Improvements on signup system

It now initializes the LDAP server with O and OU if they don't exist yet
Also, move LDAP specific variables added to the configs

2 files changed, 98 insertions, 18 deletions

diff --git a/settings/90-development.sample b/settings/90-development.sample
index f0ee0aa..efbfeea 100644
--- a/settings/90-development.sample
+++ b/settings/90-development.sample
@@ -78,11 +78,38 @@ LOGGING = {
     }
 }
 
+# Choose the appropriate User Profile Class
+# Options are:
+#  - accounts.UserProfile (the generic one)
+#  - accounts.GentooProfile (Gentoo specific)
+#  - accounts.KDEProfile (KDE specific)
+AUTH_PROFILE_MODULE = 'accounts.UserProfile'
+
+
 # LDAP specific variables
 
 # The URI of the LDAP server
 LDAP_SERVER_URI = 'ldap://ldap.example.com'
 
+# Name of the Organization, and its objectClasses
+# This will be used for LDAP initialization
+LDAP_O_NAME = {
+    'dc=example,dc=com': ['organization', 'dcObject'],
+}
+
+# List of OU's, and their objectClasses. These will
+# be used in LDAP initialization and also in LDAP
+# queries, eg to search for a user
+# The first one is also the BASE_DN for new users
+LDAP_OU_LIST = {
+    'ou=users,dc=example,dc=com': ['organizationalUnit'],
+    'ou=developers,dc=example,dc=com': ['organizationalUnit'],
+}
+
+# For ease of use, create a list of the objectclasses based
+# on the above
+LDAP_BASE_DN = LDAP_OU_LIST.keys()
+
 # The system needs either an anon (minimal-privileged) user
 # to perform basic searches, in case anon queries are not
 # applicable.
@@ -93,14 +120,12 @@ LDAP_ANON_USER_PW = 'password'
 LDAP_ADMIN_USER_DN = 'cn=Manager,dc=example,dc=com'
 LDAP_ADMIN_USER_PW = 'password'
 
-# Multiple OU's are supported
-LDAP_BASE_DN = ['ou=users,dc=example,dc=com', 'ou=developers,dc=example,dc=com']
-
 # The prefix of the attrs, such as cn or uid
 LDAP_BASE_ATTR = 'uid'
 
 # The basic LDAP data, also required by the Django DB
 LDAP_USER_ATTR_MAP = {
+    'username': 'uid',
     'first_name': 'givenName',
     'last_name': 'sn',
     'email': 'mail',
@@ -108,5 +133,38 @@ LDAP_USER_ATTR_MAP = {
 
 # Additional data, that can be mapped by the Django
 # user profile
-#LDAP_PROFILE_ATTR_MAP = {
-#}
\ No newline at end of file
+LDAP_PROFILE_ATTR_MAP = {
+    'cn': 'cn',
+    'all_mails': 'mail',
+    'gecos': 'gecos',
+    'ssh_public_key': 'sshPublicKey',
+#    Gentoo specific variables
+#    'gentoo_roles': 'gentooRoles',
+#    'gentoo_access': 'gentooAccess',
+#    'gentoo_location': 'gentooLocation',
+#    'gentoo_status': 'gentooStatus',
+#    'lat': 'lat',
+#    'lon': 'lon',
+#    'gpg_fingerprint': 'gpgfingerprint',
+#    'gpg_key': 'gpgkey',
+#     KDE specific variables
+#
+#
+}
+
+# The attribute which has the groups that the user is part of
+LDAP_ACL_ATTR = 'groupAccess'
+
+# Various groups and the equivalent booleans in UserProfile
+LDAP_ACL_GROUPS = {
+    'infra-ldapadmin.group': 'is_infra',
+    'devrel.group': 'is_devrel',
+    'recruiters.group': 'is_recruiter',
+    'trustees.group': 'is_trustee',
+    'docs.group': 'is_docs',
+    'security.group': 'is_security',
+    'pr.group': 'is_pr',
+}
+
+# List of objectClasses, used in user creation
+LDAP_NEW_USER_OBJECTCLASS = ['person', 'top', 'posixAccount']
\ No newline at end of file
diff --git a/settings/90-production.sample b/settings/90-production.sample
index f8590ec..0fcba2b 100644
--- a/settings/90-production.sample
+++ b/settings/90-production.sample
@@ -85,11 +85,31 @@ LOGGING = {
 #  - accounts.KDEProfile (KDE specific)
 AUTH_PROFILE_MODULE = 'accounts.UserProfile'
 
+
 # LDAP specific variables
 
 # The URI of the LDAP server
 LDAP_SERVER_URI = 'ldap://ldap.example.com'
 
+# Name of the Organization, and its objectClasses
+# This will be used for LDAP initialization
+LDAP_O_NAME = {
+    'dc=example,dc=com': ['organization', 'dcObject'],
+}
+
+# List of OU's, and their objectClasses. These will
+# be used in LDAP initialization and also in LDAP
+# queries, eg to search for a user
+# The first one is also the BASE_DN for new users
+LDAP_OU_LIST = {
+    'ou=users,dc=example,dc=com': ['organizationalUnit'],
+    'ou=developers,dc=example,dc=com': ['organizationalUnit'],
+}
+
+# For ease of use, create a list of the objectclasses based
+# on the above
+LDAP_BASE_DN = LDAP_OU_LIST.keys()
+
 # The system needs either an anon (minimal-privileged) user
 # to perform basic searches, in case anon queries are not
 # applicable.
@@ -100,9 +120,6 @@ LDAP_ANON_USER_PW = 'password'
 LDAP_ADMIN_USER_DN = 'cn=Manager,dc=example,dc=com'
 LDAP_ADMIN_USER_PW = 'password'
 
-# Multiple OU's are supported
-LDAP_BASE_DN = ['ou=users,dc=example,dc=com', 'ou=developers,dc=example,dc=com']
-
 # The prefix of the attrs, such as cn or uid
 LDAP_BASE_ATTR = 'uid'
 
@@ -121,16 +138,18 @@ LDAP_PROFILE_ATTR_MAP = {
     'all_mails': 'mail',
     'gecos': 'gecos',
     'ssh_public_key': 'sshPublicKey',
-    'gpg_fingerprint': 'gpgfingerprint',
-    'gpg_key': 'gpgkey',
-    'lat': 'lat',
-    'lon': 'lon',
-#     Gentoo specific variables
-#     'gentoo_roles': 'gentooRoles',
-#     'gentoo_access': 'gentooAccess',
-#     'gentoo_location': 'gentooLocation',
-#     'gentoo_status': 'gentooStatus',
+#    Gentoo specific variables
+#    'gentoo_roles': 'gentooRoles',
+#    'gentoo_access': 'gentooAccess',
+#    'gentoo_location': 'gentooLocation',
+#    'gentoo_status': 'gentooStatus',
+#    'lat': 'lat',
+#    'lon': 'lon',
+#    'gpg_fingerprint': 'gpgfingerprint',
+#    'gpg_key': 'gpgkey',
 #     KDE specific variables
+#
+#
 }
 
 # The attribute which has the groups that the user is part of
@@ -145,4 +164,7 @@ LDAP_ACL_GROUPS = {
     'docs.group': 'is_docs',
     'security.group': 'is_security',
     'pr.group': 'is_pr',
-}
\ No newline at end of file
+}
+
+# List of objectClasses, used in user creation
+LDAP_NEW_USER_OBJECTCLASS = ['person', 'top', 'posixAccount']
\ No newline at end of file