AUTH_LDAP_BIND_DN = config('LDAP_BIND_DN', default='')
AUTH_LDAP_BIND_PASSWORD = config('LDAP_BIND_PASSWORD', default='')
AUTH_LDAP_USER_SEARCH = LDAPSearch(
config('LDAP_USER_DN'), ldap.SCOPE_SUBTREE,
config('LDAP_USER_FILTER',
default='(&(objectClass=inetOrgPerson)(cn=%(user)s))'))
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
config('LDAP_GROUP_DN', default=''), ldap.SCOPE_SUBTREE,
config('LDAP_GROUP_FILTER',
default='(objectClass=groupOfUniqueNames)'))
if config('LDAP_GROUP_TYPE', default='') == 'groupOfUniqueNames':
AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
elif config('LDAP_GROUP_TYPE', default='') == 'posixGroup':
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
elif config('LDAP_GROUP_TYPE', default='') == 'nestedGroupOfNames':
AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()
AUTH_LDAP_REQUIRE_GROUP = config('LDAP_REQUIRE_GROUP', default=None)
AUTH_LDAP_DENY_GROUP = config('LDAP_DENY_GROUP', default=None)
AUTH_LDAP_USER_ATTR_MAP = {
'username': config('LDAP_SENTRY_USER_FIELD', default='mail'),
'name': config('LDAP_MAP_FULL_NAME', default='cn'),
'email': config('LDAP_MAP_MAIL', default='mail')
}
AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = 'Locaweb'
"username": "******",
"name": "displayName",
"email": "mail",
# "first_name": "givenName",
# "last_name": "sn",
}
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# # 通过组进行权限控制
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
'cn=xxx,ou=group,dc=xxx,dc=com', ldap.SCOPE_SUBTREE,
'(&(objectclass=groupOfUniqueNames) \
(uniqueMember=%(user)s))')
AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType(name_attr="cn")
# 组的DN 作用: 只有指定组的用户可以访问
AUTH_LDAP_REQUIRE_GROUP = "cn=xxx,ou=xxx,dc=xxx,dc=com"
# 导入用户的组信息
# AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 600
# is_staff:这个组里的成员可以登录;is_superuser:组成员是django admin的超级管理员;is_active:组成员可以登录django admin后台,但是无权限查看后台内容
# AUTH_LDAP_USER_FLAGS_BY_GROUP = {
# "is_staff": "cn=xxx,ou=group,DC=xxx,DC=com",
# # "is_superuser": "******",
# }
