From af48fab1b031b3474f24b78e5bf59b14c8346ea8 Mon Sep 17 00:00:00 2001 From: Christian Franke Date: Thu, 5 Jan 2012 01:32:41 +0100 Subject: make ldap authentication work authorization is still missing -> people can login but can't really do anything. It seems like we should add a group for members to ldap and authorize the matching django group to be allowed to edit news, projects, and so on. Maybe there is a better solution, which I did not see? Also, there is probably a better code for the populate_user handler I placed in accounts/models.py --- sublab_project/settings.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'sublab_project/settings.py') diff --git a/sublab_project/settings.py b/sublab_project/settings.py index e52008a..7138e93 100644 --- a/sublab_project/settings.py +++ b/sublab_project/settings.py @@ -2,7 +2,7 @@ import os # from django_auth_ldap.config import LDAPSearch -# import ldap +import ldap SITE_ROOT = os.path.realpath(os.path.dirname(__file__)) @@ -135,6 +135,7 @@ INSTALLED_APPS = ( 'projects', 'djcelery', 'calendarium', + 'accounts', ) # A sample logging configuration. The only tangible logging @@ -172,19 +173,19 @@ LOGGING = { } } -# AUTH_LDAP_SERVER_URI = 'ldap://taifun.local.sublab.org' -# AUTH_LDAP_BIND_DN = 'cn=djangotest,ou=users,dc=sublab,dc=org' -# AUTH_LDAP_BIND_PASSWORD = 'djangotest' -# AUTH_LDAP_USER_SEARCH = LDAPSearch('ou=users,dc=sublab,dc=org', -# ldap.SCOPE_SUBTREE, '(uid=%(user)s)') -AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=users,dc=sublab,dc=org' +AUTH_PROFILE_MODULE = 'accounts.UserProfile' + +AUTH_LDAP_SERVER_URI = 'ldap://oberon.local.sublab.org' +AUTH_LDAP_START_TLS = True +AUTH_LDAP_GLOBAL_OPTIONS = { + ldap.OPT_X_TLS_CACERTFILE: os.path.join(SITE_ROOT, 'cacert.pem'), +} +AUTH_LDAP_USER_DN_TEMPLATE = 'cn=%(user)s,ou=people,dc=sublab,dc=org' AUTH_LDAP_USER_ATTR_MAP = { - 'first_name': 'givenName', 'last_name': 'sn', - 'email': 'mail' } AUTH_LDAP_ALWAYS_UPDATE_USER = True -AUTH_LDAP_START_TLS = True +AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', -- cgit v1.2.1