diff options
-rw-r--r-- | modules/transifex/manifests/init.pp | 15 | ||||
-rw-r--r-- | modules/transifex/templates/45-ldap.conf | 48 |
2 files changed, 62 insertions, 1 deletions
diff --git a/modules/transifex/manifests/init.pp b/modules/transifex/manifests/init.pp index e6894726..0df2d5df 100644 --- a/modules/transifex/manifests/init.pp +++ b/modules/transifex/manifests/init.pp @@ -1,9 +1,11 @@ class transifex { - package { ['transifex','python-psycopg2']: + + package { ['transifex','python-psycopg2','python-django-auth-ldap']: ensure => installed } $password = extlookup("transifex_password",'x') + $ldap_password = extlookup("transifex_ldap",'x') @@postgresql::user { 'transifex': password => $password, @@ -48,6 +50,17 @@ class transifex { notify => Service['apache'] } + file { "45-ldap.conf": + path => "/etc/transifex/45-ldap.conf", + ensure => present, + owner => root, + group => root, + mode => 644, + content => template("transifex/45-ldap.conf"), + require => Package['transifex'], + notify => Service['apache'] + } + apache::vhost_django_app { "transifex.$domain": module => "transifex", module_path => ["/usr/share/transifex","/usr/share"] diff --git a/modules/transifex/templates/45-ldap.conf b/modules/transifex/templates/45-ldap.conf new file mode 100644 index 00000000..ea487d70 --- /dev/null +++ b/modules/transifex/templates/45-ldap.conf @@ -0,0 +1,48 @@ +AUTHENTICATION_BACKENDS = ( + 'django_auth_ldap.backend.LDAPBackend', + 'django.contrib.auth.backends.ModelBackend', +) + +# Use LDAP group membership to calculate group permissions. +AUTH_LDAP_FIND_GROUP_PERMS = True + +AUTH_LDAP_START_TLS = True + +# Cache group memberships for an hour to minimize LDAP traffic +AUTH_LDAP_CACHE_GROUPS = True +AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600 + +import ldap +from django_auth_ldap.config import LDAPSearch, GroupOfNamesType + + +# Baseline configuration. +AUTH_LDAP_SERVER_URI = "ldap://ldap.<%= domain %>" + +AUTH_LDAP_BIND_DN = "cn=alamut-sympa,ou=System Accounts,<%= dc_suffix %>" +AUTH_LDAP_BIND_PASSWORD = "<%= ldap_password %>" + +AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,<%= dc_suffix %> ", + ldap.SCOPE_SUBTREE, "(uid=%(user)s)") + +# Set up the basic group parameters. +AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,<%= dc_suffix %>", + ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)" +) +AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") + +# Only users in this group can log in. +#AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com" + +# Populate the Django user from the LDAP directory. +AUTH_LDAP_USER_ATTR_MAP = { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" +} + +AUTH_LDAP_USER_FLAGS_BY_GROUP = { + "is_active": "cn=mga-committers,ou=Group,<%= dc_suffix %>", + "is_staff": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>", + "is_superuser": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>" +} |