Skip to content

Commit

Permalink
Merge pull request #593 from jbernal0019/master
Browse files Browse the repository at this point in the history
Add env variables AUTH_LDAP_GROUP_SEARCH_ROOT for LDAP group mirroring and AUTH_LDAP_CHRIS_ADMIN_GROUP to define a ChRIS admin group
  • Loading branch information
jbernal0019 authored Nov 7, 2024
2 parents 3e15a1b + e41e1a7 commit a068b9c
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 2 deletions.
11 changes: 10 additions & 1 deletion chris_backend/config/settings/local.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

import os
import ldap
from django_auth_ldap.config import LDAPSearch
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
from .common import * # noqa
from core.storage import verify_storage_connection

Expand Down Expand Up @@ -192,6 +192,8 @@
AUTH_LDAP_BIND_DN = 'uid=admin,ou=people,dc=example,dc=org'
AUTH_LDAP_BIND_PASSWORD = 'chris1234'
AUTH_LDAP_USER_SEARCH_ROOT = 'ou=people,dc=example,dc=org'
AUTH_LDAP_GROUP_SEARCH_ROOT = 'ou=groups,dc=example,dc=org'
AUTH_LDAP_CHRIS_ADMIN_GROUP = 'chris_admin'

AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_ROOT, ldap.SCOPE_SUBTREE,
'(uid=%(user)s)')
Expand All @@ -200,6 +202,13 @@
'last_name': 'sn',
'email': 'mail'
}
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_ROOT, ldap.SCOPE_SUBTREE,
'(objectClass=groupOfNames)')
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
'is_staff': f'cn={AUTH_LDAP_CHRIS_ADMIN_GROUP},{AUTH_LDAP_GROUP_SEARCH_ROOT}'
}
AUTH_LDAP_MIRROR_GROUPS_EXCEPT = ['all_users', 'pacs_users']

AUTHENTICATION_BACKENDS = (
'users.models.CustomLDAPBackend',
Expand Down
11 changes: 10 additions & 1 deletion chris_backend/config/settings/production.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"""

import ldap
from django_auth_ldap.config import LDAPSearch
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
from .common import * # noqa
from environs import Env, EnvValidationError
from core.storage import verify_storage_connection
Expand Down Expand Up @@ -168,6 +168,8 @@ def get_secret(setting, secret_type=env):
AUTH_LDAP_BIND_DN = get_secret('AUTH_LDAP_BIND_DN')
AUTH_LDAP_BIND_PASSWORD = get_secret('AUTH_LDAP_BIND_PASSWORD')
AUTH_LDAP_USER_SEARCH_ROOT = get_secret('AUTH_LDAP_USER_SEARCH_ROOT')
AUTH_LDAP_GROUP_SEARCH_ROOT = get_secret('AUTH_LDAP_GROUP_SEARCH_ROOT')
AUTH_LDAP_CHRIS_ADMIN_GROUP = get_secret('AUTH_LDAP_CHRIS_ADMIN_GROUP')

AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_ROOT, ldap.SCOPE_SUBTREE,
'(uid=%(user)s)')
Expand All @@ -176,6 +178,13 @@ def get_secret(setting, secret_type=env):
'last_name': 'sn',
'email': 'mail'
}
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_ROOT, ldap.SCOPE_SUBTREE,
'(objectClass=groupOfNames)')
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
'is_staff': f'cn={AUTH_LDAP_CHRIS_ADMIN_GROUP},{AUTH_LDAP_GROUP_SEARCH_ROOT}'
}
AUTH_LDAP_MIRROR_GROUPS_EXCEPT = ['all_users', 'pacs_users']

AUTHENTICATION_BACKENDS = (
'users.models.CustomLDAPBackend',
Expand Down

0 comments on commit a068b9c

Please sign in to comment.