From: Emilie <zawadzki@ircam.fr>
Date: Tue, 5 Dec 2017 15:28:12 +0000 (+0100)
Subject: [LDAP] : activated
X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=c0d8856f81dba09b2d70c1673ecfe525cdc8b5a6;p=mezzo.git

[LDAP] : activated
---

diff --git a/app/settings.py b/app/settings.py
index fafad4f3..7b0d5519 100644
--- a/app/settings.py
+++ b/app/settings.py
@@ -24,6 +24,7 @@ from __future__ import absolute_import, unicode_literals
 
 import os
 from django.utils.translation import ugettext_lazy as _
+from django.core.urlresolvers import reverse_lazy
 import ldap, logging
 from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
 
@@ -147,8 +148,7 @@ USE_I18N = True
 USE_L10N = True
 
 AUTHENTICATION_BACKENDS = (
-#   Activate Auth LDAP : 
-#   "organization.core.backend.OrganizationLDAPBackend",
+    "organization.core.backend.OrganizationLDAPBackend",
     "mezzanine.core.auth_backends.MezzanineBackend",
     "guardian.backends.ObjectPermissionBackend",
 )
@@ -613,16 +613,37 @@ if DEBUG :
 
 # 1 - Activate logging :
 # logging
-# if DEBUG:
-#     logger = logging.getLogger('django_auth_ldap')
-#     logger.addHandler(logging.StreamHandler())
-#     logger.setLevel(logging.DEBUG)
+if DEBUG:
+    logger = logging.getLogger('django_auth_ldap')
+    logger.addHandler(logging.StreamHandler())
+    logger.setLevel(logging.DEBUG)
 
 # 2 - Specify your LDAP settings :
-# https://django-auth-ldap.readthedocs.io/en/latest/
+AUTH_LDAP_SERVER_URI = "ldap://clusterldap1.ircam.fr"
+AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,dc=ircam,dc=fr", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
+
+# Set up the basic group parameters.
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=People,dc=ircam,dc=fr",
+    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
+)
+AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail"
+}
+
+# This is the default, but I like to be explicit.
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+
+# Use LDAP group membership to calculate group permissions.
+AUTH_LDAP_FIND_GROUP_PERMS = True
 
-# 3 - Activate LDAP Backend 
-# Please see AUTHENTICATION_BACKENDS
+# Cache group memberships for an hour to minimize LDAP traffic
+AUTH_LDAP_CACHE_GROUPS = True
+AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
 
 ##################
 # LOCAL SETTINGS #