Allow disabling LDAP-group related settings when AUTH_LDAP_*_GROUP environment variables are not defined. This is required in order to work with Google's Secure LDAP, due to some limitations on django-auth-ldap plugin (see: https://github.com/django-auth-ldap/django-auth-ldap/issues/201)
This commit is contained in:
parent
953ee09b0c
commit
60f4e8b2ed
@ -60,13 +60,16 @@ AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SU
|
||||
AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
|
||||
|
||||
# Define a group required to login.
|
||||
AUTH_LDAP_REQUIRE_GROUP = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', '')
|
||||
AUTH_LDAP_REQUIRE_GROUP = os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN')
|
||||
|
||||
# Define special user types using groups. Exercise great caution when assigning superuser status.
|
||||
AUTH_LDAP_USER_FLAGS_BY_GROUP = {}
|
||||
|
||||
if AUTH_LDAP_REQUIRE_GROUP is not None:
|
||||
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
||||
"is_active": environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''),
|
||||
"is_staff": environ.get('AUTH_LDAP_IS_ADMIN_DN', ''),
|
||||
"is_superuser": environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '')
|
||||
"is_active": os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''),
|
||||
"is_staff": os.environ.get('AUTH_LDAP_IS_ADMIN_DN', ''),
|
||||
"is_superuser": os.environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '')
|
||||
}
|
||||
|
||||
# For more granular permissions, we can map LDAP groups to Django groups.
|
||||
|
Loading…
Reference in New Issue
Block a user