make sure to change the passwords for the following default accounts:
The admin DN for the main tree at dc=example,dc=com is cn=admin,dc=example,dc=com
with the password specified in LDAP_ADMIN_PASSWORD environment variable.
This defaults to admin.
The admin DN for the config tree at cn=config is cn=admin,cn=config with
the password specified in LDAP_CONFIG_PASSWORD.
This defaults to config.
The bind user for the auth application is uid=auth,dc=example,dc=com.
The password is specified in the
docker/bootstrap_openldap/ldif/bootstrap.ldif file.
This defaults to test.
When changing this password, hash it using slappasswd.
The OU entries for ou=people,dc=example,dc=com, ou=groups,dc=example,dc=com and
ou=oauth,dc=example,dc=com are created on startup.
Create an app configuration in docker/auth.conf.
For basic functionality, the following variables MUST be set:
DEBUG=True
SECRET_KEY = 'plschangeme'
BOOTSTRAP_SERVE_LOCAL = True
# LDAP
LDAP_HOST = 'openldap'
LDAP_PORT = 389
LDAP_BASE_DN = 'dc=example,dc=com'
LDAP_BIND_USER_DN = 'uid=auth,dc=example,dc=com'
LDAP_BIND_USER_PASSWORD = 'test'
import ldap3
PASSWORD_HASHING_FUNC = ldap3.HASHED_SALTED_SHA
# Recaptcha needs to be configured for signup to work.
# The following keys are test keys that always confirm
RECAPTCHA_PUBLIC_KEY="6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"
RECAPTCHA_PRIVATE_KEY="6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
# Mail needs to be configured for signup to work
MAIL_SERVER='smtp.example.org'
MAIL_PORT=465
MAIL_USE_TLS = False
MAIL_USE_SSL=True
MAIL_USERNAME='auth-sender'
MAIL_PASSWORD='CHANGEME'
# To prevent open redirects in OAuth logout
LOGOUT_ALLOWED_NEXT= [
'http://url/of/oauth_client/oauth/loggedout',
]