From cc02534f1f61d2e8531c7e5da8c6abcb8f5f8d61 Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Thu, 14 Dec 2023 17:16:59 -0400
Subject: [PATCH] feat: get AUTH_LDAP_* from the environment

---
 steering/settings.py | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/steering/settings.py b/steering/settings.py
index b4288249..c457c2b6 100644
--- a/steering/settings.py
+++ b/steering/settings.py
@@ -182,36 +182,36 @@ FILTER_ACTIVE_SHOWS_USING = {
 # WSGI_APPLICATION = 'steering.wsgi.application';
 
 if os.getenv("USE_LDAP_AUTH"):
+    # we don't have defaults for these because they are set in docker-compose
     AUTHENTICATION_BACKENDS = (
         "django_auth_ldap.backend.LDAPBackend",
         "django.contrib.auth.backends.ModelBackend",
     )
 
-    AUTH_LDAP_SERVER_URI = "ldap://ldap.local"
-    AUTH_LDAP_BIND_DN = "cn=reader,dc=local"
+    AUTH_LDAP_ALWAYS_UPDATE_USER = os.getenv("AUTH_LDAP_ALWAYS_UPDATE_USER")
+    AUTH_LDAP_BIND_DN = os.getenv("AUTH_LDAP_BIND_DN")
     AUTH_LDAP_BIND_PASSWORD = os.getenv("AUTH_LDAP_BIND_PASSWORD")
-    AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=local"
+    AUTH_LDAP_FIND_GROUP_PERMS = os.getenv("AUTH_LDAP_FIND_GROUP_PERMS")
     AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
-        "ou=groups,dc=local",
-        ldap.SCOPE_SUBTREE,
-        "(objectClass=posixGroup)",
+        base_dn=os.getenv("AUTH_LDAP_GROUP_SEARCH_BASE_DN"),
+        scope=ldap.SCOPE_SUBTREE,
+        filterstr=os.getenv("AUTH_LDAP_GROUP_SEARCH_FILTERSTR"),
     )
     AUTH_LDAP_GROUP_TYPE = PosixGroupType()
+    AUTH_LDAP_MIRROR_GROUPS = os.getenv("AUTH_LDAP_MIRROR_GROUPS")
+    AUTH_LDAP_SERVER_URI = os.getenv("AUTH_LDAP_SERVER_URI")
     AUTH_LDAP_USER_ATTR_MAP = {
-        "first_name": "givenName",
-        "last_name": "sn",
-        "email": "mail",
+        "first_name": os.getenv("AUTH_LDAP_USER_ATTR_MAP_FIRST_NAME"),
+        "last_name": os.getenv("AUTH_LDAP_USER_ATTR_MAP_LAST_NAME"),
+        "email": os.getenv("AUTH_LDAP_USER_ATTR_MAP_EMAIL"),
     }
+    AUTH_LDAP_USER_DN_TEMPLATE = os.getenv("AUTH_LDAP_USER_DN_TEMPLATE")
     AUTH_LDAP_USER_FLAGS_BY_GROUP = {
-        "is_active": "cn=active,ou=django,ou=groups,dc=local",
-        "is_staff": "cn=staff,ou=django,ou=groups,dc=local",
-        "is_superuser": "cn=superuser,ou=django,ou=groups,dc=local",
+        "is_active": os.getenv("AUTH_LDAP_USER_FLAGS_BY_GROUP_ACTIVE"),
+        "is_staff": os.getenv("AUTH_LDAP_USER_FLAGS_BY_GROUP_STAFF"),
+        "is_superuser": os.getenv("AUTH_LDAP_USER_FLAGS_BY_GROUP_SUPERUSER"),
     }
 
-    AUTH_LDAP_ALWAYS_UPDATE_USER = True
-    AUTH_LDAP_FIND_GROUP_PERMS = True
-    AUTH_LDAP_MIRROR_GROUPS = True
-
 # SITE_URL is used by django-oidc-provider and openid-configuration will break not set correctly
 PORT = os.getenv("STEERING_PORT")
 AURA_PROTO = os.getenv("AURA_PROTO", default="http")
-- 
GitLab