use ldap group permissions

author: Christian Franke <nobody@nowhere.ws> 2012-01-15 01:57:36 +0100
committer: Christian Franke <nobody@nowhere.ws> 2012-01-15 01:57:36 +0100
commit: 28b2dbfa9cd09514dc5042a6859397d54250ee41 (patch)
tree: a66e6f5f547c1c8adb7b3ee5557d05260e43bb16
parent: 9a94e0095a51981cc668ac0269667a307c45923c (diff)
2 files changed, 15 insertions, 2 deletions
diff --git a/sublab_project/fixtures/permissions.json b/sublab_project/fixtures/permissions.json
new file mode 100644
index 0000000..4d1d178
--- /dev/null
+++ b/sublab_project/fixtures/permissions.json
@@ -0,0 +1 @@
+[{"pk": 67, "model": "auth.permission", "fields": {"codename": "add_userprofile", "name": "Can add user profile", "content_type": 23}}, {"pk": 68, "model": "auth.permission", "fields": {"codename": "change_userprofile", "name": "Can change user profile", "content_type": 23}}, {"pk": 69, "model": "auth.permission", "fields": {"codename": "delete_userprofile", "name": "Can delete user profile", "content_type": 23}}, {"pk": 22, "model": "auth.permission", "fields": {"codename": "add_logentry", "name": "Can add log entry", "content_type": 8}}, {"pk": 23, "model": "auth.permission", "fields": {"codename": "change_logentry", "name": "Can change log entry", "content_type": 8}}, {"pk": 24, "model": "auth.permission", "fields": {"codename": "delete_logentry", "name": "Can delete log entry", "content_type": 8}}, {"pk": 4, "model": "auth.permission", "fields": {"codename": "add_group", "name": "Can add group", "content_type": 2}}, {"pk": 5, "model": "auth.permission", "fields": {"codename": "change_group", "name": "Can change group", "content_type": 2}}, {"pk": 6, "model": "auth.permission", "fields": {"codename": "delete_group", "name": "Can delete group", "content_type": 2}}, {"pk": 10, "model": "auth.permission", "fields": {"codename": "add_message", "name": "Can add message", "content_type": 4}}, {"pk": 11, "model": "auth.permission", "fields": {"codename": "change_message", "name": "Can change message", "content_type": 4}}, {"pk": 12, "model": "auth.permission", "fields": {"codename": "delete_message", "name": "Can delete message", "content_type": 4}}, {"pk": 1, "model": "auth.permission", "fields": {"codename": "add_permission", "name": "Can add permission", "content_type": 1}}, {"pk": 2, "model": "auth.permission", "fields": {"codename": "change_permission", "name": "Can change permission", "content_type": 1}}, {"pk": 3, "model": "auth.permission", "fields": {"codename": "delete_permission", "name": "Can delete permission", "content_type": 1}}, {"pk": 7, "model": "auth.permission", "fields": {"codename": "add_user", "name": "Can add user", "content_type": 3}}, {"pk": 8, "model": "auth.permission", "fields": {"codename": "change_user", "name": "Can change user", "content_type": 3}}, {"pk": 9, "model": "auth.permission", "fields": {"codename": "delete_user", "name": "Can delete user", "content_type": 3}}, {"pk": 64, "model": "auth.permission", "fields": {"codename": "add_event", "name": "Can add Termin", "content_type": 22}}, {"pk": 65, "model": "auth.permission", "fields": {"codename": "change_event", "name": "Can change Termin", "content_type": 22}}, {"pk": 66, "model": "auth.permission", "fields": {"codename": "delete_event", "name": "Can delete Termin", "content_type": 22}}, {"pk": 13, "model": "auth.permission", "fields": {"codename": "add_contenttype", "name": "Can add content type", "content_type": 5}}, {"pk": 14, "model": "auth.permission", "fields": {"codename": "change_contenttype", "name": "Can change content type", "content_type": 5}}, {"pk": 15, "model": "auth.permission", "fields": {"codename": "delete_contenttype", "name": "Can delete content type", "content_type": 5}}, {"pk": 49, "model": "auth.permission", "fields": {"codename": "add_crontabschedule", "name": "Can add crontab", "content_type": 17}}, {"pk": 50, "model": "auth.permission", "fields": {"codename": "change_crontabschedule", "name": "Can change crontab", "content_type": 17}}, {"pk": 51, "model": "auth.permission", "fields": {"codename": "delete_crontabschedule", "name": "Can delete crontab", "content_type": 17}}, {"pk": 46, "model": "auth.permission", "fields": {"codename": "add_intervalschedule", "name": "Can add interval", "content_type": 16}}, {"pk": 47, "model": "auth.permission", "fields": {"codename": "change_intervalschedule", "name": "Can change interval", "content_type": 16}}, {"pk": 48, "model": "auth.permission", "fields": {"codename": "delete_intervalschedule", "name": "Can delete interval", "content_type": 16}}, {"pk": 55, "model": "auth.permission", "fields": {"codename": "add_periodictask", "name": "Can add periodic task", "content_type": 19}}, {"pk": 56, "model": "auth.permission", "fields": {"codename": "change_periodictask", "name": "Can change periodic task", "content_type": 19}}, {"pk": 57, "model": "auth.permission", "fields": {"codename": "delete_periodictask", "name": "Can delete periodic task", "content_type": 19}}, {"pk": 52, "model": "auth.permission", "fields": {"codename": "add_periodictasks", "name": "Can add periodic tasks", "content_type": 18}}, {"pk": 53, "model": "auth.permission", "fields": {"codename": "change_periodictasks", "name": "Can change periodic tasks", "content_type": 18}}, {"pk": 54, "model": "auth.permission", "fields": {"codename": "delete_periodictasks", "name": "Can delete periodic tasks", "content_type": 18}}, {"pk": 40, "model": "auth.permission", "fields": {"codename": "add_taskmeta", "name": "Can add task meta", "content_type": 14}}, {"pk": 41, "model": "auth.permission", "fields": {"codename": "change_taskmeta", "name": "Can change task meta", "content_type": 14}}, {"pk": 42, "model": "auth.permission", "fields": {"codename": "delete_taskmeta", "name": "Can delete task meta", "content_type": 14}}, {"pk": 43, "model": "auth.permission", "fields": {"codename": "add_tasksetmeta", "name": "Can add taskset meta", "content_type": 15}}, {"pk": 44, "model": "auth.permission", "fields": {"codename": "change_tasksetmeta", "name": "Can change taskset meta", "content_type": 15}}, {"pk": 45, "model": "auth.permission", "fields": {"codename": "delete_tasksetmeta", "name": "Can delete taskset meta", "content_type": 15}}, {"pk": 61, "model": "auth.permission", "fields": {"codename": "add_taskstate", "name": "Can add task", "content_type": 21}}, {"pk": 62, "model": "auth.permission", "fields": {"codename": "change_taskstate", "name": "Can change task", "content_type": 21}}, {"pk": 63, "model": "auth.permission", "fields": {"codename": "delete_taskstate", "name": "Can delete task", "content_type": 21}}, {"pk": 58, "model": "auth.permission", "fields": {"codename": "add_workerstate", "name": "Can add worker", "content_type": 20}}, {"pk": 59, "model": "auth.permission", "fields": {"codename": "change_workerstate", "name": "Can change worker", "content_type": 20}}, {"pk": 60, "model": "auth.permission", "fields": {"codename": "delete_workerstate", "name": "Can delete worker", "content_type": 20}}, {"pk": 25, "model": "auth.permission", "fields": {"codename": "add_flatpage", "name": "Can add flat page", "content_type": 9}}, {"pk": 26, "model": "auth.permission", "fields": {"codename": "change_flatpage", "name": "Can change flat page", "content_type": 9}}, {"pk": 27, "model": "auth.permission", "fields": {"codename": "delete_flatpage", "name": "Can delete flat page", "content_type": 9}}, {"pk": 34, "model": "auth.permission", "fields": {"codename": "add_news", "name": "Can add News", "content_type": 12}}, {"pk": 35, "model": "auth.permission", "fields": {"codename": "change_news", "name": "Can change News", "content_type": 12}}, {"pk": 36, "model": "auth.permission", "fields": {"codename": "delete_news", "name": "Can delete News", "content_type": 12}}, {"pk": 37, "model": "auth.permission", "fields": {"codename": "add_project", "name": "Can add Projekt", "content_type": 13}}, {"pk": 38, "model": "auth.permission", "fields": {"codename": "change_project", "name": "Can change Projekt", "content_type": 13}}, {"pk": 39, "model": "auth.permission", "fields": {"codename": "delete_project", "name": "Can delete Projekt", "content_type": 13}}, {"pk": 16, "model": "auth.permission", "fields": {"codename": "add_session", "name": "Can add session", "content_type": 6}}, {"pk": 17, "model": "auth.permission", "fields": {"codename": "change_session", "name": "Can change session", "content_type": 6}}, {"pk": 18, "model": "auth.permission", "fields": {"codename": "delete_session", "name": "Can delete session", "content_type": 6}}, {"pk": 19, "model": "auth.permission", "fields": {"codename": "add_site", "name": "Can add site", "content_type": 7}}, {"pk": 20, "model": "auth.permission", "fields": {"codename": "change_site", "name": "Can change site", "content_type": 7}}, {"pk": 21, "model": "auth.permission", "fields": {"codename": "delete_site", "name": "Can delete site", "content_type": 7}}, {"pk": 28, "model": "auth.permission", "fields": {"codename": "add_migrationhistory", "name": "Can add migration history", "content_type": 10}}, {"pk": 29, "model": "auth.permission", "fields": {"codename": "change_migrationhistory", "name": "Can change migration history", "content_type": 10}}, {"pk": 30, "model": "auth.permission", "fields": {"codename": "delete_migrationhistory", "name": "Can delete migration history", "content_type": 10}}, {"pk": 31, "model": "auth.permission", "fields": {"codename": "add_kvstore", "name": "Can add kv store", "content_type": 11}}, {"pk": 32, "model": "auth.permission", "fields": {"codename": "change_kvstore", "name": "Can change kv store", "content_type": 11}}, {"pk": 33, "model": "auth.permission", "fields": {"codename": "delete_kvstore", "name": "Can delete kv store", "content_type": 11}}, {"pk": 1, "model": "auth.group", "fields": {"name": "members", "permissions": [64, 65, 66, 25, 26, 27, 34, 35, 36, 37, 38, 39]}}]
+\ No newline at end of file
diff --git a/sublab_project/settings.py b/sublab_project/settings.py
index f45e84f..3739fb5 100644
--- a/sublab_project/settings.py
+++ b/sublab_project/settings.py
@@ -1,7 +1,7 @@
 # Django settings for sublab_project project.
 import os
 
-# from django_auth_ldap.config import LDAPSearch
+from django_auth_ldap.config import GroupOfUniqueNamesType, LDAPSearch
 import ldap
 
 
@@ -197,7 +197,19 @@ AUTH_LDAP_USER_ATTR_MAP = {
     'last_name': 'sn',
 }
 AUTH_LDAP_ALWAYS_UPDATE_USER = True
-AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
+AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = False
+AUTH_LDAP_BIND_DN = "cn=webfrontend,ou=service,dc=sublab,dc=org"
+AUTH_LDAP_BIND_PASSWORD = "wrong_password" # this should be overwritten
+
+AUTH_LDAP_FIND_GROUP_PERMS = True
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    "ou=groups,dc=sublab,dc=org",
+    ldap.SCOPE_SUBTREE,
+    u'(objectClass=groupOfUniqueNames)')
+AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+        'is_superuser': 'cn=webadmin,ou=groups,dc=sublab,dc=org',
+}
 
 AUTHENTICATION_BACKENDS = (
     'django_auth_ldap.backend.LDAPBackend',
author	Christian Franke <nobody@nowhere.ws>	2012-01-15 01:57:36 +0100
committer	Christian Franke <nobody@nowhere.ws>	2012-01-15 01:57:36 +0100
commit	28b2dbfa9cd09514dc5042a6859397d54250ee41 (patch)
tree	a66e6f5f547c1c8adb7b3ee5557d05260e43bb16
parent	9a94e0095a51981cc668ac0269667a307c45923c (diff)