Untitled

import ldap
import os
from ast import literal_eval as le
from .default import str2bool
from django_auth_ldap.config import (ActiveDirectoryGroupType,
                                     LDAPSearch,
                                     MemberDNGroup)


if os.environ.get('AUTH_LDAP_DEBUG'):
    import logging

    logger = logging.getLogger('django_auth_ldap')
    logger.addHandler(logging.StreamHandler())
    logger.setLevel(logging.DEBUG)

AUTH_LDAP_SERVER_URI = os.environ.get('AUTH_LDAP_SERVER_URI', None)
LDAP_SEARCH_DN = os.environ.get('LDAP_SEARCH_DN', None)
if str2bool(os.environ.get('LDAP_IS_AD', 'False')):
    AUTH_LDAP_USER = '(SAMAccountName=%(user)s)'
    LDAP_EMAIL_MAP = 'userPrincipalName'
    AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
else:
    AUTH_LDAP_USER = '(uid=%(user)s)'
    LDAP_EMAIL_MAP = 'mail'
    AUTH_LDAP_GROUP_TYPE = MemberDNGroup()

AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
    'guardian.backends.ObjectPermissionBackend',
)
AUTH_LDAP_BIND_DN = os.environ.get('AUTH_LDAP_BIND_DN', '')
AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', '')
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'givenName', 'last_name': 'sn', 'email': LDAP_EMAIL_MAP,
}
AUTH_LDAP_USER_SEARCH = LDAPSearch(LDAP_SEARCH_DN,
                                   ldap.SCOPE_SUBTREE, AUTH_LDAP_USER)

# ldap django search mappings
GROUP_SEARCH = os.environ.get('AUTH_LDAP_GROUP_SEARCH', None)
if GROUP_SEARCH:
    AUTH_LDAP_USER_FLAGS_BY_GROUP = {}
    AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
        GROUP_SEARCH,
        ldap.SCOPE_SUBTREE,
        "(objectClass=organizationalUnit)"
    )

    ACTIVE_SEARCH = os.environ.get('LDAP_ACTIVE_SEARCH', None)
    STAFF_SEARCH = os.environ.get('LDAP_STAFF_SEARCH', None)
    SU_SEARCH = os.environ.get('LDAP_SUPERUSER_SEARCH', None)

    if ACTIVE_SEARCH and len(ACTIVE_SEARCH) > 0:
        try:
            AUTH_LDAP_USER_FLAGS_BY_GROUP['is_active'] = le(
                ACTIVE_SEARCH
            )
        except SyntaxError:
            AUTH_LDAP_USER_FLAGS_BY_GROUP['is_active'] = ACTIVE_SEARCH
        if STAFF_SEARCH and len(STAFF_SEARCH) > 0:
            try:
                AUTH_LDAP_USER_FLAGS_BY_GROUP['is_staff'] = le(
                    STAFF_SEARCH
                )
            except SyntaxError:
                AUTH_LDAP_USER_FLAGS_BY_GROUP['is_staff'] = STAFF_SEARCH
        if SU_SEARCH and len(SU_SEARCH) > 0:
            try:
                AUTH_LDAP_USER_FLAGS_BY_GROUP['is_superuser'] = le(
                    SU_SEARCH
                )
            except SyntaxError:
                AUTH_LDAP_USER_FLAGS_BY_GROUP['is_superuser'] = SU_SEARCH