aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--modules/transifex/manifests/init.pp15
-rw-r--r--modules/transifex/templates/45-ldap.conf48
2 files changed, 62 insertions, 1 deletions
diff --git a/modules/transifex/manifests/init.pp b/modules/transifex/manifests/init.pp
index e6894726..0df2d5df 100644
--- a/modules/transifex/manifests/init.pp
+++ b/modules/transifex/manifests/init.pp
@@ -1,9 +1,11 @@
class transifex {
- package { ['transifex','python-psycopg2']:
+
+ package { ['transifex','python-psycopg2','python-django-auth-ldap']:
ensure => installed
}
$password = extlookup("transifex_password",'x')
+ $ldap_password = extlookup("transifex_ldap",'x')
@@postgresql::user { 'transifex':
password => $password,
@@ -48,6 +50,17 @@ class transifex {
notify => Service['apache']
}
+ file { "45-ldap.conf":
+ path => "/etc/transifex/45-ldap.conf",
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 644,
+ content => template("transifex/45-ldap.conf"),
+ require => Package['transifex'],
+ notify => Service['apache']
+ }
+
apache::vhost_django_app { "transifex.$domain":
module => "transifex",
module_path => ["/usr/share/transifex","/usr/share"]
diff --git a/modules/transifex/templates/45-ldap.conf b/modules/transifex/templates/45-ldap.conf
new file mode 100644
index 00000000..ea487d70
--- /dev/null
+++ b/modules/transifex/templates/45-ldap.conf
@@ -0,0 +1,48 @@
+AUTHENTICATION_BACKENDS = (
+ 'django_auth_ldap.backend.LDAPBackend',
+ 'django.contrib.auth.backends.ModelBackend',
+)
+
+# Use LDAP group membership to calculate group permissions.
+AUTH_LDAP_FIND_GROUP_PERMS = True
+
+AUTH_LDAP_START_TLS = True
+
+# Cache group memberships for an hour to minimize LDAP traffic
+AUTH_LDAP_CACHE_GROUPS = True
+AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
+
+import ldap
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
+
+
+# Baseline configuration.
+AUTH_LDAP_SERVER_URI = "ldap://ldap.<%= domain %>"
+
+AUTH_LDAP_BIND_DN = "cn=alamut-sympa,ou=System Accounts,<%= dc_suffix %>"
+AUTH_LDAP_BIND_PASSWORD = "<%= ldap_password %>"
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,<%= dc_suffix %> ",
+ ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
+
+# Set up the basic group parameters.
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,<%= dc_suffix %>",
+ ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
+)
+AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
+
+# Only users in this group can log in.
+#AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com"
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+ "first_name": "givenName",
+ "last_name": "sn",
+ "email": "mail"
+}
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+ "is_active": "cn=mga-committers,ou=Group,<%= dc_suffix %>",
+ "is_staff": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>",
+ "is_superuser": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>"
+}