marthall/config.py

## config.py
# env/lib/python2.6/site-packages/django_auth_ldap/config.py

def is_member(self, ldap_user, group_dn):
        """
        Returns True if the group is the user's primary group or if the user is
        listed in the group's memberUid attribute.
        """
        try:
            user_uid = ldap_user.attrs['uid'][0]

            user_gid = ldap_user.attrs['gidNumber'][0]
            # Denne krasjer fordi ldap_user ikke har noe gidNumber i grenen ntnuit.
            # Hoppet derfor til except(KeyError, IndexError) noen linjer ned, og returnet false.

            # Det jeg fant ut var at i mange av grenene, f.eks ansatt, så har brukeren et gidNumber.
            # Ved å autentisere mot denne grenen, men fortsatt ha
            # AUTH_LDAP_REQUIRE_GROUP = "cn=nits,ou=groups,dc=ntnu,dc=no"
            # i settings.py, så fungerer nesten alt!
            # Eneste er at den ikke klarer å hente ut "givenName" og "mail", da dette ikke er attributter i grenen ansatt.
            # Dette er ikke noe stort problem.

            try:
                is_member = ldap_user.connection.compare_s(group_dn.encode('utf-8'), 'memberUid', user_uid.encode('utf-8'))
            except self.ldap.NO_SUCH_ATTRIBUTE:
                is_member = False

            if not is_member:
                try:
                    is_member = ldap_user.connection.compare_s(group_dn.encode('utf-8'), 'gidNumber', user_gid.encode('utf-8'))
                except self.ldap.NO_SUCH_ATTRIBUTE:
                    is_member = False
        except (KeyError, IndexError):
            is_member = False
        return is_member

## settings.py
ldap.set_option( ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER )

AUTH_LDAP_SERVER_URI = "ldaps://at.ntnu.no"


AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=ntnu,dc=no", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
AUTH_LDAP_GROUP_TYPE = PosixGroupType()

AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": "cn=nits,ou=groups,dc=ntnu,dc=no",
    "is_staff": "cn=nits,ou=groups,dc=ntnu,dc=no",

    # The only superuser should be a local admin user
    # "is_superuser": "cn=nits,ou=groups,dc=ntnu,dc=no",
}

AUTH_LDAP_REQUIRE_GROUP = "cn=nits,ou=groups,dc=ntnu,dc=no"

AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_MIRROR_GROUPS = True

AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=ansatt,ou=system,dc=ntnu,dc=no", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
	# env/lib/python2.6/site-packages/django_auth_ldap/config.py

	def is_member(self, ldap_user, group_dn):
	"""
	Returns True if the group is the user's primary group or if the user is
	listed in the group's memberUid attribute.
	"""
	try:
	user_uid = ldap_user.attrs['uid'][0]

	user_gid = ldap_user.attrs['gidNumber'][0]
	# Denne krasjer fordi ldap_user ikke har noe gidNumber i grenen ntnuit.
	# Hoppet derfor til except(KeyError, IndexError) noen linjer ned, og returnet false.

	# Det jeg fant ut var at i mange av grenene, f.eks ansatt, så har brukeren et gidNumber.
	# Ved å autentisere mot denne grenen, men fortsatt ha
	# AUTH_LDAP_REQUIRE_GROUP = "cn=nits,ou=groups,dc=ntnu,dc=no"
	# i settings.py, så fungerer nesten alt!
	# Eneste er at den ikke klarer å hente ut "givenName" og "mail", da dette ikke er attributter i grenen ansatt.
	# Dette er ikke noe stort problem.

	try:
	is_member = ldap_user.connection.compare_s(group_dn.encode('utf-8'), 'memberUid', user_uid.encode('utf-8'))
	except self.ldap.NO_SUCH_ATTRIBUTE:
	is_member = False

	if not is_member:
	try:
	is_member = ldap_user.connection.compare_s(group_dn.encode('utf-8'), 'gidNumber', user_gid.encode('utf-8'))
	except self.ldap.NO_SUCH_ATTRIBUTE:
	is_member = False
	except (KeyError, IndexError):
	is_member = False
	return is_member
	ldap.set_option( ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER )

	AUTH_LDAP_SERVER_URI = "ldaps://at.ntnu.no"


	AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=ntnu,dc=no", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
	AUTH_LDAP_GROUP_TYPE = PosixGroupType()

	AUTH_LDAP_USER_ATTR_MAP = {
	"first_name": "givenName",
	"last_name": "sn",
	"email": "mail",
	}

	AUTH_LDAP_USER_FLAGS_BY_GROUP = {
	"is_active": "cn=nits,ou=groups,dc=ntnu,dc=no",
	"is_staff": "cn=nits,ou=groups,dc=ntnu,dc=no",

	# The only superuser should be a local admin user
	# "is_superuser": "cn=nits,ou=groups,dc=ntnu,dc=no",
	}

	AUTH_LDAP_REQUIRE_GROUP = "cn=nits,ou=groups,dc=ntnu,dc=no"

	AUTH_LDAP_ALWAYS_UPDATE_USER = True
	AUTH_LDAP_MIRROR_GROUPS = True

	AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=ansatt,ou=system,dc=ntnu,dc=no", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")