broke it, fixed it, broken again

This commit is contained in:
seba 2011-03-08 03:54:56 +01:00
parent 7e5474ff16
commit 2b2db9109a
3 changed files with 159 additions and 1 deletions

126
k4ever/data/cacert.txt Normal file
View File

@ -0,0 +1,126 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
Validity
Not Before: Oct 14 07:36:55 2005 GMT
Not After : Mar 28 07:36:55 2033 GMT
Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (4096 bit)
Modulus (4096 bit):
00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9:
dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da:
89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0:
24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8:
c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa:
51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44:
8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34:
29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98:
65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0:
ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e:
97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4:
cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6:
85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72:
35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e:
4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e:
0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9:
2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64:
27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed:
5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4:
cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11:
36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3:
d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70:
40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a:
e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a:
df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20:
2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97:
4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1:
ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48:
00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a:
25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11:
c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91:
99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af:
8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42:
74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40:
05:fb:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Authority Information Access:
OCSP - URI:http://ocsp.CAcert.org/
CA Issuers - URI:http://www.CAcert.org/ca.crt
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.18506
CPS: http://www.CAcert.org/index.php?id=10
Signature Algorithm: md5WithRSAEncryption
7f:08:88:a1:da:1a:50:49:da:89:fb:a1:08:72:f3:8a:f7:1e:
c4:3a:b4:79:5b:20:30:b1:45:de:c2:5d:d3:65:69:f1:c2:5d:
54:54:3c:85:5f:b9:7b:42:91:c2:99:fd:1b:51:9b:ab:46:a5:
a1:10:53:9e:6d:88:ac:73:6e:2c:33:a6:f0:f4:9e:e0:75:c1:
3e:88:45:a9:e1:66:43:fe:56:5a:d1:7a:41:78:f7:40:da:4a:
3a:f1:0b:5b:a5:bb:16:06:e6:c2:e7:93:b9:85:4d:97:4f:b1:
1e:38:43:80:ef:9b:0d:8c:ef:b8:a7:60:00:87:57:7d:1e:44:
1c:cb:23:ef:9b:3c:99:9d:af:b5:29:1c:45:79:16:96:4d:27:
6d:f1:1c:6c:c3:c2:55:64:b3:bc:14:e2:f3:a4:1f:1e:32:fc:
27:15:05:cf:dd:2e:ae:3e:82:61:7b:f0:21:10:18:f6:44:ea:
53:39:f9:dc:d0:9a:20:e0:c6:bb:e0:bb:5a:4f:c4:99:c8:07:
bd:b5:bd:a2:db:2e:62:0d:42:34:41:bc:ff:8b:8a:f5:51:22:
aa:88:30:00:e2:b0:d4:bc:be:65:ba:d5:03:57:79:9b:e8:dc:
c8:4d:f8:50:ed:91:a5:52:28:a2:ac:fb:36:58:3e:e9:94:2b:
91:50:87:1b:d6:5e:d6:8c:cc:f7:0f:10:0c:52:4e:d0:16:61:
e5:e5:0a:6c:bf:17:c7:72:46:57:9c:98:f5:6c:60:63:7a:6f:
5e:b9:4e:2f:c8:b9:b9:bb:6a:85:bc:98:0d:ed:f9:3e:97:84:
34:94:ae:00:af:a1:e5:e7:92:6e:4e:bd:f3:e2:d9:14:8b:5c:
d2:eb:01:6c:a0:17:a5:2d:10:eb:9c:7a:4a:bd:bd:ee:ce:fd:
ed:22:40:ab:70:38:88:f5:0a:87:6a:c2:ab:05:60:c9:48:05:
da:53:c1:de:44:77:6a:b3:f3:3c:3c:ed:80:bc:a6:38:4a:29:
24:5f:fe:59:3b:9b:25:7a:56:63:00:64:b9:5d:a4:62:7d:57:
36:4f:ad:83:ef:1f:92:53:a0:8e:77:57:dd:e5:61:11:3d:23:
00:90:4c:3c:fa:a3:60:93:04:a3:af:35:f6:0e:6a:8f:4f:4a:
60:a7:85:05:6c:46:a1:8f:f4:c7:76:e3:a1:59:57:f7:71:b2:
c4:6e:14:5c:6d:6d:41:66:df:1b:93:b1:d4:00:c3:ee:cb:cf:
3c:3d:21:80:a9:5f:63:65:fc:dd:e0:5f:a4:f4:2b:f0:85:71:
41:d4:67:25:fb:1a:b1:97:ae:d6:99:82:13:41:d2:6e:a5:1b:
99:27:80:e7:0b:a9:a8:00
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L
ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM
zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU
rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF
YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT
oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu
FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB
0m6lG5kngOcLqagA
-----END CERTIFICATE-----

5
k4ever/main/backend.py Normal file
View File

@ -0,0 +1,5 @@
from django_auth_ldap.backend import LDAPBackend
CustomLDAPBackend(LDAPBackend):
def populate_user(username):

View File

@ -1,5 +1,7 @@
# Django settings for k4ever project.
import ldap
DEBUG = True
TEMPLATE_DEBUG = DEBUG
@ -60,11 +62,36 @@ ADMIN_MEDIA_PREFIX = '/media/admin/'
# Make this unique, and don't share it with anybody.
SECRET_KEY = 'l(f*a$l)_n_n_5#lh@rvhv(na^!lj1u#bow=c!*90(1w$5%b^j'
# User Profile / Login stuff
################################
## Authentication Block ##
################################
AUTH_PROFILE_MODULE = 'main.UserProfile'
LOGIN_URL = '/user/login/'
LOGIN_REDIRECT_URL = '/'
AUTHENTICATION_BACKENDS = (
'main.backend.CustomLDAPBackend',
# 'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
# ldap section
AUTH_LDAP_SERVER_URI = 'ldaps://chef.freitagsrunde.org'
AUTH_LDAP_START_TLS = False # we already use LDAPS
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=freitagsrunde,dc=org"
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn"}
AUTH_LDAP_GLOBAL_OPTIONS = {ldap.OPT_X_TLS_CACERTFILE: "data/cacert.txt"}
## Nur ein Beispiel, falls technik@ automatisch admin der Kasse werden soll.
#AUTH_LDAP_USER_FLAGS_BY_GROUP = {
## "is_active": "cn=active,ou=groups,dc=example,dc=com",
# "is_staff": "cn=staff,ou=groups,dc=example,dc=com",
# "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com"
#}
# List of callables that know how to import templates from various sources.
TEMPLATE_LOADERS = (
'django.template.loaders.filesystem.Loader',