[PATCH] ldap-auth

author: B. Stack <bgstack15@gmail.com> 2023-06-27 09:21:24 +0200
committer: Cédric Bonhomme <cedric@cedricbonhomme.org> 2023-06-27 09:21:24 +0200
commit: dbb1d2bce8f00a3b9e0d1074841fe835349740a7 (patch)
tree: ea425b1c164a3901a047f6a7ffddbc48378f7e27 /instance
parent: Addresses some flake8 warnings. (diff)
download: newspipe-dbb1d2bce8f00a3b9e0d1074841fe835349740a7.tar.gz
newspipe-dbb1d2bce8f00a3b9e0d1074841fe835349740a7.tar.bz2
newspipe-dbb1d2bce8f00a3b9e0d1074841fe835349740a7.zip
2 files changed, 36 insertions, 0 deletions
diff --git a/instance/config.py b/instance/config.py
index eae58a53..e3362694 100644
--- a/instance/config.py
+++ b/instance/config.py
@@ -71,3 +71,21 @@ ADMIN_EMAIL = "admin@admin.localhost"
 LOG_LEVEL = "info"
 LOG_PATH = "./var/newspipe.log"
 SELF_REGISTRATION = True
+
+# Ldap, optional
+LDAP_ENABLED = False
+# LDAP_URI will automatically try the _ldap._tcp lookups like for a kerberos domain but
+# will fall back to this exact domain (server) name if such a TXT record is not found.
+LDAP_URI = "ldaps://ipa.internal.com:636"
+LDAP_USER_BASE = "cn=users,cn=accounts,dc=ipa,dc=internal,dc=com"
+LDAP_GROUP_BASE = "cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com"
+LDAP_USER_MATCH_ATTRIB = "uid"
+LDAP_USER_DISPLAY_ATTRIB = "uid"
+LDAP_USER_ATTRIB_MEMBEROF = "memberof"
+LDAP_GROUP_DISPLAY_ATTRIB = "cn"
+LDAP_BIND_DN = "uid=sampleuser,cn=users,cn=accounts,dc=ipa,dc=internal,dc=com"
+LDAP_BIND_PASSWORD = "examplepassword"
+# Additional filter to restrict user lookup. If not equivalent to False (e.g., undefined), will be logical-anded to the user-match-attribute search filter.
+LDAP_FILTER = (
+    "(memberOf=cn=newspipe-users,cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com)"
+)
diff --git a/instance/sqlite.py b/instance/sqlite.py
index 9d171b89..de6aab23 100644
--- a/instance/sqlite.py
+++ b/instance/sqlite.py
@@ -64,3 +64,21 @@ LOG_LEVEL = "info"
 LOG_PATH = "./var/newspipe.log"
 SELF_REGISTRATION = True
 SQLALCHEMY_TRACK_MODIFICATIONS = False
+
+# Ldap, optional
+LDAP_ENABLED = False
+# LDAP_URI will automatically try the _ldap._tcp lookups like for a kerberos domain but
+# will fall back to this exact domain (server) name if such a TXT record is not found.
+LDAP_URI = "ldaps://ipa.internal.com:636"
+LDAP_USER_BASE = "cn=users,cn=accounts,dc=ipa,dc=internal,dc=com"
+LDAP_GROUP_BASE = "cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com"
+LDAP_USER_MATCH_ATTRIB = "uid"
+LDAP_USER_DISPLAY_ATTRIB = "uid"
+LDAP_USER_ATTRIB_MEMBEROF = "memberof"
+LDAP_GROUP_DISPLAY_ATTRIB = "cn"
+LDAP_BIND_DN = "uid=sampleuser,cn=users,cn=accounts,dc=ipa,dc=internal,dc=com"
+LDAP_BIND_PASSWORD = "examplepassword"
+# Additional filter to restrict user lookup. If not equivalent to False (e.g., undefined), will be logical-anded to the user-match-attribute search filter.
+LDAP_FILTER = (
+    "(memberOf=cn=newspipe-users,cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com)"
+)
author	B. Stack <bgstack15@gmail.com>	2023-06-27 09:21:24 +0200
committer	Cédric Bonhomme <cedric@cedricbonhomme.org>	2023-06-27 09:21:24 +0200
commit	dbb1d2bce8f00a3b9e0d1074841fe835349740a7 (patch)
tree	ea425b1c164a3901a047f6a7ffddbc48378f7e27 /instance
parent	Addresses some flake8 warnings. (diff)
download	newspipe-dbb1d2bce8f00a3b9e0d1074841fe835349740a7.tar.gz newspipe-dbb1d2bce8f00a3b9e0d1074841fe835349740a7.tar.bz2 newspipe-dbb1d2bce8f00a3b9e0d1074841fe835349740a7.zip