Revision

618

Author

misc

Date

2010-12-15 02:39:35 +0100 (Wed, 15 Dec 2010)

Log Message

- add ldap authentication to transifex, so far for sysadmin only ( for
  testing purposes )

Modified Paths

• puppet/modules/transifex/manifests/init.pp

Added Paths

• puppet/modules/transifex/templates/45-ldap.conf

Modified: puppet/modules/transifex/manifests/init.pp
===================================================================
--- puppet/modules/transifex/manifests/init.pp	2010-12-15 01:39:33 UTC (rev 617)
+++ puppet/modules/transifex/manifests/init.pp	2010-12-15 01:39:35 UTC (rev 618)
@@ -1,9 +1,11 @@
 class transifex {
-  package { ['transifex','python-psycopg2']:
+  
+  package { ['transifex','python-psycopg2','python-django-auth-ldap']:
     ensure => installed
   }
  
   $password = extlookup("transifex_password",'x')
+  $ldap_password = extlookup("transifex_ldap",'x')
 
   @@postgresql::user { 'transifex':
         password => $password,
@@ -48,6 +50,17 @@
     notify => Service['apache']
   }
 
+  file { "45-ldap.conf":
+    path => "/etc/transifex/45-ldap.conf",
+    ensure => present,
+    owner => root,
+    group => root,
+    mode => 644,
+    content => template("transifex/45-ldap.conf"),
+    require => Package['transifex'],
+    notify => Service['apache']
+  }
+
   apache::vhost_django_app { "transifex.$domain":
     module => "transifex",
     module_path => ["/usr/share/transifex","/usr/share"] 

Added: puppet/modules/transifex/templates/45-ldap.conf
===================================================================
--- puppet/modules/transifex/templates/45-ldap.conf	                        (rev 0)
+++ puppet/modules/transifex/templates/45-ldap.conf	2010-12-15 01:39:35 UTC (rev 618)
@@ -0,0 +1,48 @@
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+
+# Use LDAP group membership to calculate group permissions.
+AUTH_LDAP_FIND_GROUP_PERMS = True
+
+AUTH_LDAP_START_TLS = True
+
+# Cache group memberships for an hour to minimize LDAP traffic
+AUTH_LDAP_CACHE_GROUPS = True
+AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
+
+import ldap
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
+
+
+# Baseline configuration.
+AUTH_LDAP_SERVER_URI = "ldap://ldap.<%= domain %>"
+
+AUTH_LDAP_BIND_DN = "cn=alamut-sympa,ou=System Accounts,<%= dc_suffix %>"
+AUTH_LDAP_BIND_PASSWORD = "<%= ldap_password %>"
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,<%= dc_suffix %> ",
+    ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
+
+# Set up the basic group parameters.
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,<%= dc_suffix %>",
+    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
+)
+AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
+
+# Only users in this group can log in.
+#AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com"
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail"
+}
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_active": "cn=mga-committers,ou=Group,<%= dc_suffix %>",
+    "is_staff": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>",
+    "is_superuser": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>"
+}