Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import ldap
- import os
- from ast import literal_eval as le
- from .default import str2bool
- from django_auth_ldap.config import (ActiveDirectoryGroupType,
- LDAPSearch,
- MemberDNGroup)
- if os.environ.get('AUTH_LDAP_DEBUG'):
- import logging
- logger = logging.getLogger('django_auth_ldap')
- logger.addHandler(logging.StreamHandler())
- logger.setLevel(logging.DEBUG)
- AUTH_LDAP_SERVER_URI = os.environ.get('AUTH_LDAP_SERVER_URI', None)
- LDAP_SEARCH_DN = os.environ.get('LDAP_SEARCH_DN', None)
- if str2bool(os.environ.get('LDAP_IS_AD', 'False')):
- AUTH_LDAP_USER = '(SAMAccountName=%(user)s)'
- LDAP_EMAIL_MAP = 'userPrincipalName'
- AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
- else:
- AUTH_LDAP_USER = '(uid=%(user)s)'
- LDAP_EMAIL_MAP = 'mail'
- AUTH_LDAP_GROUP_TYPE = MemberDNGroup()
- AUTHENTICATION_BACKENDS = (
- 'django_auth_ldap.backend.LDAPBackend',
- 'django.contrib.auth.backends.ModelBackend',
- 'guardian.backends.ObjectPermissionBackend',
- )
- AUTH_LDAP_BIND_DN = os.environ.get('AUTH_LDAP_BIND_DN', '')
- AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', '')
- AUTH_LDAP_USER_ATTR_MAP = {
- 'first_name': 'givenName', 'last_name': 'sn', 'email': LDAP_EMAIL_MAP,
- }
- AUTH_LDAP_USER_SEARCH = LDAPSearch(LDAP_SEARCH_DN,
- ldap.SCOPE_SUBTREE, AUTH_LDAP_USER)
- # ldap django search mappings
- GROUP_SEARCH = os.environ.get('AUTH_LDAP_GROUP_SEARCH', None)
- if GROUP_SEARCH:
- AUTH_LDAP_USER_FLAGS_BY_GROUP = {}
- AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
- GROUP_SEARCH,
- ldap.SCOPE_SUBTREE,
- "(objectClass=organizationalUnit)"
- )
- ACTIVE_SEARCH = os.environ.get('LDAP_ACTIVE_SEARCH', None)
- STAFF_SEARCH = os.environ.get('LDAP_STAFF_SEARCH', None)
- SU_SEARCH = os.environ.get('LDAP_SUPERUSER_SEARCH', None)
- if ACTIVE_SEARCH and len(ACTIVE_SEARCH) > 0:
- try:
- AUTH_LDAP_USER_FLAGS_BY_GROUP['is_active'] = le(
- ACTIVE_SEARCH
- )
- except SyntaxError:
- AUTH_LDAP_USER_FLAGS_BY_GROUP['is_active'] = ACTIVE_SEARCH
- if STAFF_SEARCH and len(STAFF_SEARCH) > 0:
- try:
- AUTH_LDAP_USER_FLAGS_BY_GROUP['is_staff'] = le(
- STAFF_SEARCH
- )
- except SyntaxError:
- AUTH_LDAP_USER_FLAGS_BY_GROUP['is_staff'] = STAFF_SEARCH
- if SU_SEARCH and len(SU_SEARCH) > 0:
- try:
- AUTH_LDAP_USER_FLAGS_BY_GROUP['is_superuser'] = le(
- SU_SEARCH
- )
- except SyntaxError:
- AUTH_LDAP_USER_FLAGS_BY_GROUP['is_superuser'] = SU_SEARCH
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement