> ## Documentation Index
> Fetch the complete documentation index at: https://docs.activeviam.com/llms.txt
> Use this file to discover all available pages before exploring further.

# atoti.LdapConfig

### *final class* atoti.LdapConfig

The config to delegate authentication to an [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) provider.

The user’s roles can be defined using [`atoti.security.Security.ldap`](./atoti.security.Security.ldap#atoti.security.Security.ldap) and [`individual_roles`](./atoti.security.Security.individual_roles#atoti.security.Security.individual_roles).

### Example

```pycon theme={"languages":{"custom":["/engine/python-sdk/0.9/languages/pycon.tmLanguage.json"]}}
>>> config = tt.LdapConfig(
...     url="ldap://example.com:389",
...     base_dn="dc=example,dc=com",
...     user_search_base="ou=people",
...     group_search_base="ou=roles",
...     username_case_conversion="lower",
... )
```

#### base\_dn *: [str](https://docs.python.org/3/library/stdtypes.html#str)*

The base Distinguished Name of the directory service.

#### group\_role\_attribute\_name *: [str](https://docs.python.org/3/library/stdtypes.html#str)* *= 'cn'*

The attribute name that maps a group to a role.

#### group\_search\_base *: [str](https://docs.python.org/3/library/stdtypes.html#str) | [None](https://docs.python.org/3/library/constants.html#None)* *= None*

The search base for group membership searches.

#### group\_search\_filter *: [str](https://docs.python.org/3/library/stdtypes.html#str)* *= '(uniqueMember=\{0})'*

The filter to search for groups.

The substituted parameter is the DN of the user.

#### manager\_dn *: [str](https://docs.python.org/3/library/stdtypes.html#str) | [None](https://docs.python.org/3/library/constants.html#None)* *= None*

The Distinguished Name (DN) used to log into the Directory Service and to search for user accounts.

If `None`, the connection to the service will be done anonymously.

#### manager\_password *: [str](https://docs.python.org/3/library/stdtypes.html#str) | [None](https://docs.python.org/3/library/constants.html#None)* *= None*

The password for the manager account specified in the *manager\_dn* attribute.

#### url *: [str](https://docs.python.org/3/library/stdtypes.html#str)*

The LDAP URL including the protocol and port.

#### user\_search\_base *: [str](https://docs.python.org/3/library/stdtypes.html#str)* *= ''*

Search base for user searches.

#### user\_search\_filter *: [str](https://docs.python.org/3/library/stdtypes.html#str)* *= '(uid=\{0})'*

The filter to search for users.

The substituted parameter is the user’s login name.

#### username\_case\_conversion *: 'upper' | 'lower'*

The case conversion to apply to the username.

This authentication provider is generally case insensitive: the same user Jane could log in with the usernames `"jane"`, `"Jane"`, `"JANE"`, etc.
This attribute allows reducing all the possible cases to a single one to be compatible with [`individual_roles`](./atoti.security.Security.individual_roles#atoti.security.Security.individual_roles) and other case sensitive mappings.

For instance, if `session.security.individual_roles == {"jane": {"ROLE_USER"}}`, [`username_case_conversion`](#atoti.LdapConfig.username_case_conversion) should be set to `"lower"`.
