notverypc · June 25, 2018 14:29
diff --git a/mwa2_AD_auth.py b/mwa2_AD_auth.py
 # django ldap auth
 USE_LDAP = True
 # LDAP authentication support
 if USE_LDAP:

    import ldap
    from django_auth_ldap.config import LDAPSearch, LDAPGroupQuery, ActiveDirectoryGroupType

    # LDAP settings
    AUTH_LDAP_SERVER_URI = 'ldap://something.ac.uk:389'
 #    AUTH_LDAP_PORT = 636 (Default Port for SSL)
    AUTH_LDAP_BIND_DN = 'cn=bind_user,ou=service accounts,dc=something,dc=something_else,dc=ac,dc=uk'
    AUTH_LDAP_BIND_PASSWORD = 'password'
    AUTH_LDAP_USER_SEARCH = LDAPSearch(
        'ou=users,dc=something,dc=something_else,dc=ac,dc=uk',
        ldap.SCOPE_SUBTREE, '(sAMAccountName=%(user)s)')
    AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
        'OU=Groups,dc=something,dc=something_else,dc=ac,dc=uk',
        ldap.SCOPE_SUBTREE, '(objectClass=*)')
    AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
    AUTH_LDAP_FIND_GROUP_PERMS = True
    AUTH_LDAP_GLOBAL_OPTIONS = {
        ldap.OPT_X_TLS_REQUIRE_CERT: False,
        ldap.OPT_REFERRALS: False, }
    AUTH_LDAP_REQUIRE_GROUP = 'CN=Required_Group,DC=Something,DC=something_else,DC=ac,DC=uk'
    AUTH_LDAP_ALWAYS_UPDATE_USER = True
    # Cache group memberships for an hour to minimize LDAP traffic
    AUTH_LDAP_CACHE_GROUPS = True
    AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
    AUTH_LDAP_USER_ATTR_MAP = {'first_name': 'givenName',
                               'last_name': 'sn',
                               'email': 'mail'}
    AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    'is_active': (
        LDAPGroupQuery("CN=GroupToSearch,DC=Something,DC=something_else,DC=ac,DC=uk")
        ),
    'is_staff': (
        LDAPGroupQuery("CN=GroupToSearch,DC=Something,DC=something_else,DC=ac,DC=uk")
        ),
    'is_superuser': (
        LDAPGroupQuery("CN=GroupToSearch,DC=Something,DC=something_else,DC=ac,DC=uk")
        )
    }

 if USE_LDAP:
    AUTHENTICATION_BACKENDS = (
        'django_auth_ldap.backend.LDAPBackend',
        'django.contrib.auth.backends.ModelBackend',
    )
 else:
    AUTHENTICATION_BACKENDS = (
        'django.contrib.auth.backends.ModelBackend',
    )
	# django ldap auth
	USE_LDAP = True
	# LDAP authentication support
	if USE_LDAP:

	import ldap
	from django_auth_ldap.config import LDAPSearch, LDAPGroupQuery, ActiveDirectoryGroupType

	# LDAP settings
	AUTH_LDAP_SERVER_URI = 'ldap://something.ac.uk:389'
	# AUTH_LDAP_PORT = 636 (Default Port for SSL)
	AUTH_LDAP_BIND_DN = 'cn=bind_user,ou=service accounts,dc=something,dc=something_else,dc=ac,dc=uk'
	AUTH_LDAP_BIND_PASSWORD = 'password'
	AUTH_LDAP_USER_SEARCH = LDAPSearch(
	'ou=users,dc=something,dc=something_else,dc=ac,dc=uk',
	ldap.SCOPE_SUBTREE, '(sAMAccountName=%(user)s)')
	AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
	'OU=Groups,dc=something,dc=something_else,dc=ac,dc=uk',
	ldap.SCOPE_SUBTREE, '(objectClass=*)')
	AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
	AUTH_LDAP_FIND_GROUP_PERMS = True
	AUTH_LDAP_GLOBAL_OPTIONS = {
	ldap.OPT_X_TLS_REQUIRE_CERT: False,
	ldap.OPT_REFERRALS: False, }
	AUTH_LDAP_REQUIRE_GROUP = 'CN=Required_Group,DC=Something,DC=something_else,DC=ac,DC=uk'
	AUTH_LDAP_ALWAYS_UPDATE_USER = True
	# Cache group memberships for an hour to minimize LDAP traffic
	AUTH_LDAP_CACHE_GROUPS = True
	AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
	AUTH_LDAP_USER_ATTR_MAP = {'first_name': 'givenName',
	'last_name': 'sn',
	'email': 'mail'}
	AUTH_LDAP_USER_FLAGS_BY_GROUP = {
	'is_active': (
	LDAPGroupQuery("CN=GroupToSearch,DC=Something,DC=something_else,DC=ac,DC=uk")
	),
	'is_staff': (
	LDAPGroupQuery("CN=GroupToSearch,DC=Something,DC=something_else,DC=ac,DC=uk")
	),
	'is_superuser': (
	LDAPGroupQuery("CN=GroupToSearch,DC=Something,DC=something_else,DC=ac,DC=uk")
	)
	}

	if USE_LDAP:
	AUTHENTICATION_BACKENDS = (
	'django_auth_ldap.backend.LDAPBackend',
	'django.contrib.auth.backends.ModelBackend',
	)
	else:
	AUTHENTICATION_BACKENDS = (
	'django.contrib.auth.backends.ModelBackend',
	)