Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # django ldap auth
- USE_LDAP = True
- # LDAP authentication support
- if USE_LDAP:
- import ldap
- from django_auth_ldap.config import LDAPSearch, LDAPGroupQuery, ActiveDirectoryGroupType
- # LDAP settings
- AUTH_LDAP_SERVER_URI = 'ldap://something.ac.uk:389'
- # AUTH_LDAP_PORT = 636 (Default Port for SSL)
- AUTH_LDAP_BIND_DN = 'cn=bind_user,ou=service accounts,dc=something,dc=something_else,dc=ac,dc=uk'
- AUTH_LDAP_BIND_PASSWORD = 'password'
- AUTH_LDAP_USER_SEARCH = LDAPSearch(
- 'ou=users,dc=something,dc=something_else,dc=ac,dc=uk',
- ldap.SCOPE_SUBTREE, '(sAMAccountName=%(user)s)')
- AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
- 'OU=Groups,dc=something,dc=something_else,dc=ac,dc=uk',
- ldap.SCOPE_SUBTREE, '(objectClass=*)')
- AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
- AUTH_LDAP_FIND_GROUP_PERMS = True
- AUTH_LDAP_GLOBAL_OPTIONS = {
- ldap.OPT_X_TLS_REQUIRE_CERT: False,
- ldap.OPT_REFERRALS: False, }
- AUTH_LDAP_REQUIRE_GROUP = 'CN=Required_Group,DC=Something,DC=something_else,DC=ac,DC=uk'
- AUTH_LDAP_ALWAYS_UPDATE_USER = True
- # Cache group memberships for an hour to minimize LDAP traffic
- AUTH_LDAP_CACHE_GROUPS = True
- AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
- AUTH_LDAP_USER_ATTR_MAP = {'first_name': 'givenName',
- 'last_name': 'sn',
- 'email': 'mail'}
- AUTH_LDAP_USER_FLAGS_BY_GROUP = {
- 'is_active': (
- LDAPGroupQuery("CN=GroupToSearch,DC=Something,DC=something_else,DC=ac,DC=uk")
- ),
- 'is_staff': (
- LDAPGroupQuery("CN=GroupToSearch,DC=Something,DC=something_else,DC=ac,DC=uk")
- ),
- 'is_superuser': (
- LDAPGroupQuery("CN=GroupToSearch,DC=Something,DC=something_else,DC=ac,DC=uk")
- )
- }
- if USE_LDAP:
- AUTHENTICATION_BACKENDS = (
- 'django_auth_ldap.backend.LDAPBackend',
- 'django.contrib.auth.backends.ModelBackend',
- )
- else:
- AUTHENTICATION_BACKENDS = (
- 'django.contrib.auth.backends.ModelBackend',
- )
Add Comment
Please, Sign In to add comment