forked from dnknth/ldap-ui
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsettings.py
77 lines (58 loc) · 2.08 KB
/
settings.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
from dotenv import load_dotenv
import os
load_dotenv()
# App settings
PREFERRED_URL_SCHEME = 'https'
SECRET_KEY = os.urandom(16)
#
# LDAP settings
#
LDAP_URL = os.environ.get('LDAP_URL', 'ldap:///')
BASE_DN = os.environ.get('BASE_DN') # Always required
assert BASE_DN, "BASE_DN environment variable must be set"
USE_TLS = bool(os.environ.get('USE_TLS', LDAP_URL.startswith('ldaps://')))
INSECURE_TLS = bool(os.environ.get('INSECURE_TLS', False))
SCHEMA_DN = 'cn=subschema'
#
# Binding
#
def GET_BIND_DN(authorization):
'Try to determine the login DN from the environment and request'
# Use a hard-wired DN from the environment.
# If this is set and a GET_BIND_PASSWORD returns something,
# the UI will NOT ask for a login.
# You need to secure it otherwise!
if os.environ.get('BIND_DN'): return os.environ['BIND_DN']
# Optional user DN pattern string for authentication,
# e.g. "uid=%s,ou=people,dc=example,dc=com".
# This can be used to authenticate with directories
# that do not allow anonymous users to search.
elif os.environ.get('BIND_PATTERN') and authorization is not None:
return os.environ['BIND_PATTERN'] % authorization.username
def GET_BIND_DN_FILTER(authorization):
'Produce a LDAP search filter for the login DN'
return SEARCH_PATTERNS[0] % authorization.username
def GET_BIND_PASSWORD(authorization):
'Try to determine the login password from the environment or request'
pw = os.environ.get('BIND_PASSWORD')
if pw is not None: return pw
pw_file = os.environ.get('BIND_PASSWORD_FILE')
if pw_file is not None:
with open(pw_file) as file:
return file.read().rstrip('\n')
if authorization is not None:
return authorization.password
#
# Search
#
# Attribute to search for user names
LOGIN_ATTR = os.environ.get('LOGIN_ATTR', 'uid')
# Search users by a number of common attributes
SEARCH_PATTERNS = (
'(%s=%%s)' % LOGIN_ATTR,
'(cn=%s)',
'(gn=%s)',
'(sn=%s)',
)
SEARCH_QUERY_MIN = 2 # Minimm length of query term
SEARCH_MAX = 50 # Maximum number of results