|
|
@@ -1,4 +1,7 @@
|
|
|
import os
|
|
|
+import ldap
|
|
|
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType #, PosixGroupType
|
|
|
+from custom.coin_posix_group_type import CoinPosixGroupType
|
|
|
|
|
|
# Django settings for coin project.
|
|
|
|
|
|
@@ -172,22 +175,47 @@ LOGGING = {
|
|
|
}
|
|
|
|
|
|
AUTHENTICATION_BACKENDS = (
|
|
|
- 'django_ldapbackend.LDAPBackend',
|
|
|
- 'django.contrib.auth.backends.ModelBackend',
|
|
|
+ 'django_auth_ldap.backend.LDAPBackend',
|
|
|
+ 'django.contrib.auth.backends.ModelBackend',
|
|
|
)
|
|
|
|
|
|
-# Required
|
|
|
-AUTH_LDAP_SERVER = '127.0.0.1' # Hostname
|
|
|
-AUTH_LDAP_BASE_USER = "cn=admin,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR" # Administrative User's Username
|
|
|
-AUTH_LDAP_BASE_PASS = "admin" # Administrative User's Password
|
|
|
-AUTH_LDAP_BASE_DN = "ou=users,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR" # Base DN (also accepts o=example.com format)
|
|
|
-AUTH_LDAP_FIELD_DOMAIN = "illyse.net" # Domain from which users will take the domain for dummy e-mail generation (it keeps Django happy!)
|
|
|
-AUTH_LDAP_GROUP_NAME = "ldap_people" # Django group for LDAP users (helps us manage them for password changing, etc.)
|
|
|
-AUTH_LDAP_VERSION = 3 # LDAP version
|
|
|
-AUTH_LDAP_OLDPW = False # Can the server take the old password? True/False
|
|
|
-
|
|
|
-# Optional
|
|
|
-AUTH_LDAP_FIELD_USERAUTH = "uid" # The field from which the user authentication shall be done.
|
|
|
-AUTH_LDAP_FIELD_AUTHUNIT = "inetOrgPerson" # The organisational unit in which your users shall be found.
|
|
|
-AUTH_LDAP_FIELD_USERNAME = "uid" # The field from which to draw the username (Default 'uid'). (Allows non-uid/non-dn custom fields to be used for login.)
|
|
|
-AUTH_LDAP_WITHDRAW_EMAIL = False # Should django try the directory for the user's email ('mail')? True/False.
|
|
|
+AUTH_LDAP_SERVER_URI = "ldap://localhost"
|
|
|
+
|
|
|
+AUTH_LDAP_BIND_DN = "cn=admin,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
|
|
|
+AUTH_LDAP_BIND_PASSWORD = "admin"
|
|
|
+AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR",
|
|
|
+ ldap.SCOPE_SUBTREE, "(cn=%(user)s)")
|
|
|
+
|
|
|
+AUTH_LDAP_CACHE_GROUPS = False
|
|
|
+
|
|
|
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR",
|
|
|
+ ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"
|
|
|
+)
|
|
|
+
|
|
|
+AUTH_LDAP_GROUP_TYPE = CoinPosixGroupType()
|
|
|
+
|
|
|
+#~ AUTH_LDAP_REQUIRE_GROUP = "cn=admin,ou=groups,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
|
|
|
+
|
|
|
+AUTH_LDAP_USER_ATTR_MAP = {
|
|
|
+ "first_name": "givenName",
|
|
|
+ "last_name": "sn"
|
|
|
+}
|
|
|
+
|
|
|
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
|
|
+ "is_active": "cn=admin,ou=groups,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR",
|
|
|
+ "is_staff": "cn=admin,ou=groups,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR",
|
|
|
+ "is_superuser": "cn=admin,ou=groups,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
|
|
|
+}
|
|
|
+
|
|
|
+#~ import logging
|
|
|
+#~
|
|
|
+#~ logger = logging.getLogger('django_auth_ldap')
|
|
|
+#~ logger.addHandler(logging.StreamHandler())
|
|
|
+#~ logger.setLevel(logging.DEBUG)
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
Fabien