use ldap group permissions

1 files changed, 14 insertions, 2 deletions

diff --git a/sublab_project/settings.py b/sublab_project/settings.py
index f45e84f..3739fb5 100644
--- a/sublab_project/settings.py
+++ b/sublab_project/settings.py
@@ -1,7 +1,7 @@
 # Django settings for sublab_project project.
 import os
 
-# from django_auth_ldap.config import LDAPSearch
+from django_auth_ldap.config import GroupOfUniqueNamesType, LDAPSearch
 import ldap
 
 
@@ -197,7 +197,19 @@ AUTH_LDAP_USER_ATTR_MAP = {
     'last_name': 'sn',
 }
 AUTH_LDAP_ALWAYS_UPDATE_USER = True
-AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
+AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = False
+AUTH_LDAP_BIND_DN = "cn=webfrontend,ou=service,dc=sublab,dc=org"
+AUTH_LDAP_BIND_PASSWORD = "wrong_password" # this should be overwritten
+
+AUTH_LDAP_FIND_GROUP_PERMS = True
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    "ou=groups,dc=sublab,dc=org",
+    ldap.SCOPE_SUBTREE,
+    u'(objectClass=groupOfUniqueNames)')
+AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+        'is_superuser': 'cn=webadmin,ou=groups,dc=sublab,dc=org',
+}
 
 AUTHENTICATION_BACKENDS = (
     'django_auth_ldap.backend.LDAPBackend',