forked from Github-Mirrors/canaille
USER_BASE configuration parameter
This commit is contained in:
Éloi Rivard
parent
cc4c441088
commit
dc138a7dde
4 changed files with 16 additions and 3 deletions
|
|
@ -1,8 +1,6 @@
|
|||
import ldap
|
||||
import os
|
||||
import toml
|
||||
from flask import Flask, g, request, render_template
|
||||
from flask_babel import Babel
|
||||
|
||||
import oidc_ldap_bridge.admin
|
||||
import oidc_ldap_bridge.admin.tokens
|
||||
|
|
@ -12,12 +10,18 @@ import oidc_ldap_bridge.oauth
|
|||
import oidc_ldap_bridge.routes
|
||||
import oidc_ldap_bridge.tokens
|
||||
import oidc_ldap_bridge.well_known
|
||||
|
||||
from cryptography.hazmat.primitives import serialization as crypto_serialization
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
from cryptography.hazmat.backends import default_backend as crypto_default_backend
|
||||
|
||||
from flask import Flask, g, request, render_template
|
||||
from flask_babel import Babel
|
||||
|
||||
from .flaskutils import current_user
|
||||
from .ldaputils import LDAPObjectHelper
|
||||
from .oauth2utils import config_oauth
|
||||
from .models import User
|
||||
|
||||
|
||||
def create_app(config=None):
|
||||
|
|
@ -86,6 +90,11 @@ def setup_dev_keypair(app):
|
|||
def setup_app(app):
|
||||
app.url_map.strict_slashes = False
|
||||
|
||||
base = app.config["LDAP"]["USER_BASE"]
|
||||
if base.endswith(app.config["LDAP"]["ROOT_DN"]):
|
||||
base = base[: -len(app.config["LDAP"]["ROOT_DN"]) - 1]
|
||||
User.base = base
|
||||
|
||||
config_oauth(app)
|
||||
app.register_blueprint(oidc_ldap_bridge.routes.bp)
|
||||
app.register_blueprint(oidc_ldap_bridge.oauth.bp, url_prefix="/oauth")
|
||||
|
|
|
|||
|
|
@ -21,6 +21,9 @@ ROOT_DN = "dc=mydomain,dc=tld"
|
|||
BIND_DN = "cn=admin,dc=mydomain,dc=tld"
|
||||
BIND_PW = "admin"
|
||||
|
||||
# Where to search for users?
|
||||
USER_BASE = "ou=users,dc=mydomain,dc=tld"
|
||||
|
||||
# Filter to match users on sign in. Supports a variable
|
||||
# {login}. For sigin against either uid or mail use:
|
||||
# USER_FILTER = "(|(uid={login})(mail={login}))"
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ from .ldaputils import LDAPObjectHelper
|
|||
|
||||
class User(LDAPObjectHelper):
|
||||
objectClass = ["person", "simpleSecurityObject", "uidObject"]
|
||||
base = "ou=users"
|
||||
id = "cn"
|
||||
admin = False
|
||||
|
||||
|
|
|
|||
|
|
@ -89,6 +89,7 @@ def slapd_server():
|
|||
conn.simple_bind_s(slapd.root_dn, slapd.root_pw)
|
||||
LDAPObjectHelper.root_dn = slapd.suffix
|
||||
Client.initialize(conn)
|
||||
User.base = "ou=users"
|
||||
User.initialize(conn)
|
||||
Token.initialize(conn)
|
||||
AuthorizationCode.initialize(conn)
|
||||
|
|
@ -123,6 +124,7 @@ def app(slapd_server, keypair_path):
|
|||
"URI": slapd_server.ldap_uri,
|
||||
"BIND_DN": slapd_server.root_dn,
|
||||
"BIND_PW": slapd_server.root_pw,
|
||||
"USER_BASE": "ou=users",
|
||||
"USER_FILTER": "(|(uid={login})(cn={login}))",
|
||||
"ADMIN_FILTER": "uid=admin",
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue