|
8 | 8 | import string |
9 | 9 | import sys |
10 | 10 | import tempfile |
11 | | -import ldap |
12 | | - |
13 | | -from django_auth_ldap.config import LDAPSearch, GroupOfNamesType |
14 | 11 |
|
15 | 12 |
|
16 | 13 | PROJECT_ROOT = os.path.normpath(os.path.join(os.path.dirname(__file__), '..')) |
|
131 | 128 | 'django.contrib.sites', |
132 | 129 | 'django.contrib.staticfiles', |
133 | 130 | # Third-party apps |
134 | | - 'django_auth_ldap', |
135 | 131 | 'guardian', |
136 | 132 | 'jsonfield', |
137 | 133 | 'gunicorn', |
|
145 | 141 | ) |
146 | 142 |
|
147 | 143 | AUTHENTICATION_BACKENDS = ( |
148 | | - "django_auth_ldap.backend.LDAPBackend", |
149 | 144 | "django.contrib.auth.backends.ModelBackend", |
150 | 145 | "guardian.backends.ObjectPermissionBackend", |
151 | 146 | ) |
|
342 | 337 | # server - Hostname based on CoreOS server hostname |
343 | 338 | UNIT_HOSTNAME = 'default' |
344 | 339 |
|
345 | | -# LDAP DEFAULT SETTINGS (Overrided by confd later) |
346 | | -LDAP_ENDPOINT = "" |
347 | | -BIND_DN = "" |
348 | | -BIND_PASSWORD = "" |
349 | | -USER_BASEDN = "" |
350 | | -USER_FILTER = "" |
351 | | -GROUP_BASEDN = "" |
352 | | -GROUP_FILTER = "" |
353 | | -GROUP_TYPE = "" |
354 | | - |
355 | 340 | # Create a file named "local_settings.py" to contain sensitive settings data |
356 | 341 | # such as database configuration, admin email, or passwords and keys. It |
357 | 342 | # should also be used for any settings which differ between development |
|
367 | 352 | if os.path.exists('/templates/confd_settings.py'): |
368 | 353 | sys.path.append('/templates') |
369 | 354 | from confd_settings import * # noqa |
370 | | - |
371 | | -# LDAP Backend Configuration |
372 | | -# Should be always after the confd_settings import. |
373 | | -LDAP_USER_SEARCH = LDAPSearch( |
374 | | - base_dn=USER_BASEDN, |
375 | | - scope=ldap.SCOPE_SUBTREE, |
376 | | - filterstr="(%s=%%(user)s)" % USER_FILTER |
377 | | -) |
378 | | -LDAP_GROUP_SEARCH = LDAPSearch( |
379 | | - base_dn=GROUP_BASEDN, |
380 | | - scope=ldap.SCOPE_SUBTREE, |
381 | | - filterstr="(%s=%s)" % (GROUP_FILTER, GROUP_TYPE) |
382 | | -) |
383 | | -AUTH_LDAP_SERVER_URI = LDAP_ENDPOINT |
384 | | -AUTH_LDAP_BIND_DN = BIND_DN |
385 | | -AUTH_LDAP_BIND_PASSWORD = BIND_PASSWORD |
386 | | -AUTH_LDAP_USER_SEARCH = LDAP_USER_SEARCH |
387 | | -AUTH_LDAP_GROUP_SEARCH = LDAP_GROUP_SEARCH |
388 | | -AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() |
389 | | -AUTH_LDAP_USER_ATTR_MAP = { |
390 | | - "first_name": "givenName", |
391 | | - "last_name": "sn", |
392 | | - "email": "mail", |
393 | | - "username": USER_FILTER, |
394 | | -} |
395 | | -AUTH_LDAP_GLOBAL_OPTIONS = { |
396 | | - ldap.OPT_X_TLS_REQUIRE_CERT: False, |
397 | | - ldap.OPT_REFERRALS: False |
398 | | -} |
399 | | -AUTH_LDAP_ALWAYS_UPDATE_USER = True |
400 | | -AUTH_LDAP_MIRROR_GROUPS = True |
401 | | -AUTH_LDAP_FIND_GROUP_PERMS = True |
402 | | -AUTH_LDAP_CACHE_GROUPS = False |
0 commit comments