- add ldap authentication to transifex, so far for sysadmin only ( for

  testing purposes )

1 files changed, 48 insertions, 0 deletions

diff --git a/modules/transifex/templates/45-ldap.conf b/modules/transifex/templates/45-ldap.conf
new file mode 100644
index 00000000..ea487d70
--- /dev/null
+++ b/modules/transifex/templates/45-ldap.conf
@@ -0,0 +1,48 @@
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+
+# Use LDAP group membership to calculate group permissions.
+AUTH_LDAP_FIND_GROUP_PERMS = True
+
+AUTH_LDAP_START_TLS = True
+
+# Cache group memberships for an hour to minimize LDAP traffic
+AUTH_LDAP_CACHE_GROUPS = True
+AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
+
+import ldap
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
+
+
+# Baseline configuration.
+AUTH_LDAP_SERVER_URI = "ldap://ldap.<%= domain %>"
+
+AUTH_LDAP_BIND_DN = "cn=alamut-sympa,ou=System Accounts,<%= dc_suffix %>"
+AUTH_LDAP_BIND_PASSWORD = "<%= ldap_password %>"
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,<%= dc_suffix %> ",
+    ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
+
+# Set up the basic group parameters.
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,<%= dc_suffix %>",
+    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
+)
+AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
+
+# Only users in this group can log in.
+#AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com"
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail"
+}
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_active": "cn=mga-committers,ou=Group,<%= dc_suffix %>",
+    "is_staff": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>",
+    "is_superuser": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>"
+}