Skip to content
Snippets Groups Projects
Commit c98972de authored by Piotr Gawron's avatar Piotr Gawron
Browse files

make ldap configurable

parent b7074eb0
No related branches found
No related tags found
1 merge request!352Resolve "LDAP connector"
......@@ -85,4 +85,6 @@ TWO_FACTOR_SMS_GATEWAY = "web.nexmo_gateway.Nexmo"
FORCE_2FA = True
# path to 'smash' folder
NPM_ROOT_PATH = '/path/to/smasch/'
\ No newline at end of file
NPM_ROOT_PATH = '/path/to/smasch/'
AUTH_LDAP_SERVER_URI = "ldap://lcsb-cdc-lums-01.uni.lu"
......@@ -115,15 +115,13 @@ AUTH_PASSWORD_VALIDATORS = [
]
AUTHENTICATION_BACKENDS = [
"web.auth.CustomLDAPBackend.CustomLDAPBackend",
"web.auth.CustomModelBackend.CustomModelBackend",
]
AUTH_LDAP_SERVER_URI = "ldap://lcsb-cdc-lums-01.uni.lu"
AUTH_LDAP_USER_SEARCH = LDAPSearch(
"cn=users,cn=accounts,dc=uni,dc=lu", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
)
# by default disable LDAP
AUTH_LDAP_SERVER_URI = None
AUTH_LDAP_BASE_DN = "cn=users,cn=accounts,dc=uni,dc=lu"
AUTH_LDAP_FILTER = "(uid=%(user)s)"
AUTH_LDAP_ALWAYS_UPDATE_USER = False
INTERNAL_IPS = [
......@@ -200,6 +198,12 @@ if FORCE_2FA:
NPM_STATIC_FILES_PREFIX = 'npm'
if AUTH_LDAP_SERVER_URI is not None:
AUTHENTICATION_BACKENDS.insert(0, "web.auth.CustomLDAPBackend.CustomLDAPBackend")
AUTH_LDAP_USER_SEARCH = LDAPSearch(
AUTH_LDAP_BASE_DN, ldap.SCOPE_SUBTREE, AUTH_LDAP_FILTER
)
# ***************
# hacky way to fix problem with '"' in css files that generate errors on collectstatic django command
# ***************
......
......@@ -10,10 +10,10 @@ logger = logging.getLogger(__name__)
class CustomLDAPBackend(LDAPBackend):
def authenticate_ldap_user(self, ldap_user: _LDAPUser, password):
username = self.ldap_to_django_username(ldap_user._username)
logger.debug("Trying LDAP with: " + username)
count = Worker.objects.filter(user__username=username, user__is_active=True, ldap_user=True).count()
if count == 1:
logger.debug("Trying LDAP auth with: " + username)
return super().authenticate_ldap_user(ldap_user, password)
else:
return None
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment