Commit 89695003 authored by Joshua M. Boniface's avatar Joshua M. Boniface

Support customizable AUTH_LDAP_USER_ATTR_MAP using envvar

parent 7c227f8f
Pipeline #1876 failed with stages
in 1 minute and 17 seconds
......@@ -332,12 +332,21 @@ if AUTH_LDAP_ENABLED:
)
AUTH_LDAP_START_TLS = env.bool("LDAP_START_TLS", default=False)
# Standard attribute map
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
LDAP_USER_ATTR_MAP = env("LDAP_USER_ATTR_MAP", default="")
if LDAP_USER_ATTR_MAP:
# Build custom attribute map from variable
AUTH_LDAP_USER_ATTR_MAP = {}
for ATTR_FIELD in LDAP_USER_ATTR_MAP.split(","):
DJANGO_FIELD, LDAP_FIELD = ATTR_FIELD.split(":")
AUTH_LDAP_USER_ATTR_MAP[DJANGO_FIELD] = LDAP_FIELD
else:
# Standard attribute map
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"username": "cn",
"email": "mail",
}
# Determine root DN supporting multiple root DNs
AUTH_LDAP_ROOT_DN = env("LDAP_ROOT_DN")
......
......@@ -30,6 +30,7 @@ Basic features:
* ``LDAP_SEARCH_FILTER``: The LDAP user filter, using ``{0}`` as the username placeholder, e.g. ``(|(cn={0})(mail={0}))``; uses standard LDAP search syntax. Default: ``(uid={0})``.
* ``LDAP_START_TLS``: Set to ``True`` to enable LDAP StartTLS support. Default: ``False``.
* ``LDAP_ROOT_DN``: The LDAP search root DN, e.g. ``dc=my,dc=domain,dc=com``; supports multiple entries in a space-delimited list, e.g. ``dc=users,dc=domain,dc=com dc=admins,dc=domain,dc=com``.
* ``LDAP_USER_ATTR_MAP``: A mapping of Django user attributes to LDAP values, e.g. ``first_name:givenName,last_name:sn,username:cn,email:mail``. Default: ``first_name:givenName,last_name:sn,username:cn,email:mail``.
Group features:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment