import os import ldap import logging import configparser from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType from django.core.urlresolvers import reverse_lazy BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # READ FROM CONFIG FILE config = configparser.RawConfigParser() config.read('/etc/warpinfra/config.ini') # LDAP LDAP_HOST = "ldap://"+config.get('ldap','LDAP_HOST') LDAP_BIND_DN = config.get('ldap','LDAP_BIND_DN') LDAP_PASSWORD = config.get('ldap','LDAP_PASSWORD') LDAP_USER_SEARCH_PATH = config.get('ldap','LDAP_USER_SEARCH_PATH') LDAP_GROUP_SEARCH_PATH = config.get('ldap','LDAP_GROUP_SEARCH_PATH') LDAP_USER_SEARCH_FILTER = config.get('ldap','LDAP_USER_SEARCH_FILTER') LDAP_GROUP_IS_ACTIVE = config.get('ldap','LDAP_GROUP_IS_ACTIVE') LDAP_GROUP_IS_STAFF = config.get('ldap','LDAP_GROUP_IS_STAFF') LDAP_GROUP_SUPERUSER = config.get('ldap','LDAP_GROUP_SUPERUSER') # SMTP EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = config.get('email','SMTP_HOST') EMAIL_HOST_USER = config.get('email','SMTP_USERNAME') EMAIL_FROM = config.get('email','SMTP_EMAIL_FROM') EMAIL_HOST_PASSWORD = config.get('email','SMTP_PASSWORD') EMAIL_USE_TLS = config.get('email','SMTP_USE_TLS') EMAIL_SUBJECT_PREFIX = config.get('email','SUBJECT_PREFIX') # SECURITY PW_RESET_TOKEN_LIFETIME = config.get('security','PW_RESET_TOKEN_LIFETIME') SECRET_KEY = config.get('security','SECRET_KEY') # DEBUG DEBUG = config.getboolean('debug','DEBUG') LOGIN_URL = 'two_factor:login' LOGOUT_URL = 'logout' LOGIN_REDIRECT_URL = '/' MEDIA_ROOT = 'templates/media/' MEDIA_URL = '/media/' ALLOWED_HOSTS = [] INSTALLED_APPS = ( 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.humanize', 'bootstrapform', 'bootstrap3_datetime', 'django_otp', 'django_otp.plugins.otp_static', 'django_otp.plugins.otp_totp', 'two_factor', 'warpmain', 'warpauth', 'warpfood', # WARPPAY # 'rest_framework', # 'rest_framework.authtoken', # 'warppay' ) MIDDLEWARE_CLASSES = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django_otp.middleware.OTPMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', ) ROOT_URLCONF = 'warpzone.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': ['templates'], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] WSGI_APPLICATION = 'warpzone.wsgi.application' LOCALE_PATHS = ( os.path.join(BASE_DIR, 'locale'), ) # Database # https://docs.djangoproject.com/en/1.8/ref/settings/#databases DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': '/opt/database/warpzone.db' }, 'ldap': { 'ENGINE': 'ldapdb.backends.ldap', 'NAME': LDAP_HOST, 'USER': LDAP_BIND_DN, 'PASSWORD': LDAP_PASSWORD } } DATABASE_ROUTERS = ['ldapdb.router.Router'] # Internationalization # https://docs.djangoproject.com/en/1.8/topics/i18n/ LANGUAGE_CODE = 'en-us' TIME_ZONE = 'Europe/Berlin' USE_I18N = True USE_L10N = True USE_TZ = False # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/1.8/howto/static-files/ STATIC_URL = '/static/' AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', ) # # AUTH LDAP SETTINGS # AUTH_LDAP_SERVER_URI = LDAP_HOST AUTH_LDAP_BIND_DN = LDAP_BIND_DN AUTH_LDAP_BIND_PASSWORD = LDAP_PASSWORD AUTH_LDAP_USER_SEARCH = LDAPSearch(LDAP_USER_SEARCH_PATH, ldap.SCOPE_SUBTREE, LDAP_USER_SEARCH_FILTER) AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn", "email": "mail"} AUTH_LDAP_PROFILE_ATTR_MAP = {"home_directory": "homeDirectory"} AUTH_LDAP_GROUP_SEARCH = LDAPSearch(LDAP_GROUP_SEARCH_PATH, ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)" ) AUTH_LDAP_GROUP_TYPE = PosixGroupType() AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": LDAP_GROUP_IS_ACTIVE, "is_staff": [LDAP_GROUP_IS_STAFF, LDAP_GROUP_SUPERUSER], "is_superuser": LDAP_GROUP_SUPERUSER } AUTH_LDAP_FIND_GROUP_PERMS = True AUTH_LDAP_CACHE_GROUPS = True AUTH_LDAP_GROUP_CACHE_TIMEOUT = 10 logger = logging.getLogger('django_auth_ldap') logger.addHandler(logging.StreamHandler()) hdlr = logging.FileHandler('/tmp/ldap.log') formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s') hdlr.setFormatter(formatter) logger.addHandler(hdlr) logger.setLevel(logging.DEBUG) STATIC_URL = '/static/' STATIC_ROOT = os.path.join(BASE_DIR, "static") REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': [ 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.TokenAuthentication' ], 'DEFAULT_PERMISSION_CLASSES': [ # 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly' ] }