Skip to content

Instantly share code, notes, and snippets.

@marthall
Last active December 25, 2015 18:49
Show Gist options
  • Save marthall/7023231 to your computer and use it in GitHub Desktop.
Save marthall/7023231 to your computer and use it in GitHub Desktop.
LDAP-oppsett mot NTNU
# env/lib/python2.6/site-packages/django_auth_ldap/config.py
def is_member(self, ldap_user, group_dn):
"""
Returns True if the group is the user's primary group or if the user is
listed in the group's memberUid attribute.
"""
try:
user_uid = ldap_user.attrs['uid'][0]
user_gid = ldap_user.attrs['gidNumber'][0]
# Denne krasjer fordi ldap_user ikke har noe gidNumber i grenen ntnuit.
# Hoppet derfor til except(KeyError, IndexError) noen linjer ned, og returnet false.
# Det jeg fant ut var at i mange av grenene, f.eks ansatt, så har brukeren et gidNumber.
# Ved å autentisere mot denne grenen, men fortsatt ha
# AUTH_LDAP_REQUIRE_GROUP = "cn=nits,ou=groups,dc=ntnu,dc=no"
# i settings.py, så fungerer nesten alt!
# Eneste er at den ikke klarer å hente ut "givenName" og "mail", da dette ikke er attributter i grenen ansatt.
# Dette er ikke noe stort problem.
try:
is_member = ldap_user.connection.compare_s(group_dn.encode('utf-8'), 'memberUid', user_uid.encode('utf-8'))
except self.ldap.NO_SUCH_ATTRIBUTE:
is_member = False
if not is_member:
try:
is_member = ldap_user.connection.compare_s(group_dn.encode('utf-8'), 'gidNumber', user_gid.encode('utf-8'))
except self.ldap.NO_SUCH_ATTRIBUTE:
is_member = False
except (KeyError, IndexError):
is_member = False
return is_member
ldap.set_option( ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER )
AUTH_LDAP_SERVER_URI = "ldaps://at.ntnu.no"
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=ntnu,dc=no", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "cn=nits,ou=groups,dc=ntnu,dc=no",
"is_staff": "cn=nits,ou=groups,dc=ntnu,dc=no",
# The only superuser should be a local admin user
# "is_superuser": "cn=nits,ou=groups,dc=ntnu,dc=no",
}
AUTH_LDAP_REQUIRE_GROUP = "cn=nits,ou=groups,dc=ntnu,dc=no"
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=ansatt,ou=system,dc=ntnu,dc=no", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment