def _search_for_user_dn(self): """ This method was overridden because the AUTH_LDAP_USER_SEARCH configuration in the settings.py file is configured with a `lambda` problem value """ user_search_union = [ LDAPSearch( USER_SEARCH, ldap.SCOPE_SUBTREE, settings.AUTH_LDAP_SEARCH_FILTER ) for USER_SEARCH in str(settings.AUTH_LDAP_SEARCH_OU).split("|") ] search = LDAPSearchUnion(*user_search_union) if search is None: raise ImproperlyConfigured( 'AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance.' ) results = search.execute(self.connection, {'user': self._username}) if results is not None and len(results) == 1: (user_dn, self._user_attrs) = next(iter(results)) else: user_dn = None return user_dn
def _search_for_user_dn(self): user_search_union = [ LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE, settings.AUTH_LDAP_SEARCH_FILTER) for USER_SEARCH in str(settings.AUTH_LDAP_SEARCH_OU).split("|") ] search = LDAPSearchUnion(*user_search_union) if search is None: raise ImproperlyConfigured( 'AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance.') results = search.execute(self.connection, {'user': self._username}) if results is not None and len(results) == 1: (user_dn, self._user_attrs) = next(iter(results)) else: user_dn = None return user_dn
def __init__(self, prefix='AUTH_LDAP_', defaults={}): """ Loads our settings from django.conf.settings, applying defaults for any that are omitted. """ self._prefix = prefix defaults = dict(self.defaults, **defaults) for name, default in defaults.items(): value = getattr(django.conf.settings, prefix + name, default) setattr(self, name, value) ssoldap = LDAP.objects.filter(status=0).first() setattr(self, "USER_SEARCH", LDAPSearchUnion()) if ssoldap: setattr(self, "SERVER_URI", ssoldap.server_uri) setattr(self, "BIND_DN", ssoldap.bind_dn) setattr(self, "BIND_PASSWORD", ssoldap.password) authDN = [ LDAPSearch(unicode(dn), ldap.SCOPE_SUBTREE, ssoldap.user_filter) for dn in ssoldap.user_ou.split("\n") ] setattr(self, "USER_SEARCH", LDAPSearchUnion(*authDN)) # Compatibility with old caching settings. if getattr(django.conf.settings, self._name('CACHE_GROUPS'), defaults.get('CACHE_GROUPS')): warnings.warn( 'Found deprecated setting AUTH_LDAP_CACHE_GROUP. Use ' 'AUTH_LDAP_CACHE_TIMEOUT instead.', DeprecationWarning, ) self.CACHE_TIMEOUT = getattr( django.conf.settings, self._name('GROUP_CACHE_TIMEOUT'), defaults.get('GROUP_CACHE_TIMEOUT', 3600), )
def test_union_search(self): self._init_settings( USER_SEARCH=LDAPSearchUnion( LDAPSearch("ou=groups,o=test", ldap.SCOPE_SUBTREE, '(uid=%(user)s)'), LDAPSearch("ou=people,o=test", ldap.SCOPE_SUBTREE, '(uid=%(user)s)'), ) ) alice = self.backend.authenticate(username='******', password='******') self.assertTrue(alice is not None) self.assertEqual( self.ldapobj.methods_called(), ['initialize', 'simple_bind_s', 'search', 'search', 'result', 'result', 'simple_bind_s'] )
def test_nested_group_union(self): self._init_settings( USER_DN_TEMPLATE='uid=%(user)s,ou=people,o=test', GROUP_SEARCH=LDAPSearchUnion( LDAPSearch('ou=groups,o=test', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)'), LDAPSearch('ou=moregroups,o=test', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)') ), GROUP_TYPE=NestedMemberDNGroupType(member_attr='member'), REQUIRE_GROUP="cn=other_gon,ou=moregroups,o=test" ) alice = self.backend.authenticate(username='******', password='******') bob = self.backend.authenticate(username='******', password='******') self.assertTrue(alice is None) self.assertTrue(bob is not None) self.assertEqual(bob.ldap_user.group_names, set(['other_gon']))
def to_internal_value(self, data): data = super(LDAPSearchUnionField, self).to_internal_value(data) if len(data) == 0: return None if len(data) == 3 and isinstance(data[0], str): return self.ldap_search_field_class().run_validation(data) else: search_args = [] for i in range(len(data)): if not isinstance(data[i], list): raise ValidationError('In order to ultilize LDAP Union, input element No. %d' ' should be a search query array.' % (i + 1)) try: search_args.append(self.ldap_search_field_class().run_validation(data[i])) except Exception as e: if hasattr(e, 'detail') and isinstance(e.detail, list): e.detail.insert(0, "Error parsing LDAP Union element No. %d:" % (i + 1)) raise e return LDAPSearchUnion(*search_args)
def refresh_setting(self): setattr(settings, self.name, self.cleaned_value) if self.name == "AUTH_LDAP": if self.cleaned_value and settings.AUTH_LDAP_BACKEND not in settings.AUTHENTICATION_BACKENDS: settings.AUTHENTICATION_BACKENDS.insert( 0, settings.AUTH_LDAP_BACKEND) elif not self.cleaned_value and settings.AUTH_LDAP_BACKEND in settings.AUTHENTICATION_BACKENDS: settings.AUTHENTICATION_BACKENDS.remove( settings.AUTH_LDAP_BACKEND) if self.name == "AUTH_LDAP_SEARCH_FILTER": settings.AUTH_LDAP_USER_SEARCH_UNION = [ LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE, settings.AUTH_LDAP_SEARCH_FILTER) for USER_SEARCH in str(settings.AUTH_LDAP_SEARCH_OU).split("|") ] settings.AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( *settings.AUTH_LDAP_USER_SEARCH_UNION)
def test_union_search(self): self._init_settings( USER_SEARCH=LDAPSearchUnion( LDAPSearch("ou=groups,o=test", self.mock_ldap.SCOPE_SUBTREE, '(uid=%(user)s)'), LDAPSearch("ou=people,o=test", self.mock_ldap.SCOPE_SUBTREE, '(uid=%(user)s)'), ) ) self.mock_ldap.set_return_value('search_s', ("ou=groups,o=test", 2, "(uid=alice)", None, 0), []) self.mock_ldap.set_return_value('search_s', ("ou=people,o=test", 2, "(uid=alice)", None, 0), [self.alice]) alice = self.backend.authenticate(username='******', password='******') self.assert_(alice is not None) self.assertEqual(self.mock_ldap.ldap_methods_called(), ['initialize', 'simple_bind_s', 'search', 'search', 'result', 'result', 'simple_bind_s'])
def _dict_to_configs(self, new_configs): """ Turn given dictionary into self.configs. Clears all previous settings. :param new_configs: dictionary of new configs; values should be booleans or strings :return: """ self.configs = {} for k, v in new_configs.items(): k = k.upper() if v == "": continue if k == 'AUTH_LDAP_ENABLED': self.enabled = bool(v) # Also treat AUTH_LDAP_USER_FLAGS_BY_GROUP_IS_STAFF or _IS_SUPERUSER differently elif k == 'AUTH_LDAP_USER_FLAGS_BY_GROUP_IS_STAFF': group_flags = self.configs.get('AUTH_LDAP_USER_FLAGS_BY_GROUP', {}) group_flags['is_staff'] = v self.configs['AUTH_LDAP_USER_FLAGS_BY_GROUP'] = group_flags elif k == 'AUTH_LDAP_USER_FLAGS_BY_GROUP_IS_SUPERUSER': group_flags = self.configs.get('AUTH_LDAP_USER_FLAGS_BY_GROUP', {}) group_flags['is_superuser'] = v self.configs['AUTH_LDAP_USER_FLAGS_BY_GROUP'] = group_flags # AUTH_LDAP_GROUP_MAPPING and AUTH_LDAP_USER_ATTR_MAP should be imported as json elif k in LDAPSettings.JSON_FIELDS: try: self.configs[k] = json.loads(v) except json.JSONDecodeError: self.errors[k] = 'This field is not in json form' else: self.configs[k] = v if LDAPSettings.LDAP_IMPORT_SUCCESS: # Import AUTH_LDAP_USER_SEARCH as LDAPSearchUnion if "AUTH_LDAP_USER_SEARCH" in self.configs: temp = self.configs["AUTH_LDAP_USER_SEARCH"] ldap_searches = [] for el in temp: ldap_searches.append( LDAPSearch(el["search"], ldap.SCOPE_SUBTREE, el["filter"])) self.configs["AUTH_LDAP_USER_SEARCH"] = LDAPSearchUnion( *ldap_searches) # Import AUTH_LDAP_GROUP_SEARCH as LDAPSearch temp = new_configs.get('AUTH_LDAP_GROUP_TYPE', '').lower() group_type = None if temp == 'groupofnames': group_type = 'groupOfNames' elif temp == 'posixgroup': group_type = 'posixGroup' group_search_dn = new_configs.get('AUTH_LDAP_GROUP_SEARCH', None) if group_search_dn and group_type: self.configs['AUTH_LDAP_GROUP_SEARCH'] = LDAPSearch( group_search_dn, ldap.SCOPE_SUBTREE, "(objectClass={})".format(group_type)) # import AUTH_LDAP_GROUP_TYPE and AUTH_LDAP_GROUP_TYPE_NAME_ATTR as object name_attr = new_configs.get('AUTH_LDAP_GROUP_TYPE_NAME_ATTR', None) if group_type == 'groupOfNames': self.configs['AUTH_LDAP_GROUP_TYPE'] = GroupOfNamesType() \ if name_attr is None else GroupOfNamesType(name_attr=name_attr) elif group_type == 'posixGroup': self.configs['AUTH_LDAP_GROUP_TYPE'] = PosixGroupType() \ if name_attr is None else PosixGroupType(name_attr=name_attr) else: if 'AUTH_LDAP_GROUP_TYPE' in self.configs: del self.configs['AUTH_LDAP_GROUP_TYPE']
from corsheaders.defaults import default_headers AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_DEBUG_LEVEL: 1, ldap.OPT_REFERRALS: 0, } ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, os.getcwd()+"/certificate.pem") AUTH_LDAP_SERVER_URI = os.environ.get('LDAP_HOST') AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch("ou=people,o=unal.edu.co", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"), LDAPSearch("ou=institucional,o=bogota,o=unal.edu.co", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"), LDAPSearch("ou=dependencia,o=bogota,o=unal.edu.co", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"), LDAPSearch("ou=Institucional,o=bogota,o=unal.edu.co", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"), LDAPSearch("ou=Dependencia,o=bogota,o=unal.edu.co", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"), ) AUTH_LDAP_ALWAYS_UPDATE_USER = False AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', ) REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.TokenAuthentication',
#AUTH_LDAP_START_TLS = True MAIN_DN = "dc=ldap,dc=example,dc=com" USERS_DN = "cn=users," + MAIN_DN GROUPS_DN = "cn=groups," + MAIN_DN AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s," + USERS_DN AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail" } AUTH_LDAP_GROUP_TYPE = PosixGroupType() AUTH_LDAP_GROUP_SEARCH = LDAPSearchUnion( LDAPSearch(GROUPS_DN, ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"), ) # Use the correct group to map to django groups AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": "cn=django_users," + GROUPS_DN, "is_staff": "cn=django_staff," + GROUPS_DN, "is_superuser": "******" + GROUPS_DN, } # This is the default, but I like to be explicit. AUTH_LDAP_ALWAYS_UPDATE_USER = True # Use LDAP group membership to calculate group permissions. AUTH_LDAP_FIND_GROUP_PERMS = True # Cache distinguished names and group memberships for an hour to minimize
'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', ] AUTH_LDAP_SERVER_URI = "ldap://ldap.example.com" # If you wanna use starttls, set this option # AUTH_LDAP_START_TLS = True # Specify if you want to use tls/ssl # ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) AUTH_LDAP_BIND_DN = "" AUTH_LDAP_BIND_PASSWORD = "" AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch("ou=User1,dc=ldap,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(cn=%(user)s)"), LDAPSearch("ou=User2,dc=ldap,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(cn=%(user)s)")) AUTH_LDAP_CACHE_TIMEOUT = 3600 AUTH_LDAP_FIND_GROUP_PERMS = True AUTH_LDAP_MIRROR_GROUPS = True AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Groups,dc=ldap,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)") AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_staff": "cn=superuser,ou=Groups,dc=example,dc=com", "is_superuser": "******", }
# Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/1.11/howto/static-files/ STATIC_URL = '/static/' AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend', ) if config.get_value("LDAP_ENABLED"): print('LDAP authentication enabled') AUTH_LDAP_SERVER_URI = config.get_value('AUTH_LDAP_SERVER_URI') AUTH_LDAP_BIND_DN = config.get_value('AUTH_LDAP_BIND_DN') AUTH_LDAP_BIND_PASSWORD = config.get_value('AUTH_LDAP_BIND_PASSWORD') AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch("cn=Users,dc=devfactory,dc=local", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"), LDAPSearch("ou=Users,ou=Aurea,dc=devfactory,dc=local", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"), ) # Set up the basic group parameters. AUTH_LDAP_GROUP_SEARCH = LDAPSearch("cn=Users,dc=devfactory,dc=local", ldap.SCOPE_SUBTREE, "(objectClass=group)") AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType(name_attr="cn") # Populate the Django user from the LDAP directory. AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail" }
return filter_string FILTER_BASE = '(sAMAccountName=%(user)s)' FILTER_ADMINS = get_filter_string(FILTER_BASE, memberOf='CN=CMS Administrators,OU=Media Relations & Marketing,OU=Administration,OU=Staff,DC=rca,DC=ac,DC=uk') FILTER_MODS = get_filter_string(FILTER_BASE, memberOf='CN=CMS Moderators,OU=Media Relations & Marketing,OU=Administration,OU=Staff,DC=rca,DC=ac,DC=uk') FILTER_EDITORS = get_filter_string(FILTER_BASE, memberOf='CN=CMS Editors,OU=Media Relations & Marketing,OU=Administration,OU=Staff,DC=rca,DC=ac,DC=uk') FILTER_VISITORS = get_filter_string(FILTER_BASE, memberOf='CN=CMS Visitors,OU=Media Relations & Marketing,OU=Administration,OU=Staff,DC=rca,DC=ac,DC=uk') # Roles ROLE_ADMIN = dict(superuser=True, groups=[]) ROLE_MOD = dict(superuser=False, groups=['Moderators']) ROLE_EDITOR = dict(superuser=False, groups=['Editors']) ROLE_STUDENT = dict(superuser=False, groups=['Students']) ROLE_USER = dict(superuser=False, groups=[]) # Distinguished names STAFF_DN = 'OU=Staff,DC=rca,DC=ac,DC=uk' STUDENTS_DN = 'OU=Students,DC=rca,DC=ac,DC=uk' # Search AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( # Staff LDAPSearchRCA(STAFF_DN, ldap.SCOPE_SUBTREE, FILTER_ADMINS, role=ROLE_ADMIN), LDAPSearchRCA(STAFF_DN, ldap.SCOPE_SUBTREE, FILTER_MODS, role=ROLE_MOD), LDAPSearchRCA(STAFF_DN, ldap.SCOPE_SUBTREE, FILTER_EDITORS, role=ROLE_EDITOR), #LDAPSearchRCA(STAFF_DN, ldap.SCOPE_SUBTREE, FILTER_VISITORS, role=ROLE_USER), # Students LDAPSearchRCA(STUDENTS_DN, ldap.SCOPE_SUBTREE, FILTER_BASE, role=ROLE_STUDENT), )
import ldap from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion AUTH_LDAP_SERVER_URI = env('LDAP_SERVER', 'ldap://localhost') AUTH_LDAP_BIND_DN = env('LDAP_BIND_DN', '') AUTH_LDAP_BIND_PASSWORD = env('LDAP_BIND_PASSWORD', '') SENTRY_MANAGED_USER_FIELDS = ( 'email', 'first_name', 'last_name', 'password', ) AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch(env('LDAP_USER_DN'), ldap.SCOPE_SUBTREE, "(uid=%(user)s)"), LDAPSearch(env('LDAP_USER_DN'), ldap.SCOPE_SUBTREE, "(mail=%(user)s)"), ) AUTH_LDAP_USER_ATTR_MAP = {'name': 'cn', 'email': 'mail'} AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = env('LDAP_DEFAULT_SENTRY_ORGANIZATION', 'eea') AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member' AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True AUTH_LDAP_FIND_GROUP_PERMS = False AUTH_LDAP_SENTRY_USERNAME_FIELD = 'uid' AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + ( 'sentry_ldap_auth.backend.SentryLdapBackend', )
# # BVD LDAP Configuration File # Add the appropriate values to this file to match your LDAP configuration # import ldap from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( # LDAPSearch(args), ) import logging logger = logging.getLogger('django_auth_ldap') logger.addHandler(logging.StreamHandler()) logger.setLevel(logging.DEBUG) AUTH_LDAP_BIND_DN = "" AUTH_LDAP_BIND_PASSWORD = "" AUTH_LDAP_SERVER_URI = "" AUTH_LDAP_USER_ATTR_MAP = { "username" : "", "first_name": "", "last_name": "", "email": "" }
import ldap from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion AUTH_LDAP_BIND_DN = "" AUTH_LDAP_BIND_PASSWORD = "" AUTH_LDAP_SERVER_URI = "{{cookiecutter.ldap_server}}" AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch("{{cookiecutter.ldap_user_dn}}", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")) AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail", } AUTH_LDAP_PROFILE_ATTR_MAP = {} AUTH_LDAP_ALWAYS_UPDATE_USER = True
'django_auth_ldap.backend.LDAPBackend', # 配置为先使用LDAP认证,如通过认证则不再使用后面的认证方式 'django.contrib.auth.backends.ModelBackend', # 同时打开本地认证,因为下游系统的权限和组关系需要用到 ) AUTH_LDAP_SERVER_URI = 'ldap://lj-nuc-ldap.lianjia.com:389' AUTH_LDAP_BIND_DN = 'CN=ldapauth,OU=Sysusers,DC=ljstaff,DC=com' AUTH_LDAP_BIND_PASSWORD = '******' AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch('ou=链家网,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE, "(&(objectClass=person)(sAMAccountName=%(user)s))"), LDAPSearch('ou=链家,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE, "(&(objectClass=person)(sAMAccountName=%(user)s))"), LDAPSearch('ou=贝壳,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE, "(&(objectClass=person)(sAMAccountName=%(user)s))"), LDAPSearch('ou=新房平台,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE, "(&(objectClass=person)(sAMAccountName=%(user)s))"), LDAPSearch('ou=经纪平台,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE, "(&(objectClass=person)(sAMAccountName=%(user)s))"), LDAPSearch('ou=交易平台,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE, "(&(objectClass=person)(sAMAccountName=%(user)s))"), LDAPSearch('ou=租赁平台,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE, "(&(objectClass=person)(sAMAccountName=%(user)s))"), LDAPSearch('ou=楼盘字典,dc=ljstaff,dc=com', ldap.SCOPE_SUBTREE, "(&(objectClass=person)(sAMAccountName=%(user)s))"), ) AUTH_LDAP_USER_ATTR_MAP = {"first_name": "cn", "email": "mail"} AUTH_LDAP_ALWAYS_UPDATE_USER = True AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=mailground,DC=ljstaff,DC=com", ldap.SCOPE_SUBTREE, "(objectClass=group)") #搜>
try: AUTH_LDAP_USER_SEARCH_BASE = env.str("AUTH_LDAP_USER_SEARCH_BASE") AUTH_LDAP_USER_SEARCH = LDAPSearch( AUTH_LDAP_USER_SEARCH_BASE, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_USER_TEMPLATE, ) except environ.ImproperlyConfigured: AUTH_LDAP_USER_SEARCH_BASE_LIST = env.list( "AUTH_LDAP_USER_SEARCH_BASE_LIST") searches = [ LDAPSearch(x, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_USER_TEMPLATE) for x in AUTH_LDAP_USER_SEARCH_BASE_LIST ] AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*searches) AUTH_LDAP_USER_ATTR_MAP = env.dict( "AUTH_LDAP_USER_ATTR_MAP", default={ "first_name": "givenName", "last_name": "sn", "email": "mail" }, ) AUTH_LDAP_ALWAYS_UPDATE_USER = True AUTH_LDAP_CACHE_TIMEOUT = 0 AUTHENTICATION_BACKENDS.insert( AUTHENTICATION_BACKENDS.index(
########### # Binding and connection options AUTH_LDAP_SERVER_URI = os.environ.get('LDAP_HOST') AUTH_LDAP_BIND_DN = os.environ.get('LDAP_BIND_DN') AUTH_LDAP_BIND_PASSWORD = os.environ.get('LDAP_BIND_PASSWORD') AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_DEBUG_LEVEL: 0, ldap.OPT_REFERRALS: 0, ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, } AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch( """OU=Users,OU=RH,OU=Region Hovedstaden, DC=regionh,DC=top,DC=local""", ldap.SCOPE_SUBTREE, "(BamUserId=%(user)s)"), LDAPSearch( """OU=Service brugere,OU=RegionH Administration,DC=regionh,DC=top,DC=local""", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")) # Search for groups AUTH_LDAP_GROUP_SEARCH = LDAPSearch( """OU=GeM,OU=Ressource Grupper, OU=FAELLES Administration, OU=Region Hovedstaden, DC=regionh,DC=top,DC=local""", ldap.SCOPE_SUBTREE, "(objectClass=group)") AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() AUTH_LDAP_USER_ATTR_MAP = {
] LDAP_USER_ATTR_MAP = env.list("LDAP_USER_ATTR_MAP", default=DEFAULT_USER_ATTR_MAP) AUTH_LDAP_USER_ATTR_MAP = {} for m in LDAP_USER_ATTR_MAP: funkwhale_field, ldap_field = m.split(":") AUTH_LDAP_USER_ATTR_MAP[funkwhale_field.strip()] = ldap_field.strip() # Determine root DN supporting multiple root DNs AUTH_LDAP_ROOT_DN = env("LDAP_ROOT_DN") AUTH_LDAP_ROOT_DN_LIST = [] for ROOT_DN in AUTH_LDAP_ROOT_DN.split(): AUTH_LDAP_ROOT_DN_LIST.append( LDAPSearch(ROOT_DN, ldap.SCOPE_SUBTREE, AUTH_LDAP_SEARCH_FILTER) ) # Search for the user in all the root DNs AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*AUTH_LDAP_ROOT_DN_LIST) # Search for group types LDAP_GROUP_DN = env("LDAP_GROUP_DN", default="") if LDAP_GROUP_DN: AUTH_LDAP_GROUP_DN = LDAP_GROUP_DN # Get filter AUTH_LDAP_GROUP_FILTER = env("LDAP_GROUP_FILER", default="") # Search for the group in the specified DN AUTH_LDAP_GROUP_SEARCH = LDAPSearch( AUTH_LDAP_GROUP_DN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_FILTER ) AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() # Configure basic group support LDAP_REQUIRE_GROUP = env("LDAP_REQUIRE_GROUP", default="")
def _process_cfg(cls): cls.AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( *[LDAPSearch(x[0], getattr(ldap, x[1]), x[2]) for x in cls.AUTH_LDAP_USER_SEARCHES] )
import ldap from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion from .app import * # UofM Active Directory LDAP AUTH_LDAP_SERVER_URI = "ldap://ldap.ad.umanitoba.ca" AUTH_LDAP_BIND_DN = "DN_USERNAME" AUTH_LDAP_BIND_PASSWORD = "******" AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( # allow staff username logins: LDAPSearch("dc=ad,dc=umanitoba,dc=ca", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"), # allow student username logins: # LDAPSearch("dc=ad,dc=umanitoba,dc=ca", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s-INS)"), # allow principle logins: # LDAPSearch("dc=ad,dc=umanitoba,dc=ca", ldap.SCOPE_SUBTREE, "(userPrincipalName=%(user)s)"), ) # AUTH_LDAP_START_TLS = True AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_DEBUG_LEVEL: 0, ldap.OPT_REFERRALS: 0, # Required for AD, # source: https://www.djm.org.uk/using-django-auth-ldap-active-directory-ldaps/ # retrieved 2016-Feb-3 } AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail", }
import ldap from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion AUTH_LDAP_SERVER_URI = 'ldap://192.168.1.17' AUTH_LDAP_PERMIT_EMPTY_PASSWORD = False AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch('ASDFA', ldap.SCOPE_SUBTREE, '(XADF=%(user)s)'), LDAPSearch('ASDFA', ldap.SCOPE_SUBTREE, '(ASDF=%(user)s)'), LDAPSearch('FFF', ldap.SCOPE_SUBTREE, '(RER=%(user)s)'), LDAPSearch('123', ldap.SCOPE_SUBTREE, '(cvcd=%(user)s)'), )
https://docs.djangoproject.com/en/3.0/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/3.0/ref/settings/ """ import os import ldap from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion, ActiveDirectoryGroupType AUTH_LDAP_SERVER_URI = "ldap://core1.cons.tsk.ru" AUTH_LDAP_BIND_DN = "CN=x_glpi,OU=Net_Logins,OU=Resources_and_Services,DC=cons,DC=tsk,DC=ru" AUTH_LDAP_BIND_PASSWORD = "******" AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch("OU=Net_Logins,OU=Resources_and_Services,DC=cons,DC=tsk,DC=ru", ldap.SCOPE_SUBTREE, "sAMAccountName=%(user)s"), LDAPSearch("ou=CONSULTANT,dc=cons,dc=tsk,dc=ru", ldap.SCOPE_SUBTREE, "sAMAccountName=%(user)s"), ) #AUTH_LDAP_START_TLS = True AUTH_LDAP_USER_ATTR_MAP = { "username": "******", "first_name": "givenName", "last_name": "sn", "email": "mail", } AUTH_LDAP_GROUP_SEARCH = LDAPSearch( "OU=Net_Groups,OU=Resources_and_Services,DC=cons,DC=tsk,DC=ru", ldap.SCOPE_SUBTREE, "(objectCategory=Group)" )
# LDAP settings AUTH_LDAP_SERVER_URI = env('LDAP_SERVER_URI', 'ldap_server') AUTH_LDAP_BIND_DN = env('LDAP_BIND_DN', 'ldap_bind') AUTH_LDAP_BIND_PASSWORD = env('LDAP_BIND_PASSWORD', 'ldap_password') AUTH_LDAP_ALWAYS_UPDATE_USER = False AUTH_LDAP_AUTHORIZE_ALL_USERS = True AUTH_LDAP_FIND_GROUP_PERMS = False AUTH_LDAP_MIRROR_GROUPS = False AUTH_LDAP_CACHE_GROUPS = False AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300 AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch("DC=corporateict,DC=domain", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"), LDAPSearch("DC=corporateict,DC=domain", ldap.SCOPE_SUBTREE, "(mail=%(user)s)"), ) AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=corporateict,DC=domain", ldap.SCOPE_SUBTREE, "(objectClass=group)") AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: False, ldap.OPT_REFERRALS: False, } AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") AUTH_LDAP_USER_ATTR_MAP = { 'first_name': "givenName",
import ldap from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion, GroupOfNamesType # LDAP settings. AUTH_LDAP_SERVER_URI = LDAP_SERVER_URI AUTH_LDAP_BIND_DN = LDAP_ACCESS_DN AUTH_LDAP_BIND_PASSWORD = LDAP_ACCESS_PASSWORD AUTH_LDAP_ALWAYS_UPDATE_USER = False AUTH_LDAP_AUTHORIZE_ALL_USERS = True AUTH_LDAP_FIND_GROUP_PERMS = False AUTH_LDAP_MIRROR_GROUPS = False AUTH_LDAP_CACHE_GROUPS = False AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300 AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch('{}'.format(LDAP_SEARCH_SCOPE), ldap.SCOPE_SUBTREE, '(sAMAccountName=%(user)s)'), LDAPSearch('{}'.format(LDAP_SEARCH_SCOPE), ldap.SCOPE_SUBTREE, '(mail=%(user)s)'), ) AUTH_LDAP_GROUP_SEARCH = LDAPSearch( '{}'.format(LDAP_SEARCH_SCOPE), ldap.SCOPE_SUBTREE, '(objectClass=group)' ) AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: False, ldap.OPT_REFERRALS: False, } AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn') AUTH_LDAP_USER_ATTR_MAP = { 'first_name': 'givenName', 'last_name': 'sn',
###################below is the LDAP configration############################# AUTH_LDAP_SERVER_URI = "ldap://10.10.7.120:389" AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_DEBUG_LEVEL: 1, ldap.OPT_REFERRALS: 0, } ad_name = 'CN=徐德东,OU=IT部,OU=世纪高蓝,DC=goland,DC=cn'.decode("utf-8") search_ad = 'OU=世纪高蓝,DC=goland,DC=cn'.decode("utf-8") AUTH_LDAP_BIND_DN = ad_name AUTH_LDAP_BIND_PASSWORD = "******" AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch(search_ad, ldap.SCOPE_SUBTREE, "(&(objectClass=user)(mail=%(user)s))"), LDAPSearch(search_ad, ldap.SCOPE_SUBTREE, "(&(objectClass=user)(sAMAccountName=%(user)s))"), ) AUTH_LDAP_USER_ATTR_MAP = { 'first_name': 'givenName', 'last_name': 'sn', 'email': 'mail', } AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', ) AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_USER_MODEL = 'users.User' # Auth LDAP settings AUTH_LDAP = CONFIG.AUTH_LDAP AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD AUTH_LDAP_SEARCH_OU = CONFIG.AUTH_LDAP_SEARCH_OU AUTH_LDAP_SEARCH_FILTER = CONFIG.AUTH_LDAP_SEARCH_FILTER AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP AUTH_LDAP_USER_SEARCH_UNION = [ LDAPSearch(USER_SEARCH, ldap.SCOPE_SUBTREE, AUTH_LDAP_SEARCH_FILTER) for USER_SEARCH in str(AUTH_LDAP_SEARCH_OU).split("|") ] AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*AUTH_LDAP_USER_SEARCH_UNION) AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER AUTH_LDAP_GROUP_SEARCH = LDAPSearch( AUTH_LDAP_GROUP_SEARCH_OU, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER ) AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_TIMEOUT: 5 } AUTH_LDAP_GROUP_CACHE_TIMEOUT = 1 AUTH_LDAP_ALWAYS_UPDATE_USER = True AUTH_LDAP_BACKEND = 'django_auth_ldap.backend.LDAPBackend' if AUTH_LDAP: AUTHENTICATION_BACKENDS.insert(0, AUTH_LDAP_BACKEND)
# Keep local password for users to be required to proveide their old password on change AUTH_LDAP_SET_USABLE_PASSWORD = _settings.get("ldap.handle_passwords", True) # Keep bound as the authenticating user # Ensures proper read permissions, and ability to change password without admin AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True # The TOML config might contain either one table or an array of tables _AUTH_LDAP_USER_SETTINGS = _settings.get("ldap.users.search") if not isinstance(_AUTH_LDAP_USER_SETTINGS, list): _AUTH_LDAP_USER_SETTINGS = [_AUTH_LDAP_USER_SETTINGS] # Search attributes to find users by username AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( *[ LDAPSearch(entry["base"], ldap.SCOPE_SUBTREE, entry.get("filter", "(uid=%(user)s)"),) for entry in _AUTH_LDAP_USER_SETTINGS ] ) # Mapping of LDAP attributes to Django model fields AUTH_LDAP_USER_ATTR_MAP = { "first_name": _settings.get("ldap.users.map.first_name", "givenName"), "last_name": _settings.get("ldap.users.map.last_name", "sn"), "email": _settings.get("ldap.users.map.email", "mail"), } # Discover flags by LDAP groups if _settings.get("ldap.groups.search", None): group_type = _settings.get("ldap.groups.type", "groupOfNames") # The TOML config might contain either one table or an array of tables