Commit cd1143e0 authored by Jens Langhammer's avatar Jens Langhammer

Merge branch '12-ldap' into 'master'

Resolve "LDAP Authentication"

Closes #12

See merge request !4
parents d888b494 1fd2e537
Pipeline #3380 passed with stages
in 6 minutes and 50 seconds
# Global Variables
before_script:
- "apt-get update"
- "apt-get install -y libsasl2-dev libldap2-dev"
- "python3 -m pip install -U virtualenv"
- "virtualenv env"
- "source env/bin/activate"
......
......@@ -29,3 +29,16 @@ external_auth_only: false
# If this is true, images are automatically claimed if the windows user exists
# in django
auto_claim_enabled: true
# LDAP Authentication
ldap:
enabled: false
server:
uri: 'ldap://dc1.example.com'
tls: false
bind:
dn: ''
password: ''
search_base: ''
filter: '(sAMAccountName=%(user)s)'
require_group: ''
......@@ -35,8 +35,6 @@ data:
port: 8000
threads: 30
debug: false
secure_proxy_header:
HTTP_X_FORWARDED_PROTO: https
redis: redis
# Error reporting, disabled by default
error_report_enabled: {{ .Values.config.error_reporting }}
......@@ -62,6 +60,20 @@ data:
# If this is true, images are automatically claimed if the windows user exists
# in django
auto_claim_enabled: true
# LDAP Authentication
ldap:
enabled: false
server:
uri: 'ldap://dc1.example.com'
tls: false
bind:
dn: ''
password: ''
search_base: ''
filter: '(sAMAccountName=%(user)s)'
require_group: ''
{{- if .Values.config.secret_key }}
secret_key: {{ .Values.config.secret_key }}
{{- else }}
......
......@@ -16,14 +16,16 @@ import socket
import sys
from urllib.parse import urlparse
import ldap
from django_auth_ldap.config import LDAPSearch
from pyazo import __version__
from pyazo.utils.config import CONFIG
LOGGER = logging.getLogger(__name__)
SECURE_PROXY_SSL_HEADER = tuple(CONFIG.get('secure_proxy_header', {}).items())[0]
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
......@@ -84,6 +86,29 @@ CELERY_IMPORTS = ('pyazo.core.tasks', )
# INFLUXDB_TIMEOUT = 5
# INFLUXDB_USE_CELERY = True
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend',
'allauth.account.auth_backends.AuthenticationBackend',
]
# LDAP Settings
with CONFIG.cd('ldap'):
if CONFIG.get('enabled'):
AUTH_LDAP_SERVER_URI = CONFIG.get('server').get('uri')
AUTH_LDAP_START_TLS = CONFIG.get('server').get('tls')
AUTH_LDAP_BIND_DN = CONFIG.get('bind').get('dn')
AUTH_LDAP_BIND_PASSWORD = CONFIG.get('bind').get('password')
# pylint: disable=no-member
AUTH_LDAP_USER_SEARCH = LDAPSearch(CONFIG.get('search_base'),
ldap.SCOPE_SUBTREE, CONFIG.get('filter'))
AUTHENTICATION_BACKENDS += [
'django_auth_ldap.backend.LDAPBackend',
]
if CONFIG.get('require_group'):
AUTH_LDAP_REQUIRE_GROUP = CONFIG.get('require_group')
ACCOUNT_EMAIL_VERIFICATION = 'none'
with CONFIG.cd('web'):
......@@ -115,11 +140,6 @@ INSTALLED_APPS = [
'rest_framework_swagger',
]
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'allauth.account.auth_backends.AuthenticationBackend',
)
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
......@@ -277,6 +297,11 @@ with CONFIG.cd('log'):
'level': 'WARNING',
'propagate': True,
},
'django_auth_ldap': {
'handlers': ['console', 'file'],
'level': 'DEBUG',
'propagate': True,
},
}
}
......
# This is the default configuration file
databases:
default:
engine: 'django.db.backends.sqlite3'
name: 'db.sqlite3'
engine: "django.db.backends.sqlite3"
name: "db.sqlite3"
log:
level:
console: DEBUG
......@@ -11,8 +11,8 @@ log:
email:
host: localhost
port: 25
user: ''
password: ''
user: ""
password: ""
use_tls: false
use_ssl: false
from: pyazo <pyazo@domain.tld>
......@@ -21,8 +21,6 @@ web:
port: 8000
threads: 30
debug: false
secure_proxy_header:
HTTP_X_FORWARDED_PROTO: https
redis: localhost
# Error reporting, disabled by default
error_report_enabled: false
......@@ -45,3 +43,16 @@ external_auth_only: false
# If this is true, images are automatically claimed if the windows user exists
# in django
auto_claim_enabled: true
# LDAP Authentication
ldap:
enabled: false
server:
uri: "ldap://dc1.example.com"
tls: false
bind:
dn: ""
password: ""
search_base: ""
filter: "(sAMAccountName=%(user)s)"
require_group: ""
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment