diff --git a/k4ever/data/cacert.txt b/k4ever/data/cacert.txt new file mode 100644 index 0000000..0b43b04 --- /dev/null +++ b/k4ever/data/cacert.txt @@ -0,0 +1,126 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org + Validity + Not Before: Oct 14 07:36:55 2005 GMT + Not After : Mar 28 07:36:55 2033 GMT + Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (4096 bit) + Modulus (4096 bit): + 00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9: + dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da: + 89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0: + 24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8: + c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa: + 51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44: + 8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34: + 29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98: + 65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0: + ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e: + 97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4: + cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6: + 85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72: + 35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e: + 4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e: + 0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9: + 2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64: + 27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed: + 5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4: + cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11: + 36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3: + d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70: + 40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a: + e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a: + df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20: + 2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97: + 4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1: + ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48: + 00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a: + 25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11: + c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91: + 99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af: + 8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42: + 74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40: + 05:fb:e9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + Authority Information Access: + OCSP - URI:http://ocsp.CAcert.org/ + CA Issuers - URI:http://www.CAcert.org/ca.crt + + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.18506 + CPS: http://www.CAcert.org/index.php?id=10 + + Signature Algorithm: md5WithRSAEncryption + 7f:08:88:a1:da:1a:50:49:da:89:fb:a1:08:72:f3:8a:f7:1e: + c4:3a:b4:79:5b:20:30:b1:45:de:c2:5d:d3:65:69:f1:c2:5d: + 54:54:3c:85:5f:b9:7b:42:91:c2:99:fd:1b:51:9b:ab:46:a5: + a1:10:53:9e:6d:88:ac:73:6e:2c:33:a6:f0:f4:9e:e0:75:c1: + 3e:88:45:a9:e1:66:43:fe:56:5a:d1:7a:41:78:f7:40:da:4a: + 3a:f1:0b:5b:a5:bb:16:06:e6:c2:e7:93:b9:85:4d:97:4f:b1: + 1e:38:43:80:ef:9b:0d:8c:ef:b8:a7:60:00:87:57:7d:1e:44: + 1c:cb:23:ef:9b:3c:99:9d:af:b5:29:1c:45:79:16:96:4d:27: + 6d:f1:1c:6c:c3:c2:55:64:b3:bc:14:e2:f3:a4:1f:1e:32:fc: + 27:15:05:cf:dd:2e:ae:3e:82:61:7b:f0:21:10:18:f6:44:ea: + 53:39:f9:dc:d0:9a:20:e0:c6:bb:e0:bb:5a:4f:c4:99:c8:07: + bd:b5:bd:a2:db:2e:62:0d:42:34:41:bc:ff:8b:8a:f5:51:22: + aa:88:30:00:e2:b0:d4:bc:be:65:ba:d5:03:57:79:9b:e8:dc: + c8:4d:f8:50:ed:91:a5:52:28:a2:ac:fb:36:58:3e:e9:94:2b: + 91:50:87:1b:d6:5e:d6:8c:cc:f7:0f:10:0c:52:4e:d0:16:61: + e5:e5:0a:6c:bf:17:c7:72:46:57:9c:98:f5:6c:60:63:7a:6f: + 5e:b9:4e:2f:c8:b9:b9:bb:6a:85:bc:98:0d:ed:f9:3e:97:84: + 34:94:ae:00:af:a1:e5:e7:92:6e:4e:bd:f3:e2:d9:14:8b:5c: + d2:eb:01:6c:a0:17:a5:2d:10:eb:9c:7a:4a:bd:bd:ee:ce:fd: + ed:22:40:ab:70:38:88:f5:0a:87:6a:c2:ab:05:60:c9:48:05: + da:53:c1:de:44:77:6a:b3:f3:3c:3c:ed:80:bc:a6:38:4a:29: + 24:5f:fe:59:3b:9b:25:7a:56:63:00:64:b9:5d:a4:62:7d:57: + 36:4f:ad:83:ef:1f:92:53:a0:8e:77:57:dd:e5:61:11:3d:23: + 00:90:4c:3c:fa:a3:60:93:04:a3:af:35:f6:0e:6a:8f:4f:4a: + 60:a7:85:05:6c:46:a1:8f:f4:c7:76:e3:a1:59:57:f7:71:b2: + c4:6e:14:5c:6d:6d:41:66:df:1b:93:b1:d4:00:c3:ee:cb:cf: + 3c:3d:21:80:a9:5f:63:65:fc:dd:e0:5f:a4:f4:2b:f0:85:71: + 41:d4:67:25:fb:1a:b1:97:ae:d6:99:82:13:41:d2:6e:a5:1b: + 99:27:80:e7:0b:a9:a8:00 +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS +BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v +cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9 +4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB +Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J +0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ +FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx +bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q +SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb +6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV +m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g +eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG +kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7 +6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG +CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc +aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB +gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w +aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6 +tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0 +nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M +77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV +Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L +ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM +zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU +rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF +YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT +oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu +FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB +0m6lG5kngOcLqagA +-----END CERTIFICATE----- diff --git a/k4ever/main/backend.py b/k4ever/main/backend.py new file mode 100644 index 0000000..93f72f0 --- /dev/null +++ b/k4ever/main/backend.py @@ -0,0 +1,5 @@ +from django_auth_ldap.backend import LDAPBackend + +CustomLDAPBackend(LDAPBackend): + def populate_user(username): + diff --git a/k4ever/settings.py b/k4ever/settings.py index 9067c4e..01c2891 100644 --- a/k4ever/settings.py +++ b/k4ever/settings.py @@ -1,5 +1,7 @@ # Django settings for k4ever project. +import ldap + DEBUG = True TEMPLATE_DEBUG = DEBUG @@ -60,11 +62,36 @@ ADMIN_MEDIA_PREFIX = '/media/admin/' # Make this unique, and don't share it with anybody. SECRET_KEY = 'l(f*a$l)_n_n_5#lh@rvhv(na^!lj1u#bow=c!*90(1w$5%b^j' -# User Profile / Login stuff + +################################ +## Authentication Block ## +################################ AUTH_PROFILE_MODULE = 'main.UserProfile' LOGIN_URL = '/user/login/' LOGIN_REDIRECT_URL = '/' +AUTHENTICATION_BACKENDS = ( + 'main.backend.CustomLDAPBackend', +# 'django_auth_ldap.backend.LDAPBackend', + 'django.contrib.auth.backends.ModelBackend', +) + +# ldap section +AUTH_LDAP_SERVER_URI = 'ldaps://chef.freitagsrunde.org' +AUTH_LDAP_START_TLS = False # we already use LDAPS +AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=freitagsrunde,dc=org" +AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn"} +AUTH_LDAP_GLOBAL_OPTIONS = {ldap.OPT_X_TLS_CACERTFILE: "data/cacert.txt"} + +## Nur ein Beispiel, falls technik@ automatisch admin der Kasse werden soll. +#AUTH_LDAP_USER_FLAGS_BY_GROUP = { +## "is_active": "cn=active,ou=groups,dc=example,dc=com", +# "is_staff": "cn=staff,ou=groups,dc=example,dc=com", +# "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com" +#} + + + # List of callables that know how to import templates from various sources. TEMPLATE_LOADERS = ( 'django.template.loaders.filesystem.Loader',