From 9ef8552ba35121470620e66101282ad90103e9f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Perj=C3=A9ssy=20L=C3=B3r=C3=A1nt?=
 <lostlont@users.noreply.github.com>
Date: Fri, 15 Oct 2021 19:40:17 +0200
Subject: [PATCH] Basic LDAP handling with django_auth_ldap.

---
 Dockerfile          |  2 +-
 recipes/settings.py | 35 ++++++++++++++++++++++++++++++++++-
 requirements.txt    |  4 +++-
 3 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 91b2334fd..f060aa76e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,7 +15,7 @@ WORKDIR /opt/recipes
 
 COPY requirements.txt ./
 
-RUN apk add --no-cache --virtual .build-deps gcc musl-dev postgresql-dev zlib-dev jpeg-dev libressl-dev libffi-dev cargo && \
+RUN apk add --no-cache --virtual .build-deps gcc musl-dev postgresql-dev zlib-dev jpeg-dev libressl-dev libffi-dev cargo openssl-dev openldap-dev && \
     python -m venv venv && \
     /opt/recipes/venv/bin/python -m pip install --upgrade pip && \
     venv/bin/pip install wheel==0.36.2 && \
diff --git a/recipes/settings.py b/recipes/settings.py
index 9d6454789..1d880fbb9 100644
--- a/recipes/settings.py
+++ b/recipes/settings.py
@@ -157,7 +157,40 @@ if ENABLE_METRICS:
     MIDDLEWARE += 'django_prometheus.middleware.PrometheusAfterMiddleware',
 
 # Auth related settings
-AUTHENTICATION_BACKENDS = [
+AUTHENTICATION_BACKENDS = []
+
+# LDAP
+LDAP_AUTH=bool(os.getenv('LDAP_AUTH', False))
+if LDAP_AUTH:
+    import ldap
+#    import logging, logging.handlers
+    from django_auth_ldap.config import LDAPSearch
+    AUTHENTICATION_BACKENDS.append('django_auth_ldap.backend.LDAPBackend')
+    AUTH_LDAP_SERVER_URI = os.getenv('AUTH_LDAP_SERVER_URI') 
+    AUTH_LDAP_BIND_DN = os.getenv('AUTH_LDAP_BIND_DN')
+    AUTH_LDAP_BIND_PASSWORD = os.getenv('AUTH_LDAP_BIND_PASSWORD')
+    AUTH_LDAP_USER_SEARCH = LDAPSearch(
+        os.getenv('AUTH_LDAP_USER_SEARCH_BASE_DN'),
+        ldap.SCOPE_SUBTREE,
+        os.getenv('AUTH_LDAP_USER_SEARCH_FILTER_STR', '(uid=%(user)s)'),
+    )
+    #AUTH_LDAP_REQUIRE_GROUP = ''
+    AUTH_LDAP_USER_ATTR_MAP = ast.literal_eval(os.getenv('AUTH_LDAP_USER_ATTR_MAP')) if os.getenv('AUTH_LDAP_USER_ATTR_MAP') else {
+        'first_name': 'givenName',
+        'last_name': 'sn',
+        'email': 'mail',
+    }
+    AUTH_LDAP_ALWAYS_UPDATE_USER = bool(int(os.getenv('AUTH_LDAP_ALWAYS_UPDATE_USER', True)))
+    AUTH_LDAP_CACHE_TIMEOUT = int(os.getenv('AUTH_LDAP_CACHE_TIMEOUT', 3600))
+
+#    logfile = "/tmp/django-ldap-debug.log"
+#    my_logger = logging.getLogger('django_auth_ldap')
+#    my_logger.setLevel(logging.DEBUG)
+#    handler = logging.handlers.RotatingFileHandler(
+#       logfile, maxBytes=1024 * 500, backupCount=5)
+#    my_logger.addHandler(handler)
+
+AUTHENTICATION_BACKENDS += [
     'django.contrib.auth.backends.ModelBackend',
     'allauth.account.auth_backends.AuthenticationBackend',
 ]
diff --git a/requirements.txt b/requirements.txt
index bb7eba99c..5830a3021 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -39,4 +39,6 @@ django-cors-headers==3.7.0
 django-storages==1.11.1
 boto3==1.18.9
 django-prometheus==2.1.0
-django-hCaptcha==0.1.0
\ No newline at end of file
+django-hCaptcha==0.1.0
+python-ldap==3.3.1
+django-auth-ldap==3.0.0
\ No newline at end of file