aboutsummaryrefslogtreecommitdiffstats
path: root/modules/transifex/templates/45-ldap.conf
blob: dd215dc9539394066e5191560e612304f976e17b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
AUTHENTICATION_BACKENDS = (
    'custom_backend.ForceUidLDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True

AUTH_LDAP_START_TLS = True

# Cache group memberships for an hour to minimize LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType


# Baseline configuration.
AUTH_LDAP_SERVER_URI = "ldap://ldap.<%= domain %> ldap://ldap-slave-1.<%= domain %>"

AUTH_LDAP_BIND_DN = "cn=transifex-<%= hostname %>,ou=System Accounts,<%= dc_suffix %>"
AUTH_LDAP_BIND_PASSWORD = "<%= ldap_password %>"

AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,<%= dc_suffix %> ",
    ldap.SCOPE_SUBTREE, "(|(uid=%(user)s)(mail=%(user)s))")

# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,<%= dc_suffix %>",
    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")

# Only users in this group can log in.
#AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com"

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": "cn=mga-i18n,ou=Group,<%= dc_suffix %>",
    "is_staff": "cn=mga-i18n-committers,ou=Group,<%= dc_suffix %>",
    "is_superuser": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>"
}