Add support for LDAP / AD authentication.

[astakos] / snf-astakos-app / conf / 20-snf-astakos-app-settings.conf

diff --git a/snf-astakos-app/conf/20-snf-astakos-app-settings.conf b/snf-astakos-app/conf/20-snf-astakos-app-settings.conf
index c99cb9f..d519c25 100644 (file)
--- a/snf-astakos-app/conf/20-snf-astakos-app-settings.conf
+++ b/snf-astakos-app/conf/20-snf-astakos-app-settings.conf
@@ -115,4 +115,55 @@
 # NEWPASSWD_INVALIDATE_TOKEN = getattr(settings, 'ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN', True)
 
 # Permit local account migration
-# ENABLE_LOCAL_ACCOUNT_MIGRATION = getattr(settings, 'ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION', True)
\ No newline at end of file
+# ENABLE_LOCAL_ACCOUNT_MIGRATION = getattr(settings, 'ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION', True)
+
+# A dictionary describing the additional user fields appearing during the second step of third party account creation
+# THIRDPARTY_ACC_ADDITIONAL_FIELDS = getattr(settings, 'ASTAKOS_THIRDPARTY_ACC_ADDITIONAL_FIELDS', {
+#     'first_name':None,
+#     'last_name':None,
+# })
+
+## Enable LDAP / AD authentication
+#AUTHENTICATION_BACKENDS = ['astakos.im.auth_ldap.backend.LDAPBackend'] + list(AUTHENTICATION_BACKENDS)
+
+## LDAP authentication backend (django-auth-ldap) configuration
+## For more information / documentation, see:
+## http://packages.python.org/django-auth-ldap/
+#import ldap
+#from astakos.im.auth_ldap.config import LDAPSearch
+#AUTH_LDAP_SERVER_URI = "ldap(s)://host:port"
+
+## If anon search is disallowed, specify bind dn and password
+#AUTH_LDAP_BIND_DN = ""
+#AUTH_LDAP_BIND_PASSWORD = ""
+
+## LDAP search conf
+## Example search for AD:
+#AUTH_LDAP_USER_SEARCH = LDAPSearch(subtree_dn, ldap.SCOPE_SUBTREE, "(userPrincipalName=%(user)s)")
+## Example search for LDAP
+## NOTE: Use email instead of uid, since astakos requires a valid and unique
+## email address for every user. See astakos docs for more information
+#AUTH_LDAP_USER_SEARCH = LDAPSearch(subtree_dn, ldap.SCOPE_SUBTREE, "(uid=%(mail)s)")
+
+## LDAP group configuration
+#from astakos.im.auth_ldap.config import GroupOfNamesType
+
+## LDAP group search conf
+#AUTH_LDAP_GROUP_SEARCH = LDAPSearch(subtree_dn, ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)")
+#AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
+
+## Allow only users belonging to a specific group to login
+#AUTH_LDAP_REQUIRE_GROUP = group_dn
+
+## Specify the map between ldap attrs and astakos user attrs
+#AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn", "email": "mail"}
+
+## Automatically set users belonging to a specific group as active
+#AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+#    "is_active": group_dn,
+#    "is_admin": admin_group_dn
+#}
+
+## Update user information from LDAP on every login. 
+## Set it to False for the time being to prevent confusing astakos on email changes.
+#AUTH_LDAP_ALWAYS_UPDATE_USER = False