aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKelley Spoon <kelley.spoon@linaro.org>2022-02-01 17:31:50 -0600
committerKelley Spoon <kelley.spoon@linaro.org>2022-02-01 23:33:14 +0000
commit6f19b63a6e257d9ac51eec9d4783579fabe0d840 (patch)
treec75ccb0754b7c567daebd1f53785064da2a1c9c7
parentff8c3f4f77c208616eb0a8b6b112a4f8a3b6377b (diff)
downloadlinaro-license-protection-6f19b63a6e257d9ac51eec9d4783579fabe0d840.tar.gz
settings_production: add in LDAP settings
This change adds in the requires AUTH_LDAP settings to allow llp to use auth_ldap_backend. The LDAP bind password is set in the host's secrets. Change-Id: Ifcf8ef6d79ae8ba7d5e904a696b60a8bb9dd9eae Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org> Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40443
-rw-r--r--settings_production.py21
1 files changed, 21 insertions, 0 deletions
diff --git a/settings_production.py b/settings_production.py
index 298dbf4..73a4c4e 100644
--- a/settings_production.py
+++ b/settings_production.py
@@ -1,6 +1,10 @@
# Settings for our production instances
from settings import *
+import ldap
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
+
+
DEBUG = False
ROOT_URLCONF = 'urls'
@@ -38,3 +42,20 @@ CACHES = {
'TIMEOUT': 5 * 60, # 5 minute cache
}
}
+
+# django_auth_ldap settings
+AUTH_LDAP_SERVER_URI = 'ldaps://login.linaro.org'
+AUTH_LDAP_BIND_DN = 'cn=systems-bind,ou=binders,dc=linaro,dc=org'
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+ 'ou=accounts,dc=linaro,dc=org',
+ ldap.SCOPE_SUBTREE,
+ '(mail=%(user)s)',
+)
+AUTH_LDAP_USER_ATTR_MAP = {
+ 'first_name': 'givenName',
+ 'last_name': 'sn',
+ 'email': 'mail',
+}
+
+AUTH_LDAP_ALWAYS_UPDATE_USER = False
+AUTH_LDAP_FIND_GROUP_PERMS = False