diff options
author | Theo Chatzimichos <tampakrap@gentoo.org> | 2011-06-14 05:29:01 +0300 |
---|---|---|
committer | Theo Chatzimichos <tampakrap@gentoo.org> | 2011-06-14 05:29:01 +0300 |
commit | 7ad86fd32d53236cd19579f68a491649e7dfc4e2 (patch) | |
tree | 813105abdb41537ed0ef9b0d9e768e09383274d4 /settings | |
parent | Move some gentoo specific fields to the GentooProfile (diff) | |
download | identity.gentoo.org-7ad86fd32d53236cd19579f68a491649e7dfc4e2.tar.gz identity.gentoo.org-7ad86fd32d53236cd19579f68a491649e7dfc4e2.tar.bz2 identity.gentoo.org-7ad86fd32d53236cd19579f68a491649e7dfc4e2.zip |
Improvements on signup system
It now initializes the LDAP server with O and OU if they don't exist yet
Also, move LDAP specific variables added to the configs
Diffstat (limited to 'settings')
-rw-r--r-- | settings/90-development.sample | 68 | ||||
-rw-r--r-- | settings/90-production.sample | 48 |
2 files changed, 98 insertions, 18 deletions
diff --git a/settings/90-development.sample b/settings/90-development.sample index f0ee0aa..efbfeea 100644 --- a/settings/90-development.sample +++ b/settings/90-development.sample @@ -78,11 +78,38 @@ LOGGING = { } } +# Choose the appropriate User Profile Class +# Options are: +# - accounts.UserProfile (the generic one) +# - accounts.GentooProfile (Gentoo specific) +# - accounts.KDEProfile (KDE specific) +AUTH_PROFILE_MODULE = 'accounts.UserProfile' + + # LDAP specific variables # The URI of the LDAP server LDAP_SERVER_URI = 'ldap://ldap.example.com' +# Name of the Organization, and its objectClasses +# This will be used for LDAP initialization +LDAP_O_NAME = { + 'dc=example,dc=com': ['organization', 'dcObject'], +} + +# List of OU's, and their objectClasses. These will +# be used in LDAP initialization and also in LDAP +# queries, eg to search for a user +# The first one is also the BASE_DN for new users +LDAP_OU_LIST = { + 'ou=users,dc=example,dc=com': ['organizationalUnit'], + 'ou=developers,dc=example,dc=com': ['organizationalUnit'], +} + +# For ease of use, create a list of the objectclasses based +# on the above +LDAP_BASE_DN = LDAP_OU_LIST.keys() + # The system needs either an anon (minimal-privileged) user # to perform basic searches, in case anon queries are not # applicable. @@ -93,14 +120,12 @@ LDAP_ANON_USER_PW = 'password' LDAP_ADMIN_USER_DN = 'cn=Manager,dc=example,dc=com' LDAP_ADMIN_USER_PW = 'password' -# Multiple OU's are supported -LDAP_BASE_DN = ['ou=users,dc=example,dc=com', 'ou=developers,dc=example,dc=com'] - # The prefix of the attrs, such as cn or uid LDAP_BASE_ATTR = 'uid' # The basic LDAP data, also required by the Django DB LDAP_USER_ATTR_MAP = { + 'username': 'uid', 'first_name': 'givenName', 'last_name': 'sn', 'email': 'mail', @@ -108,5 +133,38 @@ LDAP_USER_ATTR_MAP = { # Additional data, that can be mapped by the Django # user profile -#LDAP_PROFILE_ATTR_MAP = { -#}
\ No newline at end of file +LDAP_PROFILE_ATTR_MAP = { + 'cn': 'cn', + 'all_mails': 'mail', + 'gecos': 'gecos', + 'ssh_public_key': 'sshPublicKey', +# Gentoo specific variables +# 'gentoo_roles': 'gentooRoles', +# 'gentoo_access': 'gentooAccess', +# 'gentoo_location': 'gentooLocation', +# 'gentoo_status': 'gentooStatus', +# 'lat': 'lat', +# 'lon': 'lon', +# 'gpg_fingerprint': 'gpgfingerprint', +# 'gpg_key': 'gpgkey', +# KDE specific variables +# +# +} + +# The attribute which has the groups that the user is part of +LDAP_ACL_ATTR = 'groupAccess' + +# Various groups and the equivalent booleans in UserProfile +LDAP_ACL_GROUPS = { + 'infra-ldapadmin.group': 'is_infra', + 'devrel.group': 'is_devrel', + 'recruiters.group': 'is_recruiter', + 'trustees.group': 'is_trustee', + 'docs.group': 'is_docs', + 'security.group': 'is_security', + 'pr.group': 'is_pr', +} + +# List of objectClasses, used in user creation +LDAP_NEW_USER_OBJECTCLASS = ['person', 'top', 'posixAccount']
\ No newline at end of file diff --git a/settings/90-production.sample b/settings/90-production.sample index f8590ec..0fcba2b 100644 --- a/settings/90-production.sample +++ b/settings/90-production.sample @@ -85,11 +85,31 @@ LOGGING = { # - accounts.KDEProfile (KDE specific) AUTH_PROFILE_MODULE = 'accounts.UserProfile' + # LDAP specific variables # The URI of the LDAP server LDAP_SERVER_URI = 'ldap://ldap.example.com' +# Name of the Organization, and its objectClasses +# This will be used for LDAP initialization +LDAP_O_NAME = { + 'dc=example,dc=com': ['organization', 'dcObject'], +} + +# List of OU's, and their objectClasses. These will +# be used in LDAP initialization and also in LDAP +# queries, eg to search for a user +# The first one is also the BASE_DN for new users +LDAP_OU_LIST = { + 'ou=users,dc=example,dc=com': ['organizationalUnit'], + 'ou=developers,dc=example,dc=com': ['organizationalUnit'], +} + +# For ease of use, create a list of the objectclasses based +# on the above +LDAP_BASE_DN = LDAP_OU_LIST.keys() + # The system needs either an anon (minimal-privileged) user # to perform basic searches, in case anon queries are not # applicable. @@ -100,9 +120,6 @@ LDAP_ANON_USER_PW = 'password' LDAP_ADMIN_USER_DN = 'cn=Manager,dc=example,dc=com' LDAP_ADMIN_USER_PW = 'password' -# Multiple OU's are supported -LDAP_BASE_DN = ['ou=users,dc=example,dc=com', 'ou=developers,dc=example,dc=com'] - # The prefix of the attrs, such as cn or uid LDAP_BASE_ATTR = 'uid' @@ -121,16 +138,18 @@ LDAP_PROFILE_ATTR_MAP = { 'all_mails': 'mail', 'gecos': 'gecos', 'ssh_public_key': 'sshPublicKey', - 'gpg_fingerprint': 'gpgfingerprint', - 'gpg_key': 'gpgkey', - 'lat': 'lat', - 'lon': 'lon', -# Gentoo specific variables -# 'gentoo_roles': 'gentooRoles', -# 'gentoo_access': 'gentooAccess', -# 'gentoo_location': 'gentooLocation', -# 'gentoo_status': 'gentooStatus', +# Gentoo specific variables +# 'gentoo_roles': 'gentooRoles', +# 'gentoo_access': 'gentooAccess', +# 'gentoo_location': 'gentooLocation', +# 'gentoo_status': 'gentooStatus', +# 'lat': 'lat', +# 'lon': 'lon', +# 'gpg_fingerprint': 'gpgfingerprint', +# 'gpg_key': 'gpgkey', # KDE specific variables +# +# } # The attribute which has the groups that the user is part of @@ -145,4 +164,7 @@ LDAP_ACL_GROUPS = { 'docs.group': 'is_docs', 'security.group': 'is_security', 'pr.group': 'is_pr', -}
\ No newline at end of file +} + +# List of objectClasses, used in user creation +LDAP_NEW_USER_OBJECTCLASS = ['person', 'top', 'posixAccount']
\ No newline at end of file |