|
54 | 54 | 'level': LOGGING_LEVEL, |
55 | 55 | 'propagate': True, |
56 | 56 | }, |
| 57 | + 'django_python3_ldap': { |
| 58 | + 'handlers': ['console'], |
| 59 | + 'level': LOGGING_LEVEL, |
| 60 | + 'propagate': True, |
| 61 | + }, |
57 | 62 | }, |
58 | 63 | } |
59 | 64 |
|
|
67 | 72 | 'django.contrib.messages', |
68 | 73 | 'django.contrib.staticfiles', |
69 | 74 | 'debug_toolbar', |
| 75 | + 'django_python3_ldap', |
70 | 76 | 'jquery', |
71 | 77 | 'bootstrap3', |
72 | 78 | 'swift_browser', |
|
170 | 176 | INTERNAL_IPS = ['127.0.0.1'] |
171 | 177 |
|
172 | 178 | LOGIN_REDIRECT_URL = 'containers' |
| 179 | + |
| 180 | +AUTHENTICATION_BACKENDS = [ |
| 181 | + 'django_python3_ldap.auth.LDAPBackend', |
| 182 | + 'django.contrib.auth.backends.ModelBackend', |
| 183 | +] |
| 184 | + |
| 185 | +# The URL of the LDAP server. |
| 186 | +LDAP_AUTH_URL = os.environ.get('LDAP_AUTH_URL', |
| 187 | + 'ldap://localhost:389') |
| 188 | + |
| 189 | +# Initiate TLS on connection. |
| 190 | +LDAP_AUTH_USE_TLS = os.environ.get('LDAP_AUTH_USE_TLS', |
| 191 | + False) |
| 192 | + |
| 193 | +# The LDAP search base for looking up users. |
| 194 | +LDAP_AUTH_SEARCH_BASE = os.environ.get('LDAP_AUTH_SEARCH_BASE', |
| 195 | + 'ou=people,dc=example,dc=com') |
| 196 | + |
| 197 | +# The LDAP class that represents a user. |
| 198 | +LDAP_AUTH_OBJECT_CLASS = os.environ.get('LDAP_AUTH_OBJECT_CLASS', |
| 199 | + 'inetOrgPerson') |
| 200 | + |
| 201 | +# User model fields mapped to the LDAP |
| 202 | +# attributes that represent them. |
| 203 | +LDAP_AUTH_USER_FIELDS = { |
| 204 | + "username": os.environ.get('LDAP_AUTH_USERNAME_ATTR', 'uid'), |
| 205 | + "first_name": os.environ.get('LDAP_AUTH_FIRSTNAME_ATTR', 'givenName'), |
| 206 | + "last_name": os.environ.get('LDAP_AUTH_LASTNAME_ATTR', 'sn'), |
| 207 | + "email": os.environ.get('LDAP_AUTH_EMAIL_ATTR', 'mail'), |
| 208 | +} |
| 209 | + |
| 210 | +# A tuple of django model fields used to uniquely identify a user. |
| 211 | +LDAP_AUTH_USER_LOOKUP_FIELDS = os.environ.get('LDAP_AUTH_USER_LOOKUP_FIELDS', |
| 212 | + ("username",)) |
| 213 | + |
| 214 | +# Path to a callable that takes a dict of {model_field_name: value}, |
| 215 | +# returning a dict of clean model data. |
| 216 | +# Use this to customize how data loaded from LDAP is saved to the User model. |
| 217 | +LDAP_AUTH_CLEAN_USER_DATA = os.environ.get('LDAP_AUTH_CLEAN_USER_DATA', |
| 218 | + "django_python3_ldap.utils.clean_user_data") |
| 219 | + |
| 220 | +# Path to a callable that takes a user model and a dict of {ldap_field_name: [value]}, |
| 221 | +# and saves any additional user relationships based on the LDAP data. |
| 222 | +# Use this to customize how data loaded from LDAP is saved to User model relations. |
| 223 | +# For customizing non-related User model fields, use LDAP_AUTH_CLEAN_USER_DATA. |
| 224 | +LDAP_AUTH_SYNC_USER_RELATIONS = os.environ.get('LDAP_AUTH_SYNC_USER_RELATIONS', |
| 225 | + "django_python3_ldap.utils.sync_user_relations") |
| 226 | + |
| 227 | +# Path to a callable that takes a dict of {ldap_field_name: value}, |
| 228 | +# returning a list of [ldap_search_filter]. The search filters will then be AND'd |
| 229 | +# together when creating the final search filter. |
| 230 | +LDAP_AUTH_FORMAT_SEARCH_FILTERS = os.environ.get('LDAP_AUTH_FORMAT_SEARCH_FILTERS', |
| 231 | + "django_python3_ldap.utils.format_search_filters") |
| 232 | + |
| 233 | +# Path to a callable that takes a dict of {model_field_name: value}, and returns |
| 234 | +# a string of the username to bind to the LDAP server. |
| 235 | +# Use this to support different types of LDAP server. |
| 236 | +LDAP_AUTH_FORMAT_USERNAME = os.environ.get('LDAP_AUTH_FORMAT_USERNAME', |
| 237 | + 'django_python3_ldap.utils.format_username_openldap') |
| 238 | + |
| 239 | +# Sets the login domain for Active Directory users. |
| 240 | +LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = os.environ.get('LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN', |
| 241 | + None) |
| 242 | + |
| 243 | +# The LDAP username and password of a user for querying the LDAP database for user |
| 244 | +# details. If None, then the authenticated user will be used for querying, and |
| 245 | +# the `ldap_sync_users` command will perform an anonymous query. |
| 246 | +LDAP_AUTH_CONNECTION_USERNAME = os.environ.get('LDAP_AUTH_CONNECTION_USERNAME', |
| 247 | + None) |
| 248 | +LDAP_AUTH_CONNECTION_PASSWORD = os.environ.get('LDAP_AUTH_CONNECTION_PASSWORD', |
| 249 | + None) |
| 250 | + |
| 251 | +# Set connection/receive timeouts (in seconds) on the underlying `ldap3` library. |
| 252 | +LDAP_AUTH_CONNECT_TIMEOUT = os.environ.get('LDAP_AUTH_CONNECT_TIMEOUT', |
| 253 | + None) |
| 254 | +LDAP_AUTH_RECEIVE_TIMEOUT = os.environ.get('LDAP_AUTH_RECEIVE_TIMEOUT', |
| 255 | + None) |
| 256 | + |
| 257 | +# Users must be a member of this group to access |
| 258 | +LDAP_GROUP_MEMBER = os.environ.get('LDAP_GROUP_MEMBER', |
| 259 | + None) |
| 260 | + |
0 commit comments