Coverage for product_risk_suite/product_risk_suite/ldap_settings.py: 0%

11 statements  

« prev     ^ index     » next       coverage.py v7.15.0, created at 2026-07-07 12:45 +0000

1# tag::ldap-configuration-local-example[] 

2import ldap 

3from django_auth_ldap.config import LDAPSearch 

4from product_risk_suite.settings import * 

5 

6AUTHENTICATION_BACKENDS = ( 

7 'django_auth_ldap.backend.LDAPBackend', 

8) + AUTHENTICATION_BACKENDS 

9 

10AUTH_LDAP_SERVER_URI = "ldap://localhost:3389" 

11AUTH_LDAP_BIND_DN = 'cn=serviceuser,ou=domain-admins,dc=glauth,dc=com' 

12AUTH_LDAP_BIND_PASSWORD = 'domain-nimda' 

13AUTH_LDAP_USER_SEARCH = LDAPSearch( 

14 'dc=glauth,dc=com', 

15 ldap.SCOPE_SUBTREE, 

16 '(uid=%(user)s)', 

17) 

18# Or: 

19# AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=users,dc=example,dc=com' 

20 

21# Set up the basic group parameters. 

22# AUTH_LDAP_GROUP_SEARCH = LDAPSearch( 

23# 'ou=django,ou=groups,dc=example,dc=com', 

24# ldap.SCOPE_SUBTREE, 

25# '(objectClass=groupOfNames)', 

26# ) 

27# AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn') 

28 

29# Simple group restrictions 

30# AUTH_LDAP_REQUIRE_GROUP = 'cn=enabled,ou=django,ou=groups,dc=example,dc=com' 

31# AUTH_LDAP_DENY_GROUP = 'cn=disabled,ou=django,ou=groups,dc=example,dc=com' 

32 

33# Populate the Django user from the LDAP directory. 

34# AUTH_LDAP_USER_ATTR_MAP = { 

35# 'first_name': 'givenName', 

36# 'last_name': 'sn', 

37# 'email': 'mail', 

38# } 

39 

40# AUTH_LDAP_USER_FLAGS_BY_GROUP = { 

41# 'is_active': 'cn=active,ou=django,ou=groups,dc=example,dc=com', 

42# 'is_staff': 'cn=staff,ou=django,ou=groups,dc=example,dc=com', 

43# 'is_superuser': 'cn=superuser,ou=django,ou=groups,dc=example,dc=com', 

44# } 

45 

46# This is the default, but I like to be explicit. 

47AUTH_LDAP_ALWAYS_UPDATE_USER = True 

48 

49# Use LDAP group membership to calculate group permissions. 

50# make local project permissions 

51AUTH_LDAP_FIND_GROUP_PERMS = False 

52 

53# Cache distinguished names and group memberships for an hour to minimize 

54# LDAP traffic. 

55AUTH_LDAP_CACHE_TIMEOUT = 3600 

56 

57# end::ldap-configuration-local-example[]