diff --git a/config/settings/base.py b/config/settings/base.py index bb0853e..6b2a4e6 100644 --- a/config/settings/base.py +++ b/config/settings/base.py @@ -3,8 +3,6 @@ """ import environ -import ldap -from django_auth_ldap.config import LDAPSearch, GroupOfNamesType from django.utils.translation import gettext_lazy as _ @@ -82,36 +80,8 @@ # AUTHENTICATION # ------------------------------------------------------------------------------ AUTHENTICATION_BACKENDS = [ - 'django_auth_ldap.backend.LDAPBackend', - # 'django.contrib.auth.backends.ModelBackend', + 'django.contrib.auth.backends.ModelBackend', ] - -AUTH_LDAP_SERVER_URI = "ldap://127.0.0.1:10389/" - -AUTH_LDAP_BIND_DN = "" -AUTH_LDAP_BIND_PASSWORD = "" -AUTH_LDAP_USER_SEARCH = LDAPSearch( - "ou=users,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") - -AUTH_LDAP_FIND_GROUP_PERMS = True -AUTH_LDAP_GROUP_SEARCH = LDAPSearch( - 'ou=groups,dc=example,dc=com', - ldap.SCOPE_SUBTREE, - '(objectClass=groupOfNames)', -) -AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn') - -AUTH_LDAP_USER_ATTR_MAP = { - 'first_name': 'givenName', - 'last_name': 'sn', - 'email': 'mail', -} - -AUTH_LDAP_USER_FLAGS_BY_GROUP = { - 'is_staff': 'cn=staff,ou=groups,dc=example,dc=com', - 'is_superuser': 'cn=superuser,ou=groups,dc=example,dc=com', -} - # AUTH_USER_MODEL = 'users.User' # LOGIN_REDIRECT_URL = 'users:redirect' # LOGIN_URL = 'account_login' @@ -124,20 +94,20 @@ 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher', 'django.contrib.auth.hashers.BCryptPasswordHasher', ] -# AUTH_PASSWORD_VALIDATORS = [ -# { -# 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', -# }, -# { -# 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', -# }, -# { -# 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', -# }, -# { -# 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', -# }, -# ] +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] # MIDDLEWARE # ------------------------------------------------------------------------------ diff --git a/config/settings/production.py b/config/settings/production.py index b71f582..b60e3f9 100644 --- a/config/settings/production.py +++ b/config/settings/production.py @@ -1,3 +1,6 @@ +import ldap +from django_auth_ldap.config import LDAPSearch, GroupOfNamesType + from .base import * # noqa from .base import env @@ -29,6 +32,38 @@ } } +# AUTHENTICATION +AUTHENTICATION_BACKENDS = [ + 'django_auth_ldap.backend.LDAPBackend', + # 'django.contrib.auth.backends.ModelBackend', +] + +AUTH_LDAP_SERVER_URI = "ldap://127.0.0.1:10389/" + +AUTH_LDAP_BIND_DN = "" +AUTH_LDAP_BIND_PASSWORD = "" +AUTH_LDAP_USER_SEARCH = LDAPSearch( + "ou=users,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") + +AUTH_LDAP_FIND_GROUP_PERMS = True +AUTH_LDAP_GROUP_SEARCH = LDAPSearch( + 'ou=groups,dc=example,dc=com', + ldap.SCOPE_SUBTREE, + '(objectClass=groupOfNames)', +) +AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn') + +AUTH_LDAP_USER_ATTR_MAP = { + 'first_name': 'givenName', + 'last_name': 'sn', + 'email': 'mail', +} + +AUTH_LDAP_USER_FLAGS_BY_GROUP = { + 'is_staff': 'cn=staff,ou=groups,dc=example,dc=com', + 'is_superuser': 'cn=superuser,ou=groups,dc=example,dc=com', +} + # SECURITY # ------------------------------------------------------------------------------ # https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header