Commit 9f7ce04b authored by David Seaward's avatar David Seaward

fixes from dev environment:

* declare ldap-model lookup values as settings
* update all methods used by `createsuperuser`
* document makemigration workaround
* add django-ldapdb to requirements
parent 5c5849b1
Puri.st account site
====================
Puri.st account manager
=======================
A Django site for account registration and management for Puri.st
services. In particular, user registration creates an LDAP user,
......@@ -11,13 +11,13 @@ Prerequisites
-------------
* Debian 8
* Python 3.5
* Python 3.4 / 3.5
* Django 1.10
* Debian packages:
* `libsasl2-dev`
* `libldap2-dev`
* `libssl-dev`
* `python3-dev`
* `libsasl2-dev`
* `libldap2-dev`
* `libssl-dev`
* `python3-dev`
* Python/Django packages: see `requirements.txt`
Other versions may work but are untested.
......@@ -25,20 +25,48 @@ Other versions may work but are untested.
Installation
------------
* Install prerequisites
* Copy `purist_account/settings_local.txt` as `settings_local.py`
* Fill in settings
* Run `python manage.py migrate --settings=purist_account.settings_local`
* Run `python manage.py createsuperuser --settings=purist_account.settings_local`
* When prompted, enter the credentials of your LDAP superuser / account manager
* Create project folder (for example `/opt/purist_account/`)
* Copy project into project folder
* Install Debian prerequisites (`apt install libsasl2-dev` ...)
* Set up virtualenv
* Create virtualenv in project folder (`virtualenv . -p python3`)
* Activate virtualenv (`/opt/purist_account/bin/activate.py`)
* Install Python packages (`pip install -r requirements.txt`)
* Complete Django settings
* Copy `purist_account/settings_local.txt` as `settings_local.py`
* Fill in settings values
* Run `./manage.py migrate --settings=purist_account.settings_local`
* Run `./manage.py createsuperuser --settings=purist_account.settings_local`
* When prompted, enter the credentials of your LDAP superuser / account manager
* Hook up Django site to webserver (i.e. Apache HTTPD, Nginx...)
* Hook up system service (i.e. systemd, supervisord...) to runserver directive (`manage.py runserver --settings=purist_account.settings_local`)
For more options and details see <https://docs.djangoproject.com/en/1.10/#the-development-process>
Migrations
----------
This is a workaround for [#155](https://github.com/django-ldapdb/django-ldapdb/issues/115).
If you need to make a new migration:
* Open `ldapregister.0003_ldapgroup_ldapperson`
* Switch `LdapGroup.cn` and `LdapPerson.uid` from non-primary to primary
* Run `makemigrations`
* Switch `LdapGroup.cn` and `LdapPerson.uid` back to non-primary
* If you have just added a new LDAP table, switch `NewTable.key` to non-primary too
* Run `migrate`
You only need to do this when creating new migrations (`makemigrations`) not when running
existing migrations (`migrate`).
Usage
-----
* Run `python manage.py runserver --settings=purist_account.settings_local`
* Visit <https://example.com/account/>
* Start Django site
* Start with system service, or
* `./manage.py runserver --settings=purist_account.settings_local`
* Visit <https://example.com> and follow login and/or register links
License
-------
......
from django.conf import settings
from django.contrib.auth.models import AbstractUser
from django.contrib.auth.models import UserManager as BaseUserManager
from ldapdb.models.fields import CharField, ListField
......@@ -14,20 +15,18 @@ log = logging.getLogger(__name__)
class UserManager(BaseUserManager):
def create_user(self, username, email=None, password=None, **extra_fields):
"""Create regular users in LDAP, and with no Django password."""
super(UserManager, self).create_user(username, None, None, **extra_fields)
super(UserManager, self).create_user(username, email, password, **extra_fields)
def create_superuser(self, username, email=None, password=None, **extra_fields):
"""Create superusers with a Django password."""
super(UserManager, self).create_superuser(username, None, None, **extra_fields)
super(UserManager, self).create_superuser(username, email, password, **extra_fields)
class User(AbstractUser):
objects = UserManager()
REQUIRED_FIELDS = ['email']
......@@ -85,7 +84,7 @@ class User(AbstractUser):
Return an HMAC of the password field.
"""
key_salt = "django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash"
return salted_hmac(key_salt, self.get_username()).hexdigest() #FIXME: should use LDAP password value!
return salted_hmac(key_salt, self.get_username()).hexdigest() # FIXME: should use LDAP password value!
class LdapGroup(ldapdb.models.Model):
......@@ -98,8 +97,8 @@ class LdapGroup(ldapdb.models.Model):
verbose_name_plural = "LDAP groups"
# LDAP meta-data
base_dn = "dc=comms,dc=nodomain"
object_classes = ['groupOfNames', ]
base_dn = settings.REG_GROUP_BASE_DN
object_classes = settings.REG_GROUP_OBJECT_CLASSES
# LDAP group attributes
cn = CharField(db_column='cn', max_length=200, primary_key=True)
......@@ -123,8 +122,8 @@ class LdapPerson(ldapdb.models.Model):
verbose_name_plural = "LDAP people"
# LDAP meta-data
base_dn = "ou=people,dc=comms,dc=nodomain"
object_classes = ['inetOrgPerson', 'organizationalPerson', 'person', ]
base_dn = settings.REG_PERSON_BASE_DN
object_classes = settings.REG_PERSON_OBJECT_CLASSES
# Minimal attributes
uid = CharField(db_column='uid', max_length=200, primary_key=True)
......@@ -139,7 +138,6 @@ class LdapPerson(ldapdb.models.Model):
return self.uid
def change_password(self, raw_password, using=None):
# dig into the ldapdb primitives
using = using or router.db_for_write(self.__class__, instance=self)
connection = connections[using]
......@@ -198,4 +196,4 @@ class PasswordModify(ldap.extop.ExtendedRequest):
pyasn1.type.univ.OctetString().subtype(
implicitTag=pyasn1.type.tag.Tag(pyasn1.type.tag.tagClassContext, pyasn1.type.tag.tagFormatSimple, 2)
)),
)
)
......@@ -32,6 +32,13 @@ INSTALLED_APPS += ["ldapregister", ]
REGISTRATION_OPEN = True
REG_PERSON_BASE_DN = "ou=people,dc=example,dc=com"
REG_PERSON_OBJECT_CLASSES = ['inetOrgPerson', 'organizationalPerson', 'person', ]
REG_GROUP_BASE_DN = "dc=example,dc=com"
REG_GROUP_OBJECT_CLASSES = ['groupOfNames', ]
#
# AUTHENTICATION
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment