Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # [...]
- # stop new accounts being created
- actions_excluded = multiconfig.DefaultConfig.actions_excluded + ['newaccount']
- # LDAP / ActiveDirectory Auth
- # See http://master19.moinmo.in/HelpOnAuthentication#LDAP_based_user_authentication
- # http://master19.moinmo.in/HelpOnConfiguration#auth
- from MoinMoin.auth import MoinAuth
- from MoinMoin.auth.ldap_login import LDAPAuth
- ldap_authenticator1 = LDAPAuth(
- # the values shown below are the DEFAULT values (you may remove them if you are happy with them),
- # the examples shown in the comments are typical for Active Directory (AD) or OpenLDAP.
- server_uri='ldap://134.60.777.777',
- # ldap / active directory server URI
- # use ldaps://server:636 url for ldaps,
- # use ldap://server for ldap without tls (and set start_tls to 0),
- # use ldap://server for ldap with tls (and set start_tls to 1 or 2).
- #bind_dn='', # We can either use some fixed user and password for binding to LDAP.
- # Be careful if you need a % char in those strings - as they are used as
- # a format string, you have to write %% to get a single % in the end.
- #bind_dn = 'binduser@example.org' # (AD)
- #bind_dn = 'cn=admin,dc=example,dc=org' # (OpenLDAP)
- #bind_pw = 'secret'
- # or we can use the username and password we got from the user:
- bind_dn = '%(username)s@abteilungs-domain.local',
- # DN we use for first bind (AD)
- bind_pw = '%(password)s',
- # password we use for first bind
- # or we can bind anonymously (if that is supported by your directory).
- # In any case, bind_dn and bind_pw must be defined.
- base_dn='ou=benutzer,ou=abteilung,dc=abteilungs-domain,dc=local',
- # base DN we use for searching
- #base_dn = 'ou=SOMEUNIT,dc=example,dc=org'
- scope=2,
- # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
- referrals=0,
- # LDAP REFERRALS (0 needed for AD)
- search_filter='(sAMAccountName=%(username)s)',
- # ldap filter used for searching:
- #search_filter = '(sAMAccountName=%(username)s)' # (AD)
- #search_filter = '(uid=%(username)s)' # (OpenLDAP)
- # you can also do more complex filtering like:
- # "(&(cn=%(username)s)(memberOf=CN=WikiUsers,OU=Groups,DC=example,DC=org))"
- # some attribute names we use to extract information from LDAP (if not None,
- # if None, the attribute won't be extracted from LDAP):
- givenname_attribute='givenName',
- # often 'givenName' - ldap attribute we get the first name from
- surname_attribute='sn',
- # often 'sn' - ldap attribute we get the family name from
- aliasname_attribute='displayName',
- # often 'displayName' - ldap attribute we get the aliasname from
- email_attribute='mail',
- # often 'mail' - ldap attribute we get the email address from
- email_callback=None,
- # callback function called to make up email address
- coding='utf-8',
- # coding used for ldap queries and result values
- timeout=10,
- # how long we wait for the ldap server [s]
- start_tls=0,
- # usage of Transport Layer Security 0 = No, 1 = Try, 2 = Required
- tls_cacertdir=None,
- tls_cacertfile=None,
- tls_certfile=None,
- tls_keyfile=None,
- tls_require_cert=0,
- # 0 == ldap.OPT_X_TLS_NEVER (needed for self-signed certs)
- bind_once=False,
- # set to True to only do one bind - useful if configured to bind as the user on the first attempt
- autocreate=True,
- # set to True to automatically create/update user profiles
- name='ldap',
- # use e.g. 'ldap_pdc' and 'ldap_bdc' (or 'ldap1' and 'ldap2') if you auth against 2 ldap servers
- report_invalid_credentials=True,
- # whether to emit "invalid username or password" msg at login time or not
- )
- auth = [ldap_authenticator1, ] # this is a list, you may have multiple ldap authenticators
- # as well as other authenticators
- # [...]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement