Starting from Redash v3, there is direct support for LDAP/AD authentication. To set it up you will need to install the
ldap3 Python package (version
2.2.4, GPL licensed) and add the relevant configuration values (see below). Once you done both, you need to restart the application service.
Add the following to your environment variables (
.env file or Docker configuration):
true LDAP login will be enabled at
ldap/login endpoint. [Required]
false, users will be prevented from logging in to Redash using Redash’s authentication and will instead automatically be redirected to the LDAP login endpoint.
REDASH_LDAP_URL: The URL of the LDAP/AD host. This includes port. Ex:
REDASH_LDAP_BIND_DN: The DN to bind to. This is used to determine the identity of the user being authenticated. [Required]
- For AD this should be
"org\\user_dn". The two slashes are required.
REDASH_LDAP_BIND_DN_PASSWORD: The password to bind to the DN specified in
REDASH_LDAP_DISPLAY_NAME_KEY: The key with the full name of the user.
REDASH_LDAP_EMAIL_KEY: The key with the email of the user.
REDASH_LDAP_CUSTOM_USERNAME_PROMPT: A custom prompt to be displayed above the username field.
- Default is
REDASH_LDAP_SEARCH_TEMPLATE: The search template used by the DN to find the user.
- By default this is
"(cn=%(username)s)", but for AD it should be
%(username)s is the username entered in the ldap login page
REDASH_LDAP_SEARCH_DN: The search DN to bind to. Ex.
- Prior to 4.0, this option was called
If using LDAP in a docker setup, then you will have to create a custom image (https://github.com/getredash/redash/pull/1836#issuecomment-321331014):
RUN pip install ldap3
If you’re using Docker Compose to run Redash, you can replace replace
image: redash/redash:latest with
build: . assuming the custom Dockerfile is in the same directory.
Edit on GitHub