AUTH_LDAP_BIND_DN = config('LDAP_BIND_DN', default='') AUTH_LDAP_BIND_PASSWORD = config('LDAP_BIND_PASSWORD', default='') AUTH_LDAP_USER_SEARCH = LDAPSearch( config('LDAP_USER_DN'), ldap.SCOPE_SUBTREE, config('LDAP_USER_FILTER', default='(&(objectClass=inetOrgPerson)(cn=%(user)s))')) AUTH_LDAP_GROUP_SEARCH = LDAPSearch( config('LDAP_GROUP_DN', default=''), ldap.SCOPE_SUBTREE, config('LDAP_GROUP_FILTER', default='(objectClass=groupOfUniqueNames)')) if config('LDAP_GROUP_TYPE', default='') == 'groupOfUniqueNames': AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType() elif config('LDAP_GROUP_TYPE', default='') == 'posixGroup': AUTH_LDAP_GROUP_TYPE = PosixGroupType() elif config('LDAP_GROUP_TYPE', default='') == 'nestedGroupOfNames': AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType() AUTH_LDAP_REQUIRE_GROUP = config('LDAP_REQUIRE_GROUP', default=None) AUTH_LDAP_DENY_GROUP = config('LDAP_DENY_GROUP', default=None) AUTH_LDAP_USER_ATTR_MAP = { 'username': config('LDAP_SENTRY_USER_FIELD', default='mail'), 'name': config('LDAP_MAP_FULL_NAME', default='cn'), 'email': config('LDAP_MAP_MAIL', default='mail') } AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = 'Locaweb'
"username": "******", "name": "displayName", "email": "mail", # "first_name": "givenName", # "last_name": "sn", } AUTH_LDAP_ALWAYS_UPDATE_USER = True # # 通过组进行权限控制 AUTH_LDAP_GROUP_SEARCH = LDAPSearch( 'cn=xxx,ou=group,dc=xxx,dc=com', ldap.SCOPE_SUBTREE, '(&(objectclass=groupOfUniqueNames) \ (uniqueMember=%(user)s))') AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType(name_attr="cn") # 组的DN 作用: 只有指定组的用户可以访问 AUTH_LDAP_REQUIRE_GROUP = "cn=xxx,ou=xxx,dc=xxx,dc=com" # 导入用户的组信息 # AUTH_LDAP_MIRROR_GROUPS = True AUTH_LDAP_FIND_GROUP_PERMS = True AUTH_LDAP_CACHE_GROUPS = True AUTH_LDAP_GROUP_CACHE_TIMEOUT = 600 # is_staff:这个组里的成员可以登录;is_superuser:组成员是django admin的超级管理员;is_active:组成员可以登录django admin后台,但是无权限查看后台内容 # AUTH_LDAP_USER_FLAGS_BY_GROUP = { # "is_staff": "cn=xxx,ou=group,DC=xxx,DC=com", # # "is_superuser": "******", # }