[Mageia-sysadm] [618] - add ldap authentication to transifex, so far for sysadmin only ( for
root at mageia.org
root at mageia.org
Wed Dec 15 02:39:35 CET 2010
Revision: 618
Author: misc
Date: 2010-12-15 02:39:35 +0100 (Wed, 15 Dec 2010)
Log Message:
-----------
- add ldap authentication to transifex, so far for sysadmin only ( for
testing purposes )
Modified Paths:
--------------
puppet/modules/transifex/manifests/init.pp
Added Paths:
-----------
puppet/modules/transifex/templates/45-ldap.conf
Modified: puppet/modules/transifex/manifests/init.pp
===================================================================
--- puppet/modules/transifex/manifests/init.pp 2010-12-15 01:39:33 UTC (rev 617)
+++ puppet/modules/transifex/manifests/init.pp 2010-12-15 01:39:35 UTC (rev 618)
@@ -1,9 +1,11 @@
class transifex {
- package { ['transifex','python-psycopg2']:
+
+ package { ['transifex','python-psycopg2','python-django-auth-ldap']:
ensure => installed
}
$password = extlookup("transifex_password",'x')
+ $ldap_password = extlookup("transifex_ldap",'x')
@@postgresql::user { 'transifex':
password => $password,
@@ -48,6 +50,17 @@
notify => Service['apache']
}
+ file { "45-ldap.conf":
+ path => "/etc/transifex/45-ldap.conf",
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 644,
+ content => template("transifex/45-ldap.conf"),
+ require => Package['transifex'],
+ notify => Service['apache']
+ }
+
apache::vhost_django_app { "transifex.$domain":
module => "transifex",
module_path => ["/usr/share/transifex","/usr/share"]
Added: puppet/modules/transifex/templates/45-ldap.conf
===================================================================
--- puppet/modules/transifex/templates/45-ldap.conf (rev 0)
+++ puppet/modules/transifex/templates/45-ldap.conf 2010-12-15 01:39:35 UTC (rev 618)
@@ -0,0 +1,48 @@
+AUTHENTICATION_BACKENDS = (
+ 'django_auth_ldap.backend.LDAPBackend',
+ 'django.contrib.auth.backends.ModelBackend',
+)
+
+# Use LDAP group membership to calculate group permissions.
+AUTH_LDAP_FIND_GROUP_PERMS = True
+
+AUTH_LDAP_START_TLS = True
+
+# Cache group memberships for an hour to minimize LDAP traffic
+AUTH_LDAP_CACHE_GROUPS = True
+AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
+
+import ldap
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
+
+
+# Baseline configuration.
+AUTH_LDAP_SERVER_URI = "ldap://ldap.<%= domain %>"
+
+AUTH_LDAP_BIND_DN = "cn=alamut-sympa,ou=System Accounts,<%= dc_suffix %>"
+AUTH_LDAP_BIND_PASSWORD = "<%= ldap_password %>"
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,<%= dc_suffix %> ",
+ ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
+
+# Set up the basic group parameters.
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,<%= dc_suffix %>",
+ ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
+)
+AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
+
+# Only users in this group can log in.
+#AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com"
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+ "first_name": "givenName",
+ "last_name": "sn",
+ "email": "mail"
+}
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+ "is_active": "cn=mga-committers,ou=Group,<%= dc_suffix %>",
+ "is_staff": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>",
+ "is_superuser": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>"
+}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101215/f904628c/attachment.html>
More information about the Mageia-sysadm
mailing list