Skip to content

Commit

Permalink
add optional user and admin ldap groups
Browse files Browse the repository at this point in the history
  • Loading branch information
@martinjrobins
martinjrobins committed Dec 8, 2023
1 parent efa898d commit eded480
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .env.prod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,5 @@ AUTH_LDAP_BIND_DN=cn=read-only-admin,dc=example,dc=com
AUTH_LDAP_BIND_PASSWORD=password
AUTH_LDAP_SEARCH_BASE=ou=mathematicians,dc=example,dc=com
AUTH_LDAP_SEARCH_FILTER=(uid=%(user)s)
AUTH_LDAP_USER_GROUP=cn=user,ou=groups,dc=example,dc=com
AUTH_LDAP_ADMIN_GROUP=cn=admin,ou=groups,dc=example,dc=com
11 changes: 11 additions & 0 deletions pkpdapp/pkpdapp/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,17 @@
'ldap://ldap.forumsys.com:389'
)

user_group = os.environ.get('AUTH_LDAP_USER_GROUP', None)
admin_group = os.environ.get('AUTH_LDAP_ADMIN_GROUP', None)

if user_group is not None:
AUTH_LDAP_REQUIRE_GROUP = user_group

if admin_group is not None:
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_superuser": admin_group
}

use_direct_bind = bool(int(os.environ.get('AUTH_LDAP_DIRECT_BIND', '0')))
if use_direct_bind:
AUTH_LDAP_USER_DN_TEMPLATE = os.environ.get(
Expand Down

0 comments on commit eded480

Please sign in to comment.