Add support for non-supann LDAP attributes (fixes #11010)

2016-05-20 16:26:36 +02:00 · 2016-05-20 16:26:36 +02:00 · 9424128af8
parent 98705c9abb
commit 9424128af8
2 changed files with 8 additions and 1 deletions
--- a/config.py
+++ b/config.py
@ -11,6 +11,9 @@ A2_REGISTRATION_CAN_DELETE_ACCOUNT = False
 SAML_SIGNATURE_PUBLIC_KEY = file('/etc/authentic2/cert.pem').read()
 SAML_SIGNATURE_PRIVATE_KEY = file('/etc/authentic2/key.pem').read()

+SUPANN_LDAP_EXTRA_ATTRIBUTES = filter(None,
+                                      os.environ.get('SUPANN_LDAP_EXTRA_ATTRIBUTES', '').split())
+
 LDAP_AUTH_SETTINGS = [
    {
        'url': os.environ['SUPANN_LDAP_URL'],
@ -119,7 +122,7 @@ LDAP_AUTH_SETTINGS = [
            'userSMIMECertificate',
            'x121Address',
            'x500uniqueIdentifier',
-        ],
+        ] + SUPANN_LDAP_EXTRA_ATTRIBUTES,
        'attribute_mappings': (('mail', 'email'),),
        'mandatory_attributes_values': {
                # edugain support
--- a/supann.conf
+++ b/supann.conf
@ -21,6 +21,10 @@ export SUPANN_LDAP_BASE_DN=dc=univ-test,dc=fr
 # Bind Password pour connexion à l'annuaire LDAP (optionnel)
 #
 # export SUPANN_LDAP_BINDPW=admin
+#
+# Autres attributs non SUPANN
+#
+# export SUPANN_LDAP_EXTRA_ATTRIBUTES="icEntite updBatiment"

 # Données de fédération
 # Prod