make ldap configurable

smash/smash/local_settings.py.template

@@ -85,4 +85,6 @@ TWO_FACTOR_SMS_GATEWAY = "web.nexmo_gateway.Nexmo"
 FORCE_2FA = True
 
 # path to 'smash' folder
-NPM_ROOT_PATH = '/path/to/smasch/'
\ No newline at end of file
+NPM_ROOT_PATH = '/path/to/smasch/'
+
+AUTH_LDAP_SERVER_URI = "ldap://lcsb-cdc-lums-01.uni.lu"

smash/smash/settings.py

@@ -115,15 +115,13 @@ AUTH_PASSWORD_VALIDATORS = [
 ]
 
 AUTHENTICATION_BACKENDS = [
-    "web.auth.CustomLDAPBackend.CustomLDAPBackend",
     "web.auth.CustomModelBackend.CustomModelBackend",
 ]
 
-AUTH_LDAP_SERVER_URI = "ldap://lcsb-cdc-lums-01.uni.lu"
-
-AUTH_LDAP_USER_SEARCH = LDAPSearch(
-    "cn=users,cn=accounts,dc=uni,dc=lu", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
-)
+# by default disable LDAP
+AUTH_LDAP_SERVER_URI = None
+AUTH_LDAP_BASE_DN = "cn=users,cn=accounts,dc=uni,dc=lu"
+AUTH_LDAP_FILTER = "(uid=%(user)s)"
 AUTH_LDAP_ALWAYS_UPDATE_USER = False
 
 INTERNAL_IPS = [
@@ -200,6 +198,12 @@ if FORCE_2FA:
 
 NPM_STATIC_FILES_PREFIX = 'npm'
 
+if AUTH_LDAP_SERVER_URI is not None:
+    AUTHENTICATION_BACKENDS.insert(0, "web.auth.CustomLDAPBackend.CustomLDAPBackend")
+    AUTH_LDAP_USER_SEARCH = LDAPSearch(
+        AUTH_LDAP_BASE_DN, ldap.SCOPE_SUBTREE, AUTH_LDAP_FILTER
+    )
+
 # ***************
 # hacky way to fix problem with '"' in css files that generate errors on collectstatic django command
 # ***************

smash/web/auth/CustomLDAPBackend.py

@@ -10,10 +10,10 @@ logger = logging.getLogger(__name__)
 class CustomLDAPBackend(LDAPBackend):
     def authenticate_ldap_user(self, ldap_user: _LDAPUser, password):
         username = self.ldap_to_django_username(ldap_user._username)
-        logger.debug("Trying LDAP with: " + username)
 
         count = Worker.objects.filter(user__username=username, user__is_active=True, ldap_user=True).count()
         if count == 1:
+            logger.debug("Trying LDAP auth with: " + username)
             return super().authenticate_ldap_user(ldap_user, password)
         else:
             return None