# [email protected] # (C) If LDAP usernames are completely unrelated to email addresses. # # Fake LDAP data has e.g. ("ldapuser1", "*****@*****.**") for username/email. FAKE_LDAP_MODE = None # type: Optional[str] # FAKE_LDAP_NUM_USERS = 8 if FAKE_LDAP_MODE: LDAP_APPEND_DOMAIN = None AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=users,dc=zulip,dc=com' if FAKE_LDAP_MODE == 'a': import ldap from django_auth_ldap.config import LDAPSearch AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=zulip,dc=com", ldap.SCOPE_SUBTREE, "(email=%(user)s)") elif FAKE_LDAP_MODE == 'b': LDAP_APPEND_DOMAIN = 'zulip.com' elif FAKE_LDAP_MODE == 'c': LDAP_EMAIL_ATTR = 'email' # type: Optional[str] AUTHENTICATION_BACKENDS += ('zproject.backends.ZulipLDAPAuthBackend', ) # type: ignore # tuple hackery THUMBOR_URL = 'http://127.0.0.1:9995' THUMBNAIL_IMAGES = True SEARCH_PILLS_ENABLED = os.getenv('SEARCH_PILLS_ENABLED', False) BILLING_ENABLED = True
'NAME': ':memory:',
# 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
# 'TEST_MIRROR': 'default',
'SUPPORTS_TRANSACTIONS': 'False',
}
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'django_auth_ldap.backend.LDAPBackend',
# 'django.contrib.auth.backends.RemoteUserBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://q.ru"
AUTH_LDAP_USER_SEARCH = LDAPSearch(
"DC=q,DC=ru",
# if 'test' in sys.argv else "OU=Employees,OU=IDM,DC=q,DC=ru",
ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)")
AUTH_LDAP_CONNECTION_OPTIONS = {
# ldap.OPT_DEBUG_LEVEL: 2,
ldap.OPT_REFERRALS: 0,
}
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
# What to do once the user is authenticated
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
"ldap_dn": "dn",
# "description": "manager",
"title": "title",
from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend', # 配置为先使用LDAP认证,如通过认证则不再使用后面的认证方式
'django.contrib.auth.backends.ModelBackend', # sso系统中手动创建的用户也可使用,优先级靠后。注意这2行的顺序
)
# if use self signed certificate, Remove AUTH_LDAP_GLOBAL_OPTIONS annotations
# AUTH_LDAP_GLOBAL_OPTIONS={
# ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER
# }
AUTH_LDAP_BIND_DN = "cn=xx,dc=xx,dc=xx"
AUTH_LDAP_BIND_PASSWORD = "******"
AUTH_LDAP_SERVER_URI = "ldap://ldap.xx.com"
AUTH_LDAP_BASEDN = "dc=xx,dc=xx"
AUTH_LDAP_USER_DN_TEMPLATE = "cn=%(user)s,ou=xx,dc=xx,dc=xx"
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=xx,dc=xx,dc=xx",
ldap.SCOPE_SUBTREE,
"(objectClass=groupOfUniqueNames)")
AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_ALWAYS_UPDATE_USER = True # 每次登录从ldap同步用户信息
AUTH_LDAP_USER_ATTR_MAP = { # key为archer.sql_users字段名,value为ldap中字段名,用于同步用户信息
"username": "******",
"display": "xx",
"email": "xx"
}
# AUTH_LDAP_MIRROR_GROUPS = True # 直接把ldap的组复制到django一份,和AUTH_LDAP_FIND_GROUP_PERMS互斥.用户每次登录会根据ldap来更新数据库的组关系
# AUTH_LDAP_FIND_GROUP_PERMS = True # django从ldap的组权限中获取权限,这种方式,django自身不创建组,每次请求都调用ldap
# AUTH_LDAP_CACHE_GROUPS = True # 如打开FIND_GROUP_PERMS后,此配置生效,对组关系进行缓存,不用每次请求都调用ldap
# AUTH_LDAP_GROUP_CACHE_TIMEOUT = 600 # 缓存时间
# 开启以下配置注释,可以帮助调试ldap集成
LDAP_LOGS = '/tmp/ldap.log'
DEFAULT_LOGS = '/tmp/default.log'
EMAIL_USE_SSL = True
# Enable ldap backend support
AUTHENTICATION_BACKENDS = [
# 'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
]
# LDAP配置
# 根据公司的ldap进行配置
AUTH_LDAP_SERVER_URI = "ldap://ldap.tt.com:389"
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# uid为用户名,password为该用户的密码
AUTH_LDAP_BIND_DN = "uid=devops,cn=users,cn=accounts,dc=test,dc=com"
AUTH_LDAP_BIND_PASSWORD = "******"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=people,dc=tt,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
# 下面字段必须存在,管理字段可自定义
# key:value key:django字段,value:LDAP字段
# username:用户名,email:邮箱地址,displayname:中文名或昵称
# 按照自己公司的LDAP配置字段进行修改映射
AUTH_LDAP_USER_ATTR_MAP = {"username": "******", 'email': 'mail', "displayname": 'givenName', 'mobile': 'mobile'}
# 日志
# LOGGING = {
# 'version': 1,
# 'disable_existing_loggers': True,
# 'formatters': { # 日志格式
# 'standard': {
# 'format': '%(asctime)s [%(threadName)s:%(thread)d] [%(name)s:%(lineno)d] '
# '[%(module)s:%(funcName)s] [%(levelname)s]- %(message)s'}
LOGIN_REDIRECT_URL = '/idea/list'
LOGOUT_REDIRECT_URL = '/'
AUTH_LDAP_SERVER_URI = config('AUTH_LDAP_SERVER_URI', default='')
if AUTH_LDAP_SERVER_URI != '':
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
AUTH_LDAP_BIND_DN = config('AUTH_LDAP_BIND_DN', default='')
AUTH_LDAP_BIND_PASSWORD = config('AUTH_LDAP_BIND_PASSWORD', default='')
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER
}
AUTH_LDAP_START_TLS = config('AUTH_LDAP_START_TLS', default=0, cast=bool)
AUTH_LDAP_USER_SEARCH = LDAPSearch(
config('AUTH_LDAP_USER_SEARCH', default='ou=users,dc=example,dc=com'),
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend',
'django_auth_ldap.backend.LDAPBackend',
]
AUTH_LDAP_PROFILE_ATTR_MAP = {
"memberOf": "memberOf",
}
else:
AUTHENTICATION_BACKENDS = [
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ALLOWED_HOSTS = []
# ldap config start
# Baseline configuration.
# ldaps protocol specify here ldap + tls
AUTH_LDAP_SERVER_URI = "ldaps://lab.gdy.club:389"
AUTH_LDAP_START_TLS = True
AUTH_LDAP_BIND_DN = "cn=admin,dc=lab,dc=gdy,dc=club"
AUTH_LDAP_BIND_PASSWORD = "******"
AUTH_LDAP_USER_SEARCH = LDAPSearch(
"dc=lab,dc=gdy,dc=club", ldap.SCOPE_SUBTREE, "(cn=%(user)s)"
)
# Or:
AUTH_LDAP_USER_DN_TEMPLATE = "cn=%(user)s,ou=users,dc=lab,dc=gdy,dc=club"
# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
"ou=groups,dc=lab,dc=gdy,dc=club",
ldap.SCOPE_SUBTREE,
"(objectClass=posixGroup)",
)
AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr="cn")
# Simple group restrictions
AUTH_LDAP_REQUIRE_GROUP = "cn=admins,ou=groups,dc=lab,dc=gdy,dc=club"
AUTH_LDAP_DENY_GROUP = None #'cn=users,ou=groups,dc=lab,dc=gdy,dc=club'
import ldap
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType
from common_config import users_ou, groups_ou
# See the following url for more information about AUTH_LDAP_GROUP_TYPE:
# https://pythonhosted.org/django-auth-ldap/reference.html?highlight=grouptype#django_auth_ldap.config.LDAPGroupType
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
# In the example below, the user search will only match users with accounts that are _not_ disabled. Refer to the section
# titled "Further Reading" in this package's README.md for more information about search scopes.
AUTH_LDAP_USER_SEARCH = LDAPSearch(
users_ou, ldap.SCOPE_ONELEVEL, '(&(sAMAccountName=%(user)s)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
groups_ou, ldap.SCOPE_ONELEVEL, '(objectClass=group)')
def add_ldap_config(self, ldap_config):
ldap_url = ldap_config.LDAP_URL.get()
if ldap_url is None:
LOG.warn("Could not find LDAP URL required for authentication.")
return None
else:
setattr(self._backend.settings, 'SERVER_URI',
ldap_config.LDAP_URL.get())
if ldap_url.lower().startswith(
'ldaps') and ldap_config.USE_START_TLS.get():
LOG.warn("Cannot configure LDAP with SSL and enable STARTTLS.")
if ldap_config.SEARCH_BIND_AUTHENTICATION.get():
# New Search/Bind Auth
base_dn = ldap_config.BASE_DN.get()
user_name_attr = ldap_config.USERS.USER_NAME_ATTR.get()
user_filter = ldap_config.USERS.USER_FILTER.get()
if not user_filter.startswith('('):
user_filter = '(' + user_filter + ')'
if ldap_config.BIND_DN.get():
bind_dn = ldap_config.BIND_DN.get()
setattr(self._backend.settings, 'BIND_DN', bind_dn)
bind_password = ldap_config.BIND_PASSWORD.get()
if not bind_password:
bind_password = ldap_config.BIND_PASSWORD_SCRIPT.get()
setattr(self._backend.settings, 'BIND_PASSWORD', bind_password)
if user_filter is None:
search_bind_results = LDAPSearch(
base_dn, ldap.SCOPE_SUBTREE,
"(" + user_name_attr + "=%(user)s)")
else:
search_bind_results = LDAPSearch(
base_dn, ldap.SCOPE_SUBTREE,
"(&(" + user_name_attr + "=%(user)s)" + user_filter + ")")
setattr(self._backend.settings, 'USER_SEARCH', search_bind_results)
else:
nt_domain = ldap_config.NT_DOMAIN.get()
if nt_domain is None:
pattern = ldap_config.LDAP_USERNAME_PATTERN.get()
pattern = pattern.replace('<username>', '%(user)s')
setattr(self._backend.settings, 'USER_DN_TEMPLATE', pattern)
else:
# %(user)s is a special string that will get replaced during the authentication process
setattr(self._backend.settings, 'USER_DN_TEMPLATE',
"%(user)s@" + nt_domain)
# If Secure ldaps is specified in hue.ini then ldap code automatically use SSL/TLS communication
if not ldap_url.lower().startswith('ldaps'):
setattr(self._backend.settings, 'START_TLS',
ldap_config.USE_START_TLS.get())
# Certificate-related config settings
if ldap_config.LDAP_CERT.get():
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
ldap_config.LDAP_CERT.get())
else:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
if ldap_config.FOLLOW_REFERRALS.get():
ldap.set_option(ldap.OPT_REFERRALS, 1)
else:
ldap.set_option(ldap.OPT_REFERRALS, 0)
# Auth related settings
AUTHENTICATION_BACKENDS = []
# LDAP
LDAP_AUTH=bool(os.getenv('LDAP_AUTH', False))
if LDAP_AUTH:
import ldap
from django_auth_ldap.config import LDAPSearch
AUTHENTICATION_BACKENDS.append('django_auth_ldap.backend.LDAPBackend')
AUTH_LDAP_SERVER_URI = os.getenv('AUTH_LDAP_SERVER_URI')
AUTH_LDAP_BIND_DN = os.getenv('AUTH_LDAP_BIND_DN')
AUTH_LDAP_BIND_PASSWORD = os.getenv('AUTH_LDAP_BIND_PASSWORD')
AUTH_LDAP_USER_SEARCH = LDAPSearch(
os.getenv('AUTH_LDAP_USER_SEARCH_BASE_DN'),
ldap.SCOPE_SUBTREE,
os.getenv('AUTH_LDAP_USER_SEARCH_FILTER_STR', '(uid=%(user)s)'),
)
AUTH_LDAP_USER_ATTR_MAP = ast.literal_eval(os.getenv('AUTH_LDAP_USER_ATTR_MAP')) if os.getenv('AUTH_LDAP_USER_ATTR_MAP') else {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail',
}
AUTH_LDAP_ALWAYS_UPDATE_USER = bool(int(os.getenv('AUTH_LDAP_ALWAYS_UPDATE_USER', True)))
AUTH_LDAP_CACHE_TIMEOUT = int(os.getenv('AUTH_LDAP_CACHE_TIMEOUT', 3600))
AUTHENTICATION_BACKENDS += [
'django.contrib.auth.backends.ModelBackend',
'allauth.account.auth_backends.AuthenticationBackend',
]
# Django Cloud Browser #
########################
import mibc.settings
CLOUD_BROWSER_DATASTORE = "Filesystem"
CLOUD_BROWSER_FILESYSTEM_ROOT = mibc.settings.c_repository_root
CLOUD_BROWSER_VIEW_DECORATOR = "django.contrib.auth.decorators.login_required"
#################
# LDAP SETTINGS #
#################
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
AUTH_LDAP_SERVER_URI = "ldaps://localhost/"
AUTH_LDAP_BIND_DN = mibc.settings.ldap.bind_dn
AUTH_LDAP_BIND_PASSWORD = mibc.settings.ldap.bind_pw
AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=Domain Users,DC=rc,DC=domain",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
AUTH_LDAP_REQUIRE_GROUP = ("CN=ccfa_users,"
"OU=HSPH,"
"OU=Domain Groups,"
"DC=rc,DC=domain")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Domain Groups,DC=rc,DC=domain",
ldap.SCOPE_SUBTREE, "(objectClass=group)")
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "email",
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_staff": "CN=ccfa_users,OU=HSPH,OU=Domain Groups,DC=rc,DC=domain"
# Java settings
JAVA_ENTITY_EXPANSION_LIMIT = get_setting("JAVA_ENTITY_EXPANSION_LIMIT")
if REFINERY_EXTERNAL_AUTH:
# enable LDAP authentication
try:
from django_auth_ldap.config import LDAPSearch
except ImportError:
logger.info("Failed to configure LDAP authentication")
else:
AUTH_LDAP_SERVER_URI = get_setting("AUTH_LDAP_SERVER_URI")
AUTH_LDAP_BIND_DN = get_setting("AUTH_LDAP_BIND_DN")
AUTH_LDAP_BIND_PASSWORD = get_setting("AUTH_LDAP_BIND_PASSWORD")
AUTH_LDAP_USER_SEARCH = LDAPSearch(get_setting("AUTH_LDAP_BASE_DN"),
get_setting("AUTH_LDAP_SCOPE"),
get_setting("AUTH_LDAP_FILTERSTR"))
# populate Django user profile from the LDAP directory
AUTH_LDAP_USER_ATTR_MAP = get_setting("AUTH_LDAP_USER_ATTR_MAP")
AUTHENTICATION_BACKENDS += (
'core.models.RefineryLDAPBackend',
)
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '0.0.0.0:11211',
'TIMEOUT': 600,
}
}
# Set a string template that describes any user’s distinguished name based on the username.
AUTH_LDAP_USER_DN_TEMPLATE = os.environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None)
# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
# Note that this is a NetBox-specific setting which sets:
# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
LDAP_IGNORE_CERT_ERRORS = os.environ.get('LDAP_IGNORE_CERT_ERRORS',
'False').lower() == 'true'
AUTH_LDAP_USER_SEARCH_BASEDN = os.environ.get('AUTH_LDAP_USER_SEARCH_BASEDN',
'')
AUTH_LDAP_USER_SEARCH_ATTR = os.environ.get('AUTH_LDAP_USER_SEARCH_ATTR',
'sAMAccountName')
AUTH_LDAP_USER_SEARCH = LDAPSearch(
AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE,
"(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)")
# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
# heirarchy.
AUTH_LDAP_GROUP_SEARCH_BASEDN = os.environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN',
'')
AUTH_LDAP_GROUP_SEARCH_CLASS = os.environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS',
'group')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE,
"(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")")
AUTH_LDAP_GROUP_TYPE = import_group_type(
os.environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
# Define a group required to login.
AUTHENTICATION_BACKENDS = [
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
]
# Set Organisation unit and Domain component for ldap
LDAP_SEARCH_INFO = 'your-ldap-search-info' # E.g dc=example,dc=com,ou=People
AUTH_LDAP_SERVER_URI = "your-ldap-server"
AUTH_LDAP_BIND_DN = ''
AUTH_LDAP_BIND_PASSWORD = ''
AUTH_LDAP_USER_SEARCH = LDAPSearch(
LDAP_SEARCH_INFO,
ldap.SCOPE_SUBTREE,
'(uid=%(user)s)',
)
AUTH_LDAP_USER_ATTR_MAP = {
'username': '******',
'first_name': 'givenname',
'last_name': 'sn',
'email': 'mail',
}
# Set this varable to <True> if smtp-server is not allowing to send email.
EMAIL_USE_TLS = False
EMAIL_HOST = 'your_email_host'
# Django LDAP backend configuration.
# See https://pythonhosted.org/django-auth-ldap/reference.html
# for variables' details.
# In order to debug LDAP configuration it is possible to enable
# verbose logging from auth-ldap plugin:
# https://pythonhosted.org/django-auth-ldap/logging.html
if LDAP_ENDPOINT:
AUTHENTICATION_BACKENDS = (
"django_auth_ldap.backend.LDAPBackend", ) + AUTHENTICATION_BACKENDS
AUTH_LDAP_SERVER_URI = LDAP_ENDPOINT
AUTH_LDAP_BIND_DN = LDAP_BIND_DN
AUTH_LDAP_BIND_PASSWORD = LDAP_BIND_PASSWORD
AUTH_LDAP_USER_SEARCH = LDAPSearch(base_dn=LDAP_USER_BASEDN,
scope=ldap.SCOPE_SUBTREE,
filterstr="(%s=%%(user)s)" %
LDAP_USER_FILTER)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(base_dn=LDAP_GROUP_BASEDN,
scope=ldap.SCOPE_SUBTREE,
filterstr="(%s)" % LDAP_GROUP_FILTER)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
"username": LDAP_USER_FILTER,
}
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: False,
ldap.OPT_REFERRALS: False
}
'HOST':'##LDAP_HOST##',
'PORT': '##LDAP_PORT##',
'DOMAIN': '##LDAP_ROOT_DN##',
'USERNAME': '******',
'PASSWORD': '******',
'AD': '##LDAP_AD_SUFFIX##'
}
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.RemoteUserBackend',
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://##LDAP_HOST##:##LDAP_PORT##"
AUTH_LDAP_ROOT_DN = "##LDAP_ROOT_DN##"
AUTH_LDAP_USER_SEARCH = LDAPSearch("##LDAP_ROOT_DN##", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
# Internationalization
# https://docs.djangoproject.com/en/1.9/topics/i18n/
#LANGUAGE_CODE = 'es'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
EXTRA_LANG_INFO = {
'va': {
'bidi': False,
'code': u'va',
'name': u'Valencian',
import logging
AUTH_LDAP_BIND_DN = ""
if config.has_option('ldap', 'ldap_bind_dn'):
AUTH_LDAP_BIND_DN = config.get('ldap', 'ldap_bind_dn', raw=True)
AUTH_LDAP_BIND_PASSWORD = ""
if config.has_option('ldap', 'ldap_bind_pw'):
AUTH_LDAP_BIND_PASSWORD = config.get('ldap', 'ldap_bind_pw', raw=True)
LDAP_SERVER = config.get('ldap', 'ldap_server')
ldap_verify_cert = config.getboolean('ldap', 'verify_certificate')
if USE_SEARCH:
AUTH_LDAP_USER_SEARCH = LDAPSearch(
config.get('ldap', 'ldap_base_dn', raw=True),
ldap.SCOPE_SUBTREE,
config.get('ldap', 'ldap_filter', raw=True),
)
else:
AUTH_LDAP_USER_DN_TEMPLATE = config.get('ldap',
'ldap_dn_template',
raw=True)
mail_attr = config.get('ldap', 'ldap_mail_attr', raw=True)
fname_attr = config.get('ldap', 'ldap_fname_attr', raw=True)
lname_attr = config.get('ldap', 'ldap_lname_attr', raw=True)
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": fname_attr,
"last_name": lname_attr,
"email": mail_attr,
}
# #
# YOU NORMALLY DON'T HAVE TO EDIT ANYTHING #
# BELOW THIS LINE !! #
# #
# Tweak this only if you have a non-AD LDAP schema.
if LDAP_ENABLED:
import ldap
from django_auth_ldap.config import LDAPSearch
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://%s" % LDAP_SERVER
AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_BASE, ldap.SCOPE_SUBTREE,
"(SAMAccountName=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_PROFILE_ATTR_MAP = {
"title": "cn",
"slug": "uid",
}
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# This is made unique by the twistranet_project script.
# Don't edit!
"""
import os
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
AUTHENTICATION_BACKENDS = [
'django_auth_ldap.backend.LDAPBackend',
]
AUTH_LDAP_SERVER_URI = "ldap://127.0.0.1:389"
AUTH_LDAP_BIND_DN = 'cn=admin,dc=test'
AUTH_LDAP_BIND_PASSWORD = '******'
AUTH_LDAP_USER_SEARCH = LDAPSearch(
'ou=users,dc=test',
ldap.SCOPE_SUBTREE,
'(uid=%(user)s)',
)
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
#ldap
from django_auth_ldap.config import LDAPSearch, MemberDNGroupType
import ldap
AUTH_LDAP_SERVER_URI = 'ldap://***:389'
AUTH_LDAP_BIND_DN = "cn=root"
AUTH_LDAP_BIND_PASSWORD = "******"
# ldap
AUTH_LDAP_CONNECTION_OPTIONS = {ldap.OPT_REFERRALS: 0}
# 查询用户
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,cn=users,dc=enn,dc=com"
# 查找组
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("cn=ecloud,cn=groups, dc=enn, dc=com",
ldap.SCOPE_SUBTREE, "(objectClass=groupOfUniqueNames)"
)
AUTH_LDAP_GROUP_TYPE = MemberDNGroupType(member_attr='uniquemember', name_attr='cn')
# 设置组权限
AUTH_LDAP_REQUIRE_GROUP = "cn=ecloud,cn=groups,dc=enn,dc=com"
# AUTH_LDAP_DENY_GROUP = "cn=cloud,cn=groups,dc=enn,dc=com"
'''
# 验证 Django 的 User 的is_staff,is_active,is_superuser
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_staff": "cn=cloud,cn=groups,dc=enn,dc=com",
"is_active": "cn=cloud,cn=groups,dc=enn,dc=com",
"is_superuser": "******",
}
AUTH_LDAP_MIRROR_GROUPS = USE_LDAP_GROUPS
AUTH_LDAP_SERVER_URI = config.get('ldap', 'uri')
AUTH_LDAP_USER_BASE = config.get('ldap', 'userbase')
# Defaults to AUTH_LDAP_USER_BASE because it must be defined
AUTH_LDAP_GROUP_BASE = confget('ldap', 'groupbase', AUTH_LDAP_USER_BASE)
AUTH_LDAP_USER_FILTER = config.get('ldap', 'userfilter')
# Defaults to a bogus filter so that searching yields no errors in the log
AUTH_LDAP_GROUP_FILTER = confget('ldap', 'groupfilter',
'(objectClass=_fake)')
AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_BASE, ldap.SCOPE_SUBTREE,
AUTH_LDAP_USER_FILTER)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_BASE,
ldap.SCOPE_SUBTREE,
AUTH_LDAP_GROUP_FILTER)
# Defaults to PosixGroupType because it must match a pre-defined list of selections
AUTH_LDAP_GROUP_TYPE = getattr(
__import__('django_auth_ldap').config,
confget('ldap', 'grouptype', 'PosixGroupType'))()
# Booleans
AUTH_LDAP_ALLOW_PASSWORD_CHANGE = confgetbool('ldap', 'pwchange', False)
AUTH_LDAP_START_TLS = confgetbool('ldap', 'starttls', False)
# Decrease the get_updates timeout to 1 second.
# This allows frontend tests to proceed quickly to the next test step.
EVENT_QUEUE_LONGPOLL_TIMEOUT_SECONDS = 1
# Stores the messages in `django.core.mail.outbox` rather than sending them.
EMAIL_BACKEND = "django.core.mail.backends.locmem.EmailBackend"
# The test suite uses EmailAuthBackend
AUTHENTICATION_BACKENDS += ("zproject.backends.EmailAuthBackend", )
# Configure Google OAuth2
GOOGLE_OAUTH2_CLIENT_ID = "test_client_id"
# Makes testing LDAP backend require less mocking
AUTH_LDAP_ALWAYS_UPDATE_USER = False
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=zulip,dc=com",
ldap.SCOPE_ONELEVEL, "(uid=%(user)s)")
AUTH_LDAP_USERNAME_ATTR = "uid"
AUTH_LDAP_REVERSE_EMAIL_SEARCH = LDAPSearch("ou=users,dc=zulip,dc=com",
ldap.SCOPE_ONELEVEL,
"(mail=%(email)s)")
TEST_SUITE = True
RATE_LIMITING = False
RATE_LIMITING_AUTHENTICATE = False
# Don't use RabbitMQ from the test suite -- the user_profile_ids for
# any generated queue elements won't match those being used by the
# real app.
USING_RABBITMQ = False
CACHES["database"] = {
"BACKEND": "django.core.cache.backends.dummy.DummyCache",
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel(logging.DEBUG)
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
# Baseline configuration.
AUTH_LDAP_SERVER_URI = "ldap://ds.sbri.org"
AUTH_LDAP_BIND_DN = "AD Lookup"
AUTH_LDAP_BIND_PASSWORD = "******"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,ou=SBRI,dc=sbri,dc=org",
ldap.SCOPE_SUBTREE,
"(mailNickname=%(user)s)")
# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
"ou=Security Groups,ou=SBRI,dc=sbri,dc=org", ldap.SCOPE_SUBTREE,
"(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType(name_attr="cn")
# Simple group restrictions
# AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=django,ou=groups,dc=example,dc=com"
# AUTH_LDAP_DENY_GROUP = "cn=disabled,ou=django,ou=groups,dc=example,dc=com"
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
if LDAP_ENABLED:
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CERTDIR + LDAP_CACERTFILE)
ldap.set_option(ldap.OPT_X_TLS_CERTFILE, LDAP_CERTDIR + LDAP_CERTFILE)
ldap.set_option(ldap.OPT_X_TLS_KEYFILE, LDAP_CERTDIR + LDAP_KEYFILE)
# Baseline configuration.
AUTH_LDAP_SERVER_URI = os.getenv('AUTH_LDAP_SERVER_URI', '')
AUTH_LDAP_BIND_DN = os.getenv('AUTH_LDAP_BIND_DN', '')
AUTH_LDAP_BIND_PASSWORD = os.getenv('AUTH_LDAP_BIND_PASSWORD', '')
AUTH_LDAP_USER_SEARCH_STR = os.getenv('AUTH_LDAP_USER_SEARCH', '')
AUTH_LDAP_USER_SEARCH = LDAPSearch(
AUTH_LDAP_USER_SEARCH_STR, ldap.SCOPE_SUBTREE,
"(&(uid=%(user)s)(!(nsaccountlock=TRUE)))")
AUTH_LDAP_GROUP_SEARCH_STR = os.getenv('AUTH_LDAP_GROUP_SEARCH', '')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_STR,
ldap.SCOPE_SUBTREE,
"(objectClass=groupOfNames)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
EMAIL_USE_SSL = ( os.environ.get('EMAIL_USE_SSL', 'False') == 'True' )
EMAIL_GROUP_RECEIVE = os.environ.get('EMAIL_GROUP_RECEIVE', '*****@*****.**')
# Login Stuff
LOGIN_REDIRECT_URL = '/tasks'
LOGIN_URL = '/account/login/'
# LDAP Stuff
AUTH_LDAP_SERVER_URI = os.environ.get('LDAP_URL', '')
AUTH_LDAP_BIND_DN = os.environ.get('LDAP_BIND_DN', '')
AUTH_LDAP_BIND_PASSWORD = os.environ.get('LDAP_PASSWORD', '')
AUTH_LDAP_USER_SEARCH = LDAPSearch(os.environ.get('LDAP_SEARCH', ''),
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.0/howto/static-files/
STATIC_URL = '/static/'
REDIS_PASS = os.environ.get('REDIS_PASS', 'admin123')
CHANNEL_LAYERS = {
'default': {
'BACKEND': 'channels_redis.core.RedisChannelLayer',
'CONFIG': {
"hosts": ["redis://:" + REDIS_PASS + "@" + REDIS_HOST + ":6379/0"],
"symmetric_encryption_keys": [SECRET_KEY],
},
},
}
# LDAP
# Baseline configuration:
AUTH_LDAP_SERVER_URI = os.environ.get('AUTH_LDAP_SERVER_URI', False)
# Only use LDAP activation backend if there is an AUTH_LDAP_SERVER_URI
# configured in the OS ENV:
if AUTH_LDAP_SERVER_URI:
AUTHENTICATION_BACKENDS = [
'django_auth_ldap.backend.LDAPBackend',
]
AUTH_LDAP_BIND_DN = ''
AUTH_LDAP_BIND_PASSWORD = ''
AUTH_LDAP_USER_SEARCH = LDAPSearch(
'ou=people,dc=planetexpress,dc=com',
ldap.SCOPE_SUBTREE,
'(uid=%(user)s)',
)
#
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
# Giving the certificate path, does not work on OSx
# ldap.OPT_X_TLS_CACERTFILE : ROOT_DIR("../config/certificates/ldap.crt"),
}
# Direct bind to user's username
AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=Users,dc=sns,dc=ornl,dc=gov'
# Always update the user's fields into the database
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# Search to find the user's groups
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('ou=Groups,dc=sns,dc=ornl,dc=gov',
ldap.SCOPE_SUBTREE,
'(objectClass=posixGroup)')
AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr='cn')
# Mirror the LDAP groups to Django's groups
AUTH_LDAP_MIRROR_GROUPS = True
# Determine Django group permissions from LDAP groups
AUTH_LDAP_FIND_GROUP_PERMS = True
LDAP_ADMIN_GROUP = 'SNS_Neutron_dev'
# User flag groups from ldap
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
'is_active':
'cn=SNS_Neutron,ou=Groups,dc=sns,dc=ornl,dc=gov',
]
# Custom User Auth model
AUTH_USER_MODEL = 'users.User'
# Auth LDAP settings
if CONFIG.AUTH_LDAP:
AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend')
AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
# AUTH_LDAP_USER_DN_TEMPLATE = CONFIG.AUTH_LDAP_USER_DN_TEMPLATE
AUTH_LDAP_USER_SEARCH = LDAPSearch(
CONFIG.AUTH_LDAP_SEARCH_OU,
ldap.SCOPE_SUBTREE,
CONFIG.AUTH_LDAP_SEARCH_FILTER
)
AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
# Celery using redis as broker
BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/3' % {
'password': CONFIG.REDIS_PASSWORD if CONFIG.REDIS_PASSWORD else '',
'host': CONFIG.REDIS_HOST or '127.0.0.1',
'port': CONFIG.REDIS_PORT or 6379,
}
CELERY_RESULT_BACKEND = BROKER_URL
# TERMINAL_HEATBEAT_INTERVAL = CONFIG.TERMINAL_HEATBEAT_INTERVAL or 30
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
# Basis Konfiguration
AUTH_LDAP_SERVER_URI = "ldap://192.168.1.12"
AUTH_LDAP_BIND_DN = "LDAP_IPA"
AUTH_LDAP_BIND_PASSWORD = "******"
AUTH_LDAP_CONNECTION_OPTIONS = {ldap.OPT_DEBUG_LEVEL: 1, ldap.OPT_REFERRALS: 0}
# Standart Parameter setzen
AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=sbvg,DC=ch", ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=sbvg,DC=ch", ldap.SCOPE_SUBTREE,
"(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()
# Welche Attribute sollen ausgelesen werden.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
"""
AUTH_LDAP_CONTACT_ATTR_MAP = {
"salutation": "title",
"phone": "telephoneNumber",
"fax": "facsimileTelephoneNumber",
# job to pick up name changes made on your LDAP server.
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
# URI of your LDAP server. If set, LDAP is used to prepopulate a user's name in
# Zulip. Example: "ldaps://ldap.example.com"
AUTH_LDAP_SERVER_URI = ""
# This DN will be used to bind to your server. If unset, anonymous
# binds are performed. If set, you need to specify the password as
# 'auth_ldap_bind_password' in zulip-secrets.conf.
AUTH_LDAP_BIND_DN = ""
# Specify the search base and the property to filter on that corresponds to the
# username.
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
# If the value of a user's "uid" (or similar) property is not their email
# address, specify the domain to append here.
LDAP_APPEND_DOMAIN = None # type: str
# This map defines how to populate attributes of a Zulip user from LDAP.
AUTH_LDAP_USER_ATTR_MAP = {
# Populate the Django user's name from the LDAP directory.
"full_name": "cn",
}
# The default CAMO_URI of '/external_content/' is served by the camo
# setup in the default Voyager nginx configuration. Setting CAMO_URI
# to '' will disable the Camo integration.
CAMO_URI = '/external_content/'
STATIC_URL = '/static/'
REST_FRAMEWORK = {
#'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',),
'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.AllowAny',),
#'PAGINATE_BY': 10
}
AUTH_LDAP_SERVER_URI = "ldaps://ldap.company.com:636"
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_X_TLS_CACERTFILE: "/etc/openldap/certs/ca.pem"
}
AUTH_LDAP_BIND_DN = "cn=user,ou=group,dc=company,dc=com"
AUTH_LDAP_BIND_PASSWORD = "******"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=people,dc=company,dc=com",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=company,dc=com",
ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
# ops get superuser
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_staff": "cn=operators,ou=groups,dc=company,dc=com",
"is_superuser": "******"
}
## Cache group memberships for an hour to minimize LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
