except ImportError:
raise ImproperlyConfigured(
"python-ldap and django-auth-ldap must be installed to use LDAP authentication."
)
# All LDAP usernames have this suffix - it is removed when creating Django users
AUTH_LDAP_USERNAME_SUFFIX = environ.get("AUTH_LDAP_USERNAME_SUFFIX", "")
AUTH_LDAP_SERVER_URI = environ.get("AUTH_LDAP_SERVER_URI", "ldap://localhost")
AUTH_LDAP_BIND_DN = environ.get("AUTH_LDAP_BIND_DN", "")
AUTH_LDAP_BIND_PASSWORD = environ.get("AUTH_LDAP_BIND_PASSWORD", "")
if "AUTH_LDAP_USER_SEARCH_BASE_DN" in environ:
AUTH_LDAP_USER_SEARCH = ldap_config.LDAPSearch(
environ.get("AUTH_LDAP_USER_SEARCH_BASE_DN"),
ldap.SCOPE_SUBTREE,
environ.get("AUTH_LDAP_USER_SEARCH_BASE_FILTERSTR", "(uid=%(user)s)"),
)
AUTH_LDAP_USER_DN_TEMPLATE = environ.get("AUTH_LDAP_USER_DN_TEMPLATE", None)
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {}
if "AUTH_LDAP_GROUP_IS_ACTIVE" in environ:
AUTH_LDAP_USER_FLAGS_BY_GROUP["is_active"] = environ.get(
"AUTH_LDAP_GROUP_IS_ACTIVE")
if "AUTH_LDAP_GROUP_IS_STAFF" in environ:
AUTH_LDAP_USER_FLAGS_BY_GROUP["is_staff"] = environ.get(
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
"""
AUTH_PASSWORD_VALIDATORS = [] # using AD/LDAP passwords validation rules
# Configuration for OpenLDAP
AUTH_LDAP_SERVER_URI = get_environment_variable("LDAP_HOST")
AUTH_LDAP_BIND_DN = get_environment_variable("LDAP_BIND_DN")
AUTH_LDAP_BIND_PASSWORD = get_environment_variable("LDAP_BIND_PASSWORD")
AUTH_LDAP_USER_SEARCH = ldap_config.LDAPSearch(
get_environment_variable("LDAP_USER_SEARCH_DN"),
ldap.SCOPE_SUBTREE,
get_environment_variable("LDAP_USER_SEARCH_FILTERSTR"),
)
AUTH_LDAP_GROUP_SEARCH = ldap_config.LDAPSearch(
get_environment_variable("LDAP_GROUP_SEARCH_DN"), ldap.SCOPE_SUBTREE)
AUTH_LDAP_GROUP_TYPE = getattr(
ldap_config,
get_environment_variable("LDAP_GROUP_TYPE",
default_value="NestedGroupOfNamesType"))()
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300
AUTH_LDAP_MIRROR_GROUPS = True
ldap_conn_options = json.loads(ldap_conn_options)
for option_name in ldap_conn_options:
option = getattr(ldap, option_name)
AUTH_LDAP_CONNECTION_OPTIONS[option] = ldap_conn_options[
option_name]
AUTH_LDAP_BIND_DN = config.get_string('POLYAXON_AUTH_LDAP_BIND_DN',
is_optional=True)
AUTH_LDAP_BIND_PASSWORD = config.get_string(
'POLYAXON_AUTH_LDAP_BIND_PASSWORD', is_secret=True, is_optional=True)
base_dn = config.get_string('POLYAXON_AUTH_LDAP_USER_SEARCH_BASE_DN',
is_optional=True)
filterstr = config.get_string('POLYAXON_AUTH_LDAP_USER_SEARCH_FILTERSTR',
is_optional=True)
if base_dn and filterstr:
AUTH_LDAP_USER_SEARCH = django_auth_ldap_config.LDAPSearch(
base_dn, ldap.SCOPE_SUBTREE, filterstr)
AUTH_LDAP_USER_DN_TEMPLATE = config.get_string(
'POLYAXON_AUTH_LDAP_USER_DN_TEMPLATE', is_optional=True)
AUTH_LDAP_START_TLS = config.get_boolean('POLYAXON_AUTH_LDAP_START_TLS',
is_optional=True)
user_attr_map = config.get_string('POLYAXON_AUTH_LDAP_USER_ATTR_MAP',
is_optional=True)
if user_attr_map:
AUTH_LDAP_USER_ATTR_MAP = json.loads(user_attr_map)
# working with groups
group_base_dn = config.get_string(
'POLYAXON_AUTH_LDAP_GROUP_SEARCH_BASE_DN', is_optional=True)
}
})
EMAIL_USE_SSL = env("DJANGO_EMAIL_USE_SSL", cast=bool, default=False)
if DEBUG:
INSTALLED_APPS += (
"sslserver",
)
AUTH_LDAP_SERVER_URI = env("LDAP_SERVER_URL")
AUTH_LDAP_BIND_DN = env("LDAP_BIND_DN")
AUTH_LDAP_BIND_PASSWORD = env("LDAP_BIND_PASSWORD")
AUTH_LDAP_USER_SEARCH = ldap_config.LDAPSearch(
env("LDAP_USER_SEARCH_DN"),
ldap.SCOPE_SUBTREE,
env("LDAP_USER_SEARCH_FILTERSTR")
)
AUTH_LDAP_GROUP_SEARCH = ldap_config.LDAPSearch(
env("LDAP_GROUP_SEARCH_DN"),
ldap.SCOPE_SUBTREE,
)
AUTH_LDAP_GROUP_TYPE = GeonodeNestedGroupOfNamesType()
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "cn",
"last_name": "sn"
}
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_MIRROR_GROUPS_EXCEPT = [
"test_group"
]
def AUTH_LDAP_GROUP_SEARCH(self):
auth_ldap_group_search_dn = get('AUTH_LDAP_GROUP_SEARCH_DN', '')
return config.LDAPSearch(auth_ldap_group_search_dn, ldap.SCOPE_SUBTREE,
"(objectClass=posixGroup)")
def AUTH_LDAP_USER_SEARCH(self):
auth_ldap_user_search_dn = get('AUTH_LDAP_USER_SEARCH_DN', '')
return config.LDAPSearch(auth_ldap_user_search_dn, ldap.SCOPE_SUBTREE,
"(uid=%(user)s)")