Hello I did some research and find out that AD is a directory to store data while LDAP is the protocol to authenticate. So to start I should go to microsoft azure to setup the AD right?
But for LDAP how can I set it up in Django though?
This isn’t precisely accurate. In the Windows-world, AD is a complete security infrastructure. LDAP is a protocol that allows queries to be made on that directory. Authentication is only one type of query. (Group membership is another. AD permissions is another.)
There are at least two levels of integration possible.
The first would be to make your server running Django a member of the AD domain. That gives your server direct access to all the AD APIs, including the ability to support SPNEGO on the web site to allow for SSO to browsers on systems currently authenticated to the domain. (This is useful if you are integrating Django into an environment with an existing AD domain.)
If you are doing this, both nginx and Apache provide modules for SPNEGO, allowing the web server itself to verify authentication of AD clients, passing the username through the REMOTE_USER header. (See How to authenticate using REMOTE_USER | Django documentation | Django)
The second is to use the LDAP api that may (or may not!) make authentication APIs available to non-AD systems. Basically, you will create an authentication backend that takes the supplied credentials and uses them in a query. The results of that query tell you whether or not the credentials matched the supplied user.
If that’s the direction you need to go, I suggest you check out djangopackages.org for packages supporting LDAP. (There are a couple that appear to be current.) You may find one that will work for you, but if not, at least you will have an example of how it can be done.
Side note: You may find ldap3 Tutorial — ldap3 2.9.1 documentation of interest. Ldap3 is a Python library that provides LDAP support. The tutorial may help your understanding of what LDAP itself provides.
If you want to implement a local LDAP-based database for education and experimentation, see OpenLDAP - Wikipedia and https://www.openldap.org/. (I found it helpful to have something “local” when trying to get started.)
If I were to only use Active Directory for login is that ok?
You would use it however you want to use it.
From the perspective of an AD client (e.g. your Django authentication backend), it’s an API.