From b55448b4973a73b831871e09a1b0af82874abb24 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@mageia.org>
Date: Wed, 15 Dec 2010 01:39:35 +0000
Subject: - add ldap authentication to transifex, so far for sysadmin only (
 for   testing purposes )

---
 modules/transifex/manifests/init.pp      | 15 +++++++++-
 modules/transifex/templates/45-ldap.conf | 48 ++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 modules/transifex/templates/45-ldap.conf

(limited to 'modules/transifex')

diff --git a/modules/transifex/manifests/init.pp b/modules/transifex/manifests/init.pp
index e6894726..0df2d5df 100644
--- a/modules/transifex/manifests/init.pp
+++ b/modules/transifex/manifests/init.pp
@@ -1,9 +1,11 @@
 class transifex {
-  package { ['transifex','python-psycopg2']:
+  
+  package { ['transifex','python-psycopg2','python-django-auth-ldap']:
     ensure => installed
   }
  
   $password = extlookup("transifex_password",'x')
+  $ldap_password = extlookup("transifex_ldap",'x')
 
   @@postgresql::user { 'transifex':
         password => $password,
@@ -48,6 +50,17 @@ class transifex {
     notify => Service['apache']
   }
 
+  file { "45-ldap.conf":
+    path => "/etc/transifex/45-ldap.conf",
+    ensure => present,
+    owner => root,
+    group => root,
+    mode => 644,
+    content => template("transifex/45-ldap.conf"),
+    require => Package['transifex'],
+    notify => Service['apache']
+  }
+
   apache::vhost_django_app { "transifex.$domain":
     module => "transifex",
     module_path => ["/usr/share/transifex","/usr/share"] 
diff --git a/modules/transifex/templates/45-ldap.conf b/modules/transifex/templates/45-ldap.conf
new file mode 100644
index 00000000..ea487d70
--- /dev/null
+++ b/modules/transifex/templates/45-ldap.conf
@@ -0,0 +1,48 @@
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+
+# Use LDAP group membership to calculate group permissions.
+AUTH_LDAP_FIND_GROUP_PERMS = True
+
+AUTH_LDAP_START_TLS = True
+
+# Cache group memberships for an hour to minimize LDAP traffic
+AUTH_LDAP_CACHE_GROUPS = True
+AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
+
+import ldap
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
+
+
+# Baseline configuration.
+AUTH_LDAP_SERVER_URI = "ldap://ldap.<%= domain %>"
+
+AUTH_LDAP_BIND_DN = "cn=alamut-sympa,ou=System Accounts,<%= dc_suffix %>"
+AUTH_LDAP_BIND_PASSWORD = "<%= ldap_password %>"
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,<%= dc_suffix %> ",
+    ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
+
+# Set up the basic group parameters.
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,<%= dc_suffix %>",
+    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
+)
+AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
+
+# Only users in this group can log in.
+#AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com"
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail"
+}
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_active": "cn=mga-committers,ou=Group,<%= dc_suffix %>",
+    "is_staff": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>",
+    "is_superuser": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>"
+}
-- 
cgit v1.2.1