diff options
author | Michael Scherer <misc@mageia.org> | 2010-12-15 01:39:35 +0000 |
---|---|---|
committer | Michael Scherer <misc@mageia.org> | 2010-12-15 01:39:35 +0000 |
commit | b55448b4973a73b831871e09a1b0af82874abb24 (patch) | |
tree | d0783765b2b37a1eb1a05bcdd80a8db7f80b3ab6 /modules/transifex/templates | |
parent | 3e5f72b5d819a37cd9111a723d241b02ae4da6c6 (diff) | |
download | puppet-b55448b4973a73b831871e09a1b0af82874abb24.tar puppet-b55448b4973a73b831871e09a1b0af82874abb24.tar.gz puppet-b55448b4973a73b831871e09a1b0af82874abb24.tar.bz2 puppet-b55448b4973a73b831871e09a1b0af82874abb24.tar.xz puppet-b55448b4973a73b831871e09a1b0af82874abb24.zip |
- add ldap authentication to transifex, so far for sysadmin only ( for
testing purposes )
Diffstat (limited to 'modules/transifex/templates')
-rw-r--r-- | modules/transifex/templates/45-ldap.conf | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/modules/transifex/templates/45-ldap.conf b/modules/transifex/templates/45-ldap.conf new file mode 100644 index 00000000..ea487d70 --- /dev/null +++ b/modules/transifex/templates/45-ldap.conf @@ -0,0 +1,48 @@ +AUTHENTICATION_BACKENDS = ( + 'django_auth_ldap.backend.LDAPBackend', + 'django.contrib.auth.backends.ModelBackend', +) + +# Use LDAP group membership to calculate group permissions. +AUTH_LDAP_FIND_GROUP_PERMS = True + +AUTH_LDAP_START_TLS = True + +# Cache group memberships for an hour to minimize LDAP traffic +AUTH_LDAP_CACHE_GROUPS = True +AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600 + +import ldap +from django_auth_ldap.config import LDAPSearch, GroupOfNamesType + + +# Baseline configuration. +AUTH_LDAP_SERVER_URI = "ldap://ldap.<%= domain %>" + +AUTH_LDAP_BIND_DN = "cn=alamut-sympa,ou=System Accounts,<%= dc_suffix %>" +AUTH_LDAP_BIND_PASSWORD = "<%= ldap_password %>" + +AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,<%= dc_suffix %> ", + ldap.SCOPE_SUBTREE, "(uid=%(user)s)") + +# Set up the basic group parameters. +AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,<%= dc_suffix %>", + ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)" +) +AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") + +# Only users in this group can log in. +#AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com" + +# Populate the Django user from the LDAP directory. +AUTH_LDAP_USER_ATTR_MAP = { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" +} + +AUTH_LDAP_USER_FLAGS_BY_GROUP = { + "is_active": "cn=mga-committers,ou=Group,<%= dc_suffix %>", + "is_staff": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>", + "is_superuser": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>" +} |