diff options
| author | B. Stack <bgstack15@gmail.com> | 2023-06-16 19:51:55 -0400 |
|---|---|---|
| committer | B. Stack <bgstack15@gmail.com> | 2023-06-24 08:22:59 -0400 |
| commit | 1b201c3b10db7182277d3e7c63e780080a51b27a (patch) | |
| tree | df705dde15f57a4b46d3b25b2f423f9728ded356 /instance | |
| parent | Addresses some flake8 warnings. (diff) | |
| download | newspipe-1b201c3b10db7182277d3e7c63e780080a51b27a.tar.gz newspipe-1b201c3b10db7182277d3e7c63e780080a51b27a.tar.bz2 newspipe-1b201c3b10db7182277d3e7c63e780080a51b27a.zip | |
WIP: initial ldap support
Still need schema support for attribute user.external_auth, probably of
type bool.
Diffstat (limited to 'instance')
| -rw-r--r-- | instance/config.py | 14 | ||||
| -rw-r--r-- | instance/sqlite.py | 14 |
2 files changed, 28 insertions, 0 deletions
diff --git a/instance/config.py b/instance/config.py index eae58a53..af5fe9b9 100644 --- a/instance/config.py +++ b/instance/config.py @@ -71,3 +71,17 @@ ADMIN_EMAIL = "admin@admin.localhost" LOG_LEVEL = "info" LOG_PATH = "./var/newspipe.log" SELF_REGISTRATION = True + +# Ldap, optional +LDAP_ENABLED = True +LDAP_URI = "ldaps://ipa.internal.com:636" +LDAP_USER_BASE = "cn=users,cn=accounts,dc=ipa,dc=internal,dc=com" +LDAP_GROUP_BASE = "cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com" +LDAP_USER_MATCH_ATTRIB = "uid" +LDAP_USER_DISPLAY_ATTRIB = "uid" +LDAP_USER_ATTRIB_MEMBEROF = "memberof" +LDAP_GROUP_DISPLAY_ATTRIB = "cn" +LDAP_BIND_DN = "uid=sampleuser,cn=users,cn=accounts,dc=ipa,dc=internal,dc=com" +LDAP_BIND_PASSWORD = "examplepassword" +# Additional filter to restrict user lookup. If not equivalent to False, will be logical-anded to the user-match-attribute search filter. +LDAP_FILTER = "(memberOf=cn=newspipe-users,cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com)" diff --git a/instance/sqlite.py b/instance/sqlite.py index 9d171b89..abde387a 100644 --- a/instance/sqlite.py +++ b/instance/sqlite.py @@ -64,3 +64,17 @@ LOG_LEVEL = "info" LOG_PATH = "./var/newspipe.log" SELF_REGISTRATION = True SQLALCHEMY_TRACK_MODIFICATIONS = False + +# Ldap, optional +LDAP_ENABLED = True +LDAP_URI = "ldaps://ipa.internal.com:636" +LDAP_USER_BASE = "cn=users,cn=accounts,dc=ipa,dc=internal,dc=com" +LDAP_GROUP_BASE = "cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com" +LDAP_USER_MATCH_ATTRIB = "uid" +LDAP_USER_DISPLAY_ATTRIB = "uid" +LDAP_USER_ATTRIB_MEMBEROF = "memberof" +LDAP_GROUP_DISPLAY_ATTRIB = "cn" +LDAP_BIND_DN = "uid=sampleuser,cn=users,cn=accounts,dc=ipa,dc=internal,dc=com" +LDAP_BIND_PASSWORD = "examplepassword" +# Additional filter to restrict user lookup. If not equivalent to False, will be logical-anded to the user-match-attribute search filter. +LDAP_FILTER = "(memberOf=cn=newspipe-users,cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com)" |