From 28b2dbfa9cd09514dc5042a6859397d54250ee41 Mon Sep 17 00:00:00 2001
From: Christian Franke <nobody@nowhere.ws>
Date: Sun, 15 Jan 2012 01:57:36 +0100
Subject: use ldap group permissions

---
 sublab_project/settings.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'sublab_project/settings.py')

diff --git a/sublab_project/settings.py b/sublab_project/settings.py
index f45e84f..3739fb5 100644
--- a/sublab_project/settings.py
+++ b/sublab_project/settings.py
@@ -1,7 +1,7 @@
 # Django settings for sublab_project project.
 import os
 
-# from django_auth_ldap.config import LDAPSearch
+from django_auth_ldap.config import GroupOfUniqueNamesType, LDAPSearch
 import ldap
 
 
@@ -197,7 +197,19 @@ AUTH_LDAP_USER_ATTR_MAP = {
     'last_name': 'sn',
 }
 AUTH_LDAP_ALWAYS_UPDATE_USER = True
-AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
+AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = False
+AUTH_LDAP_BIND_DN = "cn=webfrontend,ou=service,dc=sublab,dc=org"
+AUTH_LDAP_BIND_PASSWORD = "wrong_password" # this should be overwritten
+
+AUTH_LDAP_FIND_GROUP_PERMS = True
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    "ou=groups,dc=sublab,dc=org",
+    ldap.SCOPE_SUBTREE,
+    u'(objectClass=groupOfUniqueNames)')
+AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+        'is_superuser': 'cn=webadmin,ou=groups,dc=sublab,dc=org',
+}
 
 AUTHENTICATION_BACKENDS = (
     'django_auth_ldap.backend.LDAPBackend',
-- 
cgit v1.2.1