Basic LDAP handling with django_auth_ldap.

2025-12-24 02:39:20 -05:00 · 2021-10-15 19:40:17 +02:00
parent 6c22fb0ef4
commit 9ef8552ba3
3 changed files with 38 additions and 3 deletions
--- a/2
+++ b/2
@@ -15,7 +15,7 @@ WORKDIR /opt/recipes

 COPY requirements.txt ./

-RUN apk add --no-cache --virtual .build-deps gcc musl-dev postgresql-dev zlib-dev jpeg-dev libressl-dev libffi-dev cargo && \
+RUN apk add --no-cache --virtual .build-deps gcc musl-dev postgresql-dev zlib-dev jpeg-dev libressl-dev libffi-dev cargo openssl-dev openldap-dev && \
    python -m venv venv && \
    /opt/recipes/venv/bin/python -m pip install --upgrade pip && \
    venv/bin/pip install wheel==0.36.2 && \
--- a/recipes/settings.py
+++ b/recipes/settings.py
@@ -157,7 +157,40 @@ if ENABLE_METRICS:
    MIDDLEWARE += 'django_prometheus.middleware.PrometheusAfterMiddleware',

 # Auth related settings
-AUTHENTICATION_BACKENDS = [
+AUTHENTICATION_BACKENDS = []
+
+# LDAP
+LDAP_AUTH=bool(os.getenv('LDAP_AUTH', False))
+if LDAP_AUTH:
+    import ldap
+#    import logging, logging.handlers
+    from django_auth_ldap.config import LDAPSearch
+    AUTHENTICATION_BACKENDS.append('django_auth_ldap.backend.LDAPBackend')
+    AUTH_LDAP_SERVER_URI = os.getenv('AUTH_LDAP_SERVER_URI') 
+    AUTH_LDAP_BIND_DN = os.getenv('AUTH_LDAP_BIND_DN')
+    AUTH_LDAP_BIND_PASSWORD = os.getenv('AUTH_LDAP_BIND_PASSWORD')
+    AUTH_LDAP_USER_SEARCH = LDAPSearch(
+        os.getenv('AUTH_LDAP_USER_SEARCH_BASE_DN'),
+        ldap.SCOPE_SUBTREE,
+        os.getenv('AUTH_LDAP_USER_SEARCH_FILTER_STR', '(uid=%(user)s)'),
+    )
+    #AUTH_LDAP_REQUIRE_GROUP = ''
+    AUTH_LDAP_USER_ATTR_MAP = ast.literal_eval(os.getenv('AUTH_LDAP_USER_ATTR_MAP')) if os.getenv('AUTH_LDAP_USER_ATTR_MAP') else {
+        'first_name': 'givenName',
+        'last_name': 'sn',
+        'email': 'mail',
+    }
+    AUTH_LDAP_ALWAYS_UPDATE_USER = bool(int(os.getenv('AUTH_LDAP_ALWAYS_UPDATE_USER', True)))
+    AUTH_LDAP_CACHE_TIMEOUT = int(os.getenv('AUTH_LDAP_CACHE_TIMEOUT', 3600))
+
+#    logfile = "/tmp/django-ldap-debug.log"
+#    my_logger = logging.getLogger('django_auth_ldap')
+#    my_logger.setLevel(logging.DEBUG)
+#    handler = logging.handlers.RotatingFileHandler(
+#       logfile, maxBytes=1024 * 500, backupCount=5)
+#    my_logger.addHandler(handler)
+
+AUTHENTICATION_BACKENDS += [
    'django.contrib.auth.backends.ModelBackend',
    'allauth.account.auth_backends.AuthenticationBackend',
 ]
--- a/requirements.txt
+++ b/requirements.txt
@@ -39,4 +39,6 @@ django-cors-headers==3.7.0
 django-storages==1.11.1
 boto3==1.18.9
 django-prometheus==2.1.0
-django-hCaptcha==0.1.0
+django-hCaptcha==0.1.0
+python-ldap==3.3.1
+django-auth-ldap==3.0.0