Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/AC42027/Backend-produccion/llms.txt

Use this file to discover all available pages before exploring further.

The API uses your corporate Active Directory account for authentication — no separate API credentials are required. When you POST your username and password to /api/login-ldap/, the server binds to the LDAP server using those credentials, searches for your user record, and issues a session cookie that authorizes all subsequent requests.

How it works

1

Send credentials

POST your Active Directory username and password as JSON to /api/login-ldap/.
2

LDAP validation

The server connects to the configured LDAP server using your credentials (username@DOMAIN). A successful bind confirms the password is correct. The server then searches your directory entry using sAMAccountName and retrieves your profile attributes.
3

User record sync

Django automatically creates or updates a local User record with your first_name, last_name, and email from Active Directory. This happens on every login.
4

Session issued

Django sets a sessionid cookie in the response. Include this cookie on all subsequent API requests.

Login request

curl -X POST http://<host>:8080/api/login-ldap/ \
  -H "Content-Type: application/json" \
  -c cookies.txt \
  -d '{"username": "ac12345", "password": "your_password"}'

Request body

FieldTypeRequiredDescription
usernamestringYesYour Active Directory sAMAccountName (e.g. ac12345)
passwordstringYesYour Active Directory password

Success response

{
  "status": "ok",
  "message": "Login exitoso",
  "first_name": "Juan",
  "last_name": "Pérez"
}
The response body returns your display name as resolved from Active Directory. The sessionid cookie is set automatically by the server. After a successful login, send the sessionid cookie on every subsequent request. With curl, use -b cookies.txt to replay the cookie jar saved during login: 
curl http://<host>:8080/api/equipos/ \
  -b cookies.txt
In a browser-based client, the cookie is sent automatically for same-origin requests. For cross-origin requests, set credentials: 'include' in your fetch options.

LDAP attributes fetched

During login, the server retrieves the following Active Directory attributes for your user account:
AttributeDescription
givenNameFirst name
snLast name (surname)
mailEmail address
userPrincipalNameUPN / login email (used as email field)
titleJob title
managerManager’s distinguished name
memberOfList of group DNs the user belongs to
Only first_name, last_name, and email are persisted to Django’s User model. The remaining attributes (title, manager, memberOf) are retrieved but not stored.

Error responses

HTTP statusstatusmessageCause
401errorCredenciales inválidasWrong username or password
400errorFormato JSON inválidoRequest body is not valid JSON
405errorMétodo no permitido. Se requiere POST.Request used GET or another non-POST method
{
  "status": "error",
  "message": "Credenciales inválidas"
}
The endpoint accepts OPTIONS preflight requests and returns {"status": "ok"} — this is required for Next.js and other browser clients that send a CORS preflight before every POST.

Build docs developers (and LLMs) love

Get started for freeTalk to us