From 0c157deda69591f5f28520c656b0da308d66647e Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Wed, 2 Nov 2022 16:37:43 -0400
Subject: [PATCH] Add settings for LDAP authentication

---
 steering/settings.py | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/steering/settings.py b/steering/settings.py
index d03ea668..7b781d5f 100644
--- a/steering/settings.py
+++ b/steering/settings.py
@@ -4,6 +4,9 @@ import os
 from pathlib import Path
 
 from corsheaders.defaults import default_headers
+from django_auth_ldap.config import LDAPSearch, PosixGroupType
+
+import ldap
 
 # Paths
 BASE_DIR = Path(__file__).resolve(strict=True).parent.parent
@@ -185,3 +188,34 @@ else:
     )
 
 # WSGI_APPLICATION = 'steering.wsgi.application';
+
+if os.getenv("USE_LDAP_AUTH"):
+    AUTHENTICATION_BACKENDS = (
+        "django_auth_ldap.backend.LDAPBackend",
+        "django.contrib.auth.backends.ModelBackend",
+    )
+
+    AUTH_LDAP_SERVER_URI = "ldap://ldap.local"
+    AUTH_LDAP_BIND_DN = "cn=reader,dc=local"
+    AUTH_LDAP_BIND_PASSWORD = os.getenv("AUTH_LDAP_BIND_PASSWORD")
+    AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=local"
+    AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+        "ou=groups,dc=local",
+        ldap.SCOPE_SUBTREE,
+        "(objectClass=posixGroup)",
+    )
+    AUTH_LDAP_GROUP_TYPE = PosixGroupType()
+    AUTH_LDAP_USER_ATTR_MAP = {
+        "first_name": "givenName",
+        "last_name": "sn",
+        "email": "mail",
+    }
+    AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+        "is_active": "cn=active,ou=django,ou=groups,dc=local",
+        "is_staff": "cn=staff,ou=django,ou=groups,dc=local",
+        "is_superuser": "cn=superuser,ou=django,ou=groups,dc=local",
+    }
+
+    AUTH_LDAP_ALWAYS_UPDATE_USER = True
+    AUTH_LDAP_FIND_GROUP_PERMS = True
+    AUTH_LDAP_MIRROR_GROUPS = True
-- 
GitLab