136 lines
4.4 KiB
Python
136 lines
4.4 KiB
Python
import os
|
|
|
|
A2_IDP_SAML2_ENABLE = True
|
|
A2_PROFILE_CAN_CHANGE_EMAIL = False
|
|
A2_PROFILE_CAN_EDIT_PROFILE = False
|
|
A2_CAN_RESET_PASSWORD = False
|
|
REGISTRATION_OPEN = False
|
|
A2_REGISTRATION_CAN_CHANGE_PASSWORD = False
|
|
A2_REGISTRATION_CAN_DELETE_ACCOUNT = False
|
|
|
|
SAML_SIGNATURE_PUBLIC_KEY = file('/etc/authentic2/cert.pem').read()
|
|
SAML_SIGNATURE_PRIVATE_KEY = file('/etc/authentic2/key.pem').read()
|
|
|
|
LDAP_AUTH_SETTINGS = [
|
|
{
|
|
'url': os.environ['SUPANN_LDAP_URL'],
|
|
'user_filter': '(&(|(mail=%s)(supannAutreMail=%s)(supannAliasLogin=%s)(uid=%s))(objectClass=supannPerson))',
|
|
'basedn': os.environ['SUPANN_LDAP_BASE_DN'],
|
|
'binddn': os.environ.get('SUPANN_LDAP_BINDDN'),
|
|
'bindpw': os.environ.get('SUPANN_LDAP_BINDPW'),
|
|
'groupsu': 'cn=admin,ou=groups,%s' % os.environ['SUPANN_LDAP_BASE_DN'],
|
|
'groupstaff': 'cn=admin,ou=groups,%s' % os.environ['SUPANN_LDAP_BASE_DN'],
|
|
'transient': False,
|
|
'username_template': '{uid[0]}',
|
|
'external_id_tuples': (('uid',), ('dn:noquote',), ),
|
|
'lookups': ('external_id',),
|
|
'update_username': False,
|
|
'use_tls': os.environ.get('USE_TLS') != '0',
|
|
'attributes': [
|
|
'audio',
|
|
'businessCategory',
|
|
'carLicense',
|
|
'cn',
|
|
'departmentNumber',
|
|
'description',
|
|
'destinationIndicator',
|
|
'displayName',
|
|
'eduPersonAffiliation',
|
|
'eduPersonAssurance',
|
|
'eduPersonEntitlement',
|
|
'eduPersonNickname',
|
|
'eduPersonOrgDN',
|
|
'eduPersonOrgUnitDN',
|
|
'eduPersonPrimaryAffiliation',
|
|
'eduPersonPrimaryOrgUnitDN',
|
|
'eduPersonPrincipalName',
|
|
'eduPersonScopedAffiliation',
|
|
'em',
|
|
'employeeType',
|
|
'fax',
|
|
'ferredLanguage',
|
|
'givenName',
|
|
'homePhone',
|
|
'homePostalAddress',
|
|
'ini',
|
|
'internationaliSDNNumber',
|
|
'jpegPhoto',
|
|
'l',
|
|
'labeledURI',
|
|
'mail',
|
|
'mailForwardingAddress',
|
|
'manager',
|
|
'mobile',
|
|
'o',
|
|
'ou',
|
|
'pager',
|
|
'photo',
|
|
'physicalDeliveryOfficeName',
|
|
'ployeeNumber',
|
|
'postalAddress',
|
|
'postalCode',
|
|
'postOfficeBox',
|
|
'pre',
|
|
'preferredDeliveryMethod',
|
|
'preferredLanguage',
|
|
'registeredAddress',
|
|
'roomNumber',
|
|
'secretary',
|
|
'seeAlso',
|
|
'sn',
|
|
'st',
|
|
'street',
|
|
'supannActivite',
|
|
'supannAliasLogin',
|
|
'supannAutreMail',
|
|
'supannAutreTelephone',
|
|
'supannCivilite',
|
|
'supannCodeINE',
|
|
'supannEmpCorps',
|
|
'supannEmpId',
|
|
'supannEntiteAffectation',
|
|
'supannEntiteAffectationPrincipale',
|
|
'supannEtablissement',
|
|
'supannEtuAnneeInscription',
|
|
'supannEtuCursusAnnee',
|
|
'supannEtuDiplome',
|
|
'supannEtuElementPedagogique',
|
|
'supannEtuEtape',
|
|
'supannEtuId',
|
|
'supannEtuInscription',
|
|
'supannEtuRegimeInscription',
|
|
'supannEtuSecteurDisciplinaire',
|
|
'supannEtuTypeDiplome',
|
|
'supannListeRouge',
|
|
'supannMailPerso',
|
|
'supannParrainDN',
|
|
'supannRefId',
|
|
'supannRoleEntite',
|
|
'supannRoleGenerique',
|
|
'supannTypeEntiteAffectation',
|
|
'telephoneNumber',
|
|
'teletexTerminalIdentifier',
|
|
'telexNumber',
|
|
'tials',
|
|
'title',
|
|
'uid',
|
|
'userCertificate',
|
|
'userPassword',
|
|
'userPKCS12',
|
|
'userSMIMECertificate',
|
|
'x121Address',
|
|
'x500uniqueIdentifier',
|
|
],
|
|
'attribute_mappings': (('mail', 'email'),),
|
|
'mandatory_attributes_values': {
|
|
# edugain support
|
|
'schacHomeOrganization': [os.environ['EDUGAIN_SCHAC_HOME_ORGANIZATION']],
|
|
'schacHomeOrganizationtype': [os.environ['EDUGAIN_SCHAC_HOME_ORGANIZATION_TYPE']],
|
|
},
|
|
}
|
|
]
|
|
AUTHENTICATION_BACKENDS = ('authentic2.backends.LDAPBackend',)
|
|
|
|
# bypass authentic2 warning: "DEFAULT_FROM_EMAIL must be customized"
|
|
DEFAULT_FROM_EMAIL = 'root@localhost'
|