diff options
| author | Kelley Spoon <kelley.spoon@linaro.org> | 2022-02-01 17:31:50 -0600 |
|---|---|---|
| committer | Kelley Spoon <kelley.spoon@linaro.org> | 2022-02-01 23:33:14 +0000 |
| commit | 6f19b63a6e257d9ac51eec9d4783579fabe0d840 (patch) | |
| tree | c75ccb0754b7c567daebd1f53785064da2a1c9c7 | |
| parent | ff8c3f4f77c208616eb0a8b6b112a4f8a3b6377b (diff) | |
settings_production: add in LDAP settings
This change adds in the requires AUTH_LDAP settings to
allow llp to use auth_ldap_backend. The LDAP bind password
is set in the host's secrets.
Change-Id: Ifcf8ef6d79ae8ba7d5e904a696b60a8bb9dd9eae
Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org>
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40443
| -rw-r--r-- | settings_production.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/settings_production.py b/settings_production.py index 298dbf4..73a4c4e 100644 --- a/settings_production.py +++ b/settings_production.py @@ -1,6 +1,10 @@ # Settings for our production instances from settings import * +import ldap +from django_auth_ldap.config import LDAPSearch, GroupOfNamesType + + DEBUG = False ROOT_URLCONF = 'urls' @@ -38,3 +42,20 @@ CACHES = { 'TIMEOUT': 5 * 60, # 5 minute cache } } + +# django_auth_ldap settings +AUTH_LDAP_SERVER_URI = 'ldaps://login.linaro.org' +AUTH_LDAP_BIND_DN = 'cn=systems-bind,ou=binders,dc=linaro,dc=org' +AUTH_LDAP_USER_SEARCH = LDAPSearch( + 'ou=accounts,dc=linaro,dc=org', + ldap.SCOPE_SUBTREE, + '(mail=%(user)s)', +) +AUTH_LDAP_USER_ATTR_MAP = { + 'first_name': 'givenName', + 'last_name': 'sn', + 'email': 'mail', +} + +AUTH_LDAP_ALWAYS_UPDATE_USER = False +AUTH_LDAP_FIND_GROUP_PERMS = False |