Commit fbfc6b74 authored by David Seaward's avatar David Seaward

switch from settings.py to ini-file in /etc/opt/

parent 44336009
......@@ -5,23 +5,31 @@ Start the site with `python manage.py --settings=settings_local runserver`
FIXME: switch to storing strict yaml in /etc/
"""
from .settings import *
from .settings_original import *
# from registration_defaults.settings import *
import ldap
from django_auth_ldap.config import LDAPSearch
from decouple import Config, Csv, RepositoryIni
#
# LOAD CONFIGURATION FILE
#
config = Config(RepositoryIni('/etc/opt/account_website/config.ini'))
secret_config = Config(RepositoryIni('/etc/opt/account_website/secret.ini'))
#
# SECURITY
#
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'local_secret'
SECRET_KEY = secret_config("DJANGO_SECRET_KEY")
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
DEBUG = config("DEBUG", cast=bool)
# Required if DEBUG is False
ALLOWED_HOSTS = ['example.com']
ALLOWED_HOSTS = config("ALLOWED_HOSTS", cast=Csv())
#
# REGISTRATION APPLICATION
......@@ -30,14 +38,13 @@ ALLOWED_HOSTS = ['example.com']
# INSTALLED_APPS = ["registration_defaults", ] + INSTALLED_APPS + ["ldapregister", ]
INSTALLED_APPS += ["ldapregister", ]
REGISTRATION_OPEN = True
REGISTRATION_OPEN = config("REGISTRATION_OPEN", cast=bool)
REG_PERSON_BASE_DN = config("REG_PERSON_BASE_DN")
REG_PERSON_OBJECT_CLASSES = config("REG_PERSON_OBJECT_CLASSES", cast=Csv())
REG_PERSON_BASE_DN = "ou=people,dc=example,dc=com"
REG_PERSON_OBJECT_CLASSES = ['inetOrgPerson', 'organizationalPerson', 'person', ]
REG_GROUP_BASE_DN = "dc=example,dc=com"
REG_GROUP_OBJECT_CLASSES = ['groupOfNames', ]
REG_GROUP_BASE_DN = config("REG_GROUP_BASE_DN")
REG_GROUP_OBJECT_CLASSES = config("REG_GROUP_OBJECT_CLASSES", cast=Csv())
#
# AUTHENTICATION
......@@ -50,12 +57,14 @@ AUTHENTICATION_BACKENDS = (
# 'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://ldap.example.com"
AUTH_LDAP_START_TLS = True
AUTH_LDAP_SERVER_URI = config("AUTH_LDAP_SERVER_URI")
AUTH_LDAP_START_TLS = config("AUTH_LDAP_START_TLS", cast=bool)
AUTH_LDAP_BIND_DN = config("AUTH_LDAP_BIND_DN")
AUTH_LDAP_BIND_PASSWORD = secret_config("AUTH_LDAP_BIND_PASSWORD")
AUTH_LDAP_BIND_DN = "cn=application,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
BASE_DN = config("AUTH_LDAP_USER_SEARCH_BASE_DN")
AUTH_LDAP_USER_SEARCH = LDAPSearch(BASE_DN, ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
# must match `base_dn` and primary key in `ldapregister.models.LdapPerson`
AUTH_USER_MODEL = 'ldapregister.User'
......@@ -84,4 +93,3 @@ DATABASES = {
}
DATABASE_ROUTERS = ['ldapdb.router.Router']
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment