def _search_for_user_dn(self):
"""
This method was overridden because the AUTH_LDAP_USER_SEARCH
configuration in the settings.py file
is configured with a `lambda` problem value
"""
user_search_union = [
LDAPSearch(
USER_SEARCH, ldap.SCOPE_SUBTREE,
settings.AUTH_LDAP_SEARCH_FILTER
)
for USER_SEARCH in str(settings.AUTH_LDAP_SEARCH_OU).split("|")
]
search = LDAPSearchUnion(*user_search_union)
if search is None:
raise ImproperlyConfigured(
'AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance.'
)
results = search.execute(self.connection, {'user': self._username})
if results is not None and len(results) == 1:
(user_dn, self._user_attrs) = next(iter(results))
else:
user_dn = None
return user_dn
def _search_for_user_dn(self):
"""
This method was overridden because the AUTH_LDAP_USER_SEARCH
configuration in the settings.py file
is configured with a `lambda` problem value
"""
user_search_union = [
LDAPSearch(
USER_SEARCH, ldap.SCOPE_SUBTREE,
settings.AUTH_LDAP_SEARCH_FILTER
)
for USER_SEARCH in str(settings.AUTH_LDAP_SEARCH_OU).split("|")
]
search = LDAPSearchUnion(*user_search_union)
if search is None:
raise ImproperlyConfigured(
'AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance.'
)
results = search.execute(self.connection, {'user': self._username})
if results is not None and len(results) == 1:
(user_dn, self._user_attrs) = next(iter(results))
else:
user_dn = None
return user_dn
def _search_for_user_dn(self):
user_search_union = [
LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE,
settings.AUTH_LDAP_SEARCH_FILTER)
for USER_SEARCH in str(settings.AUTH_LDAP_SEARCH_OU).split("|")
]
search = LDAPSearchUnion(*user_search_union)
if search is None:
raise ImproperlyConfigured(
'AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance.')
results = search.execute(self.connection, {'user': self._username})
if results is not None and len(results) == 1:
(user_dn, self._user_attrs) = next(iter(results))
else:
user_dn = None
return user_dn
def __init__(self, prefix='AUTH_LDAP_', defaults={}):
"""
Loads our settings from django.conf.settings, applying defaults for any
that are omitted.
"""
self._prefix = prefix
defaults = dict(self.defaults, **defaults)
for name, default in defaults.items():
value = getattr(django.conf.settings, prefix + name, default)
setattr(self, name, value)
ssoldap = LDAP.objects.filter(status=0).first()
setattr(self, "USER_SEARCH", LDAPSearchUnion())
if ssoldap:
setattr(self, "SERVER_URI", ssoldap.server_uri)
setattr(self, "BIND_DN", ssoldap.bind_dn)
setattr(self, "BIND_PASSWORD", ssoldap.password)
authDN = [
LDAPSearch(unicode(dn), ldap.SCOPE_SUBTREE,
ssoldap.user_filter)
for dn in ssoldap.user_ou.split("\n")
]
setattr(self, "USER_SEARCH", LDAPSearchUnion(*authDN))
# Compatibility with old caching settings.
if getattr(django.conf.settings, self._name('CACHE_GROUPS'),
defaults.get('CACHE_GROUPS')):
warnings.warn(
'Found deprecated setting AUTH_LDAP_CACHE_GROUP. Use '
'AUTH_LDAP_CACHE_TIMEOUT instead.',
DeprecationWarning,
)
self.CACHE_TIMEOUT = getattr(
django.conf.settings,
self._name('GROUP_CACHE_TIMEOUT'),
defaults.get('GROUP_CACHE_TIMEOUT', 3600),
)
def test_union_search(self):
self._init_settings(
USER_SEARCH=LDAPSearchUnion(
LDAPSearch("ou=groups,o=test", ldap.SCOPE_SUBTREE, '(uid=%(user)s)'),
LDAPSearch("ou=people,o=test", ldap.SCOPE_SUBTREE, '(uid=%(user)s)'),
)
)
alice = self.backend.authenticate(username='******', password='******')
self.assertTrue(alice is not None)
self.assertEqual(
self.ldapobj.methods_called(),
['initialize', 'simple_bind_s', 'search', 'search', 'result',
'result', 'simple_bind_s']
)
def test_nested_group_union(self):
self._init_settings(
USER_DN_TEMPLATE='uid=%(user)s,ou=people,o=test',
GROUP_SEARCH=LDAPSearchUnion(
LDAPSearch('ou=groups,o=test', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)'),
LDAPSearch('ou=moregroups,o=test', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)')
),
GROUP_TYPE=NestedMemberDNGroupType(member_attr='member'),
REQUIRE_GROUP="cn=other_gon,ou=moregroups,o=test"
)
alice = self.backend.authenticate(username='******', password='******')
bob = self.backend.authenticate(username='******', password='******')
self.assertTrue(alice is None)
self.assertTrue(bob is not None)
self.assertEqual(bob.ldap_user.group_names, set(['other_gon']))
def to_internal_value(self, data):
data = super(LDAPSearchUnionField, self).to_internal_value(data)
if len(data) == 0:
return None
if len(data) == 3 and isinstance(data[0], str):
return self.ldap_search_field_class().run_validation(data)
else:
search_args = []
for i in range(len(data)):
if not isinstance(data[i], list):
raise ValidationError('In order to ultilize LDAP Union, input element No. %d' ' should be a search query array.' % (i + 1))
try:
search_args.append(self.ldap_search_field_class().run_validation(data[i]))
except Exception as e:
if hasattr(e, 'detail') and isinstance(e.detail, list):
e.detail.insert(0, "Error parsing LDAP Union element No. %d:" % (i + 1))
raise e
return LDAPSearchUnion(*search_args)
def refresh_setting(self):
setattr(settings, self.name, self.cleaned_value)
if self.name == "AUTH_LDAP":
if self.cleaned_value and settings.AUTH_LDAP_BACKEND not in settings.AUTHENTICATION_BACKENDS:
settings.AUTHENTICATION_BACKENDS.insert(
0, settings.AUTH_LDAP_BACKEND)
elif not self.cleaned_value and settings.AUTH_LDAP_BACKEND in settings.AUTHENTICATION_BACKENDS:
settings.AUTHENTICATION_BACKENDS.remove(
settings.AUTH_LDAP_BACKEND)
if self.name == "AUTH_LDAP_SEARCH_FILTER":
settings.AUTH_LDAP_USER_SEARCH_UNION = [
LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE,
settings.AUTH_LDAP_SEARCH_FILTER)
for USER_SEARCH in str(settings.AUTH_LDAP_SEARCH_OU).split("|")
]
settings.AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
*settings.AUTH_LDAP_USER_SEARCH_UNION)
def test_union_search(self):
self._init_settings(
USER_SEARCH=LDAPSearchUnion(
LDAPSearch("ou=groups,o=test", self.mock_ldap.SCOPE_SUBTREE, '(uid=%(user)s)'),
LDAPSearch("ou=people,o=test", self.mock_ldap.SCOPE_SUBTREE, '(uid=%(user)s)'),
)
)
self.mock_ldap.set_return_value('search_s',
("ou=groups,o=test", 2, "(uid=alice)", None, 0), [])
self.mock_ldap.set_return_value('search_s',
("ou=people,o=test", 2, "(uid=alice)", None, 0), [self.alice])
alice = self.backend.authenticate(username='******', password='******')
self.assert_(alice is not None)
self.assertEqual(self.mock_ldap.ldap_methods_called(),
['initialize', 'simple_bind_s', 'search', 'search', 'result',
'result', 'simple_bind_s'])
def _dict_to_configs(self, new_configs):
"""
Turn given dictionary into self.configs.
Clears all previous settings.
:param new_configs: dictionary of new configs; values should be booleans or strings
:return:
"""
self.configs = {}
for k, v in new_configs.items():
k = k.upper()
if v == "":
continue
if k == 'AUTH_LDAP_ENABLED':
self.enabled = bool(v)
# Also treat AUTH_LDAP_USER_FLAGS_BY_GROUP_IS_STAFF or _IS_SUPERUSER differently
elif k == 'AUTH_LDAP_USER_FLAGS_BY_GROUP_IS_STAFF':
group_flags = self.configs.get('AUTH_LDAP_USER_FLAGS_BY_GROUP',
{})
group_flags['is_staff'] = v
self.configs['AUTH_LDAP_USER_FLAGS_BY_GROUP'] = group_flags
elif k == 'AUTH_LDAP_USER_FLAGS_BY_GROUP_IS_SUPERUSER':
group_flags = self.configs.get('AUTH_LDAP_USER_FLAGS_BY_GROUP',
{})
group_flags['is_superuser'] = v
self.configs['AUTH_LDAP_USER_FLAGS_BY_GROUP'] = group_flags
# AUTH_LDAP_GROUP_MAPPING and AUTH_LDAP_USER_ATTR_MAP should be imported as json
elif k in LDAPSettings.JSON_FIELDS:
try:
self.configs[k] = json.loads(v)
except json.JSONDecodeError:
self.errors[k] = 'This field is not in json form'
else:
self.configs[k] = v
if LDAPSettings.LDAP_IMPORT_SUCCESS:
# Import AUTH_LDAP_USER_SEARCH as LDAPSearchUnion
if "AUTH_LDAP_USER_SEARCH" in self.configs:
temp = self.configs["AUTH_LDAP_USER_SEARCH"]
ldap_searches = []
for el in temp:
ldap_searches.append(
LDAPSearch(el["search"], ldap.SCOPE_SUBTREE,
el["filter"]))
self.configs["AUTH_LDAP_USER_SEARCH"] = LDAPSearchUnion(
*ldap_searches)
# Import AUTH_LDAP_GROUP_SEARCH as LDAPSearch
temp = new_configs.get('AUTH_LDAP_GROUP_TYPE', '').lower()
group_type = None
if temp == 'groupofnames':
group_type = 'groupOfNames'
elif temp == 'posixgroup':
group_type = 'posixGroup'
group_search_dn = new_configs.get('AUTH_LDAP_GROUP_SEARCH', None)
if group_search_dn and group_type:
self.configs['AUTH_LDAP_GROUP_SEARCH'] = LDAPSearch(
group_search_dn, ldap.SCOPE_SUBTREE,
"(objectClass={})".format(group_type))
# import AUTH_LDAP_GROUP_TYPE and AUTH_LDAP_GROUP_TYPE_NAME_ATTR as object
name_attr = new_configs.get('AUTH_LDAP_GROUP_TYPE_NAME_ATTR', None)
if group_type == 'groupOfNames':
self.configs['AUTH_LDAP_GROUP_TYPE'] = GroupOfNamesType() \
if name_attr is None else GroupOfNamesType(name_attr=name_attr)
elif group_type == 'posixGroup':
self.configs['AUTH_LDAP_GROUP_TYPE'] = PosixGroupType() \
if name_attr is None else PosixGroupType(name_attr=name_attr)
else:
if 'AUTH_LDAP_GROUP_TYPE' in self.configs:
del self.configs['AUTH_LDAP_GROUP_TYPE']
from corsheaders.defaults import default_headers
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 1,
ldap.OPT_REFERRALS: 0,
}
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, os.getcwd()+"/certificate.pem")
AUTH_LDAP_SERVER_URI = os.environ.get('LDAP_HOST')
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch("ou=people,o=unal.edu.co",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)"),
LDAPSearch("ou=institucional,o=bogota,o=unal.edu.co",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)"),
LDAPSearch("ou=dependencia,o=bogota,o=unal.edu.co",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)"),
LDAPSearch("ou=Institucional,o=bogota,o=unal.edu.co",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)"),
LDAPSearch("ou=Dependencia,o=bogota,o=unal.edu.co",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)"),
)
AUTH_LDAP_ALWAYS_UPDATE_USER = False
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
#AUTH_LDAP_START_TLS = True
MAIN_DN = "dc=ldap,dc=example,dc=com"
USERS_DN = "cn=users," + MAIN_DN
GROUPS_DN = "cn=groups," + MAIN_DN
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s," + USERS_DN
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
AUTH_LDAP_GROUP_SEARCH = LDAPSearchUnion(
LDAPSearch(GROUPS_DN, ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"), )
# Use the correct group to map to django groups
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "cn=django_users," + GROUPS_DN,
"is_staff": "cn=django_staff," + GROUPS_DN,
"is_superuser": "******" + GROUPS_DN,
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True
# Cache distinguished names and group memberships for an hour to minimize
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
]
AUTH_LDAP_SERVER_URI = "ldap://ldap.example.com"
# If you wanna use starttls, set this option
# AUTH_LDAP_START_TLS = True
# Specify if you want to use tls/ssl
# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch("ou=User1,dc=ldap,dc=example,dc=com", ldap.SCOPE_SUBTREE,
"(cn=%(user)s)"),
LDAPSearch("ou=User2,dc=ldap,dc=example,dc=com", ldap.SCOPE_SUBTREE,
"(cn=%(user)s)"))
AUTH_LDAP_CACHE_TIMEOUT = 3600
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Groups,dc=ldap,dc=example,dc=com",
ldap.SCOPE_SUBTREE,
"(objectClass=groupOfNames)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_staff": "cn=superuser,ou=Groups,dc=example,dc=com",
"is_superuser": "******",
}
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.11/howto/static-files/
STATIC_URL = '/static/'
AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend', )
if config.get_value("LDAP_ENABLED"):
print('LDAP authentication enabled')
AUTH_LDAP_SERVER_URI = config.get_value('AUTH_LDAP_SERVER_URI')
AUTH_LDAP_BIND_DN = config.get_value('AUTH_LDAP_BIND_DN')
AUTH_LDAP_BIND_PASSWORD = config.get_value('AUTH_LDAP_BIND_PASSWORD')
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch("cn=Users,dc=devfactory,dc=local", ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)"),
LDAPSearch("ou=Users,ou=Aurea,dc=devfactory,dc=local",
ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"),
)
# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("cn=Users,dc=devfactory,dc=local",
ldap.SCOPE_SUBTREE,
"(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType(name_attr="cn")
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
return filter_string
FILTER_BASE = '(sAMAccountName=%(user)s)'
FILTER_ADMINS = get_filter_string(FILTER_BASE, memberOf='CN=CMS Administrators,OU=Media Relations & Marketing,OU=Administration,OU=Staff,DC=rca,DC=ac,DC=uk')
FILTER_MODS = get_filter_string(FILTER_BASE, memberOf='CN=CMS Moderators,OU=Media Relations & Marketing,OU=Administration,OU=Staff,DC=rca,DC=ac,DC=uk')
FILTER_EDITORS = get_filter_string(FILTER_BASE, memberOf='CN=CMS Editors,OU=Media Relations & Marketing,OU=Administration,OU=Staff,DC=rca,DC=ac,DC=uk')
FILTER_VISITORS = get_filter_string(FILTER_BASE, memberOf='CN=CMS Visitors,OU=Media Relations & Marketing,OU=Administration,OU=Staff,DC=rca,DC=ac,DC=uk')
# Roles
ROLE_ADMIN = dict(superuser=True, groups=[])
ROLE_MOD = dict(superuser=False, groups=['Moderators'])
ROLE_EDITOR = dict(superuser=False, groups=['Editors'])
ROLE_STUDENT = dict(superuser=False, groups=['Students'])
ROLE_USER = dict(superuser=False, groups=[])
# Distinguished names
STAFF_DN = 'OU=Staff,DC=rca,DC=ac,DC=uk'
STUDENTS_DN = 'OU=Students,DC=rca,DC=ac,DC=uk'
# Search
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
# Staff
LDAPSearchRCA(STAFF_DN, ldap.SCOPE_SUBTREE, FILTER_ADMINS, role=ROLE_ADMIN),
LDAPSearchRCA(STAFF_DN, ldap.SCOPE_SUBTREE, FILTER_MODS, role=ROLE_MOD),
LDAPSearchRCA(STAFF_DN, ldap.SCOPE_SUBTREE, FILTER_EDITORS, role=ROLE_EDITOR),
#LDAPSearchRCA(STAFF_DN, ldap.SCOPE_SUBTREE, FILTER_VISITORS, role=ROLE_USER),
# Students
LDAPSearchRCA(STUDENTS_DN, ldap.SCOPE_SUBTREE, FILTER_BASE, role=ROLE_STUDENT),
)
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
AUTH_LDAP_SERVER_URI = env('LDAP_SERVER', 'ldap://localhost')
AUTH_LDAP_BIND_DN = env('LDAP_BIND_DN', '')
AUTH_LDAP_BIND_PASSWORD = env('LDAP_BIND_PASSWORD', '')
SENTRY_MANAGED_USER_FIELDS = (
'email',
'first_name',
'last_name',
'password',
)
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch(env('LDAP_USER_DN'), ldap.SCOPE_SUBTREE, "(uid=%(user)s)"),
LDAPSearch(env('LDAP_USER_DN'), ldap.SCOPE_SUBTREE, "(mail=%(user)s)"),
)
AUTH_LDAP_USER_ATTR_MAP = {'name': 'cn', 'email': 'mail'}
AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = env('LDAP_DEFAULT_SENTRY_ORGANIZATION',
'eea')
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_SENTRY_USERNAME_FIELD = 'uid'
AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
'sentry_ldap_auth.backend.SentryLdapBackend', )
#
# BVD LDAP Configuration File
# Add the appropriate values to this file to match your LDAP configuration
#
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
# LDAPSearch(args),
)
import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel(logging.DEBUG)
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_SERVER_URI = ""
AUTH_LDAP_USER_ATTR_MAP = {
"username" : "",
"first_name": "",
"last_name": "",
"email": ""
}
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_SERVER_URI = "{{cookiecutter.ldap_server}}"
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch("{{cookiecutter.ldap_user_dn}}", ldap.SCOPE_SUBTREE,
"(uid=%(user)s)"))
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_PROFILE_ATTR_MAP = {}
AUTH_LDAP_ALWAYS_UPDATE_USER = True
'django_auth_ldap.backend.LDAPBackend', # 配置为先使用LDAP认证,如通过认证则不再使用后面的认证方式
'django.contrib.auth.backends.ModelBackend', # 同时打开本地认证,因为下游系统的权限和组关系需要用到
)
AUTH_LDAP_SERVER_URI = 'ldap://lj-nuc-ldap.lianjia.com:389'
AUTH_LDAP_BIND_DN = 'CN=ldapauth,OU=Sysusers,DC=ljstaff,DC=com'
AUTH_LDAP_BIND_PASSWORD = '******'
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch('ou=链家网,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE,
"(&(objectClass=person)(sAMAccountName=%(user)s))"),
LDAPSearch('ou=链家,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE,
"(&(objectClass=person)(sAMAccountName=%(user)s))"),
LDAPSearch('ou=贝壳,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE,
"(&(objectClass=person)(sAMAccountName=%(user)s))"),
LDAPSearch('ou=新房平台,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE,
"(&(objectClass=person)(sAMAccountName=%(user)s))"),
LDAPSearch('ou=经纪平台,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE,
"(&(objectClass=person)(sAMAccountName=%(user)s))"),
LDAPSearch('ou=交易平台,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE,
"(&(objectClass=person)(sAMAccountName=%(user)s))"),
LDAPSearch('ou=租赁平台,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE,
"(&(objectClass=person)(sAMAccountName=%(user)s))"),
LDAPSearch('ou=楼盘字典,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE,
"(&(objectClass=person)(sAMAccountName=%(user)s))"),
)
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "cn", "email": "mail"}
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=mailground,DC=ljstaff,DC=com",
ldap.SCOPE_SUBTREE,
"(objectClass=group)") #搜>
try:
AUTH_LDAP_USER_SEARCH_BASE = env.str("AUTH_LDAP_USER_SEARCH_BASE")
AUTH_LDAP_USER_SEARCH = LDAPSearch(
AUTH_LDAP_USER_SEARCH_BASE,
ldap.SCOPE_SUBTREE,
AUTH_LDAP_USER_SEARCH_USER_TEMPLATE,
)
except environ.ImproperlyConfigured:
AUTH_LDAP_USER_SEARCH_BASE_LIST = env.list(
"AUTH_LDAP_USER_SEARCH_BASE_LIST")
searches = [
LDAPSearch(x, ldap.SCOPE_SUBTREE,
AUTH_LDAP_USER_SEARCH_USER_TEMPLATE)
for x in AUTH_LDAP_USER_SEARCH_BASE_LIST
]
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*searches)
AUTH_LDAP_USER_ATTR_MAP = env.dict(
"AUTH_LDAP_USER_ATTR_MAP",
default={
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
},
)
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_CACHE_TIMEOUT = 0
AUTHENTICATION_BACKENDS.insert(
AUTHENTICATION_BACKENDS.index(
###########
# Binding and connection options
AUTH_LDAP_SERVER_URI = os.environ.get('LDAP_HOST')
AUTH_LDAP_BIND_DN = os.environ.get('LDAP_BIND_DN')
AUTH_LDAP_BIND_PASSWORD = os.environ.get('LDAP_BIND_PASSWORD')
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 0,
ldap.OPT_REFERRALS: 0,
ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
}
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch(
"""OU=Users,OU=RH,OU=Region Hovedstaden, DC=regionh,DC=top,DC=local""",
ldap.SCOPE_SUBTREE, "(BamUserId=%(user)s)"),
LDAPSearch(
"""OU=Service brugere,OU=RegionH Administration,DC=regionh,DC=top,DC=local""",
ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"))
# Search for groups
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
"""OU=GeM,OU=Ressource Grupper,
OU=FAELLES Administration,
OU=Region Hovedstaden,
DC=regionh,DC=top,DC=local""",
ldap.SCOPE_SUBTREE, "(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_USER_ATTR_MAP = {
]
LDAP_USER_ATTR_MAP = env.list("LDAP_USER_ATTR_MAP", default=DEFAULT_USER_ATTR_MAP)
AUTH_LDAP_USER_ATTR_MAP = {}
for m in LDAP_USER_ATTR_MAP:
funkwhale_field, ldap_field = m.split(":")
AUTH_LDAP_USER_ATTR_MAP[funkwhale_field.strip()] = ldap_field.strip()
# Determine root DN supporting multiple root DNs
AUTH_LDAP_ROOT_DN = env("LDAP_ROOT_DN")
AUTH_LDAP_ROOT_DN_LIST = []
for ROOT_DN in AUTH_LDAP_ROOT_DN.split():
AUTH_LDAP_ROOT_DN_LIST.append(
LDAPSearch(ROOT_DN, ldap.SCOPE_SUBTREE, AUTH_LDAP_SEARCH_FILTER)
)
# Search for the user in all the root DNs
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*AUTH_LDAP_ROOT_DN_LIST)
# Search for group types
LDAP_GROUP_DN = env("LDAP_GROUP_DN", default="")
if LDAP_GROUP_DN:
AUTH_LDAP_GROUP_DN = LDAP_GROUP_DN
# Get filter
AUTH_LDAP_GROUP_FILTER = env("LDAP_GROUP_FILER", default="")
# Search for the group in the specified DN
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
AUTH_LDAP_GROUP_DN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_FILTER
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
# Configure basic group support
LDAP_REQUIRE_GROUP = env("LDAP_REQUIRE_GROUP", default="")
def _process_cfg(cls):
cls.AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
*[LDAPSearch(x[0], getattr(ldap, x[1]), x[2]) for x in cls.AUTH_LDAP_USER_SEARCHES]
)
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
from .app import *
# UofM Active Directory LDAP
AUTH_LDAP_SERVER_URI = "ldap://ldap.ad.umanitoba.ca"
AUTH_LDAP_BIND_DN = "DN_USERNAME"
AUTH_LDAP_BIND_PASSWORD = "******"
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
# allow staff username logins:
LDAPSearch("dc=ad,dc=umanitoba,dc=ca", ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)"),
# allow student username logins:
# LDAPSearch("dc=ad,dc=umanitoba,dc=ca", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s-INS)"),
# allow principle logins:
# LDAPSearch("dc=ad,dc=umanitoba,dc=ca", ldap.SCOPE_SUBTREE, "(userPrincipalName=%(user)s)"),
)
# AUTH_LDAP_START_TLS = True
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 0,
ldap.OPT_REFERRALS: 0, # Required for AD,
# source: https://www.djm.org.uk/using-django-auth-ldap-active-directory-ldaps/
# retrieved 2016-Feb-3
}
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
AUTH_LDAP_SERVER_URI = 'ldap://192.168.1.17'
AUTH_LDAP_PERMIT_EMPTY_PASSWORD = False
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch('ASDFA', ldap.SCOPE_SUBTREE, '(XADF=%(user)s)'),
LDAPSearch('ASDFA', ldap.SCOPE_SUBTREE, '(ASDF=%(user)s)'),
LDAPSearch('FFF', ldap.SCOPE_SUBTREE, '(RER=%(user)s)'),
LDAPSearch('123', ldap.SCOPE_SUBTREE, '(cvcd=%(user)s)'),
)
https://docs.djangoproject.com/en/3.0/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/3.0/ref/settings/
"""
import os
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion, ActiveDirectoryGroupType
AUTH_LDAP_SERVER_URI = "ldap://core1.cons.tsk.ru"
AUTH_LDAP_BIND_DN = "CN=x_glpi,OU=Net_Logins,OU=Resources_and_Services,DC=cons,DC=tsk,DC=ru"
AUTH_LDAP_BIND_PASSWORD = "******"
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch("OU=Net_Logins,OU=Resources_and_Services,DC=cons,DC=tsk,DC=ru", ldap.SCOPE_SUBTREE, "sAMAccountName=%(user)s"),
LDAPSearch("ou=CONSULTANT,dc=cons,dc=tsk,dc=ru", ldap.SCOPE_SUBTREE, "sAMAccountName=%(user)s"),
)
#AUTH_LDAP_START_TLS = True
AUTH_LDAP_USER_ATTR_MAP = {
"username": "******",
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
"OU=Net_Groups,OU=Resources_and_Services,DC=cons,DC=tsk,DC=ru", ldap.SCOPE_SUBTREE, "(objectCategory=Group)"
)
# LDAP settings
AUTH_LDAP_SERVER_URI = env('LDAP_SERVER_URI', 'ldap_server')
AUTH_LDAP_BIND_DN = env('LDAP_BIND_DN', 'ldap_bind')
AUTH_LDAP_BIND_PASSWORD = env('LDAP_BIND_PASSWORD', 'ldap_password')
AUTH_LDAP_ALWAYS_UPDATE_USER = False
AUTH_LDAP_AUTHORIZE_ALL_USERS = True
AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_MIRROR_GROUPS = False
AUTH_LDAP_CACHE_GROUPS = False
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch("DC=corporateict,DC=domain", ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)"),
LDAPSearch("DC=corporateict,DC=domain", ldap.SCOPE_SUBTREE,
"(mail=%(user)s)"),
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=corporateict,DC=domain",
ldap.SCOPE_SUBTREE, "(objectClass=group)")
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: False,
ldap.OPT_REFERRALS: False,
}
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
AUTH_LDAP_USER_ATTR_MAP = {
'first_name': "givenName",
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion, GroupOfNamesType
# LDAP settings.
AUTH_LDAP_SERVER_URI = LDAP_SERVER_URI
AUTH_LDAP_BIND_DN = LDAP_ACCESS_DN
AUTH_LDAP_BIND_PASSWORD = LDAP_ACCESS_PASSWORD
AUTH_LDAP_ALWAYS_UPDATE_USER = False
AUTH_LDAP_AUTHORIZE_ALL_USERS = True
AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_MIRROR_GROUPS = False
AUTH_LDAP_CACHE_GROUPS = False
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch('{}'.format(LDAP_SEARCH_SCOPE),
ldap.SCOPE_SUBTREE,
'(sAMAccountName=%(user)s)'),
LDAPSearch('{}'.format(LDAP_SEARCH_SCOPE),
ldap.SCOPE_SUBTREE,
'(mail=%(user)s)'),
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
'{}'.format(LDAP_SEARCH_SCOPE),
ldap.SCOPE_SUBTREE, '(objectClass=group)'
)
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: False,
ldap.OPT_REFERRALS: False,
}
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn')
AUTH_LDAP_USER_ATTR_MAP = {
'first_name': 'givenName',
'last_name': 'sn',
###################below is the LDAP configration#############################
AUTH_LDAP_SERVER_URI = "ldap://10.10.7.120:389"
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 1,
ldap.OPT_REFERRALS: 0,
}
ad_name = 'CN=徐德东,OU=IT部,OU=世纪高蓝,DC=goland,DC=cn'.decode("utf-8")
search_ad = 'OU=世纪高蓝,DC=goland,DC=cn'.decode("utf-8")
AUTH_LDAP_BIND_DN = ad_name
AUTH_LDAP_BIND_PASSWORD = "******"
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch(search_ad, ldap.SCOPE_SUBTREE,
"(&(objectClass=user)(mail=%(user)s))"),
LDAPSearch(search_ad, ldap.SCOPE_SUBTREE,
"(&(objectClass=user)(sAMAccountName=%(user)s))"),
)
AUTH_LDAP_USER_ATTR_MAP = {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail',
}
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_USER_MODEL = 'users.User'
# Auth LDAP settings
AUTH_LDAP = CONFIG.AUTH_LDAP
AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
AUTH_LDAP_SEARCH_OU = CONFIG.AUTH_LDAP_SEARCH_OU
AUTH_LDAP_SEARCH_FILTER = CONFIG.AUTH_LDAP_SEARCH_FILTER
AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
AUTH_LDAP_USER_SEARCH_UNION = [
LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE, AUTH_LDAP_SEARCH_FILTER)
for USER_SEARCH in str(AUTH_LDAP_SEARCH_OU).split("|")
]
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*AUTH_LDAP_USER_SEARCH_UNION)
AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
AUTH_LDAP_GROUP_SEARCH_OU, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
)
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_TIMEOUT: 5
}
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 1
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_BACKEND = 'django_auth_ldap.backend.LDAPBackend'
if AUTH_LDAP:
AUTHENTICATION_BACKENDS.insert(0, AUTH_LDAP_BACKEND)
# Keep local password for users to be required to proveide their old password on change
AUTH_LDAP_SET_USABLE_PASSWORD = _settings.get("ldap.handle_passwords", True)
# Keep bound as the authenticating user
# Ensures proper read permissions, and ability to change password without admin
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
# The TOML config might contain either one table or an array of tables
_AUTH_LDAP_USER_SETTINGS = _settings.get("ldap.users.search")
if not isinstance(_AUTH_LDAP_USER_SETTINGS, list):
_AUTH_LDAP_USER_SETTINGS = [_AUTH_LDAP_USER_SETTINGS]
# Search attributes to find users by username
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
*[
LDAPSearch(entry["base"], ldap.SCOPE_SUBTREE, entry.get("filter", "(uid=%(user)s)"),)
for entry in _AUTH_LDAP_USER_SETTINGS
]
)
# Mapping of LDAP attributes to Django model fields
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": _settings.get("ldap.users.map.first_name", "givenName"),
"last_name": _settings.get("ldap.users.map.last_name", "sn"),
"email": _settings.get("ldap.users.map.email", "mail"),
}
# Discover flags by LDAP groups
if _settings.get("ldap.groups.search", None):
group_type = _settings.get("ldap.groups.type", "groupOfNames")
# The TOML config might contain either one table or an array of tables
