implement multiple ldap servers

awx/main/tests/data/ldap_ansible.ldif

@@ -0,0 +1,163 @@
+
+dn: dc=ansible,dc=com
+dc: ansible
+description: My wonderful company as much text as you want to place
+ in this line up to 32K continuation data for the line above must
+ have <CR> or <CR><LF> i.e. ENTER work
+ on both Windows and *nix system - new line MUST begin with ONE SPACE
+objectClass: dcObject
+objectClass: organization
+o: ansible.com
+
+# groups
+
+dn: ou=groups,dc=ansible,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: groups
+
+# group: Superusers
+
+dn: cn=superusers,ou=groups,dc=ansible,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: superusers
+member: cn=super_user1,ou=people,dc=ansible,dc=com
+
+# group: Engineering
+
+dn: cn=engineering,ou=groups,dc=ansible,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: engineering
+member: cn=eng_admin1,ou=people,dc=ansible,dc=com
+member: cn=eng_user1,ou=people,dc=ansible,dc=com
+member: cn=eng_user2,ou=people,dc=ansible,dc=com
+
+dn: cn=engineering_admins,ou=groups,dc=ansible,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: engineering_admins
+member: cn=eng_admin1,ou=people,dc=ansible,dc=com
+
+# group: Sales
+
+dn: cn=sales,ou=groups,dc=ansible,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: sales
+member: cn=sales_user1,ou=people,dc=ansible,dc=com
+member: cn=sales_user2,ou=people,dc=ansible,dc=com
+
+# group: IT
+
+dn: cn=it,ou=groups,dc=ansible,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: it
+member: cn=it_user1,ou=people,dc=ansible,dc=com
+member: cn=it_user2,ou=people,dc=ansible,dc=com
+
+
+# users
+
+dn: ou=people,dc=ansible,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: people
+
+# users - superusers
+
+dn: cn=super_user1,ou=people,dc=ansible,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: super_user1
+sn: User 1
+givenName: Super
+mail: super_user1@ansible.com
+userPassword: password
+
+# users - engineering
+
+dn: cn=eng_user1,ou=people,dc=ansible,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: eng_user1
+sn: User 1
+givenName: Engineering
+mail: eng_user1@ansible.com
+userPassword: password
+
+dn: cn=eng_user2,ou=people,dc=ansible,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: eng_user2
+sn: User 2
+givenName: Engineering
+mail: eng_user2@ansible.com
+userPassword: password
+
+dn: cn=eng_admin1,ou=people,dc=ansible,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: eng_admin1
+sn: Admin 1
+givenName: Engineering
+mail: eng_admin1@ansible.com
+userPassword: password
+
+# users - IT
+
+dn: cn=it_user1,ou=people,dc=ansible,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: it_user1
+sn: Technology User 1
+givenName: Information
+mail: it_user1@ansible.com
+userPassword: password
+
+dn: cn=it_user2,ou=people,dc=ansible,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: it_user2
+sn: Technology User 2
+givenName: Information
+mail: it_user2@ansible.com
+userPassword: password
+
+# users - Sales
+
+dn: cn=sales_user1,ou=people,dc=ansible,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: sales_user1
+sn: Person 1
+givenName: Sales
+mail: sales_user1@ansible.com
+userPassword: password
+
+dn: cn=sales_user2,ou=people,dc=ansible,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: sales_user2
+sn: Person 2
+givenName: Sales
+mail: sales_user2@ansible.com
+userPassword: password

awx/main/tests/data/ldap_example.ldif

@@ -0,0 +1,78 @@
+
+dn: dc=example,dc=com
+dc: example
+description: My wonderful company as much text as you want to place
+ in this line up to 32K continuation data for the line above must
+ have <CR> or <CR><LF> i.e. ENTER work
+ on both Windows and *nix system - new line MUST begin with ONE SPACE
+objectClass: dcObject
+objectClass: organization
+o: example.com
+
+# groups
+
+dn: ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: groups
+
+# group: Superusers
+
+dn: cn=superusers,ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: superusers
+member: cn=super_user1,ou=people,dc=example,dc=com
+
+# group: Sales
+
+dn: cn=sales,ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: sales
+member: cn=sales_user1,ou=people,dc=example,dc=com
+member: cn=sales_user2,ou=people,dc=example,dc=com
+
+# users
+
+dn: ou=people,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: people
+
+# users - superusers
+
+dn: cn=super_user1,ou=people,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: super_user1
+sn: User 1
+givenName: Super
+mail: super_user1@example.com
+userPassword: password
+
+# users - Sales
+
+dn: cn=sales_user1,ou=people,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: sales_user1
+sn: Person 1
+givenName: Sales
+mail: sales_user1@example.com
+userPassword: password
+
+dn: cn=sales_user2,ou=people,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: sales_user2
+sn: Person 2
+givenName: Sales
+mail: sales_user2@example.com
+userPassword: password

awx/main/tests/data/ldap_redhat.ldif

@@ -0,0 +1,163 @@
+
+dn: dc=redhat,dc=com
+dc: redhat
+description: My wonderful company as much text as you want to place
+ in this line up to 32K continuation data for the line above must
+ have <CR> or <CR><LF> i.e. ENTER work
+ on both Windows and *nix system - new line MUST begin with ONE SPACE
+objectClass: dcObject
+objectClass: organization
+o: redhat.com
+
+# groups
+
+dn: ou=groups,dc=redhat,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: groups
+
+# group: Superusers
+
+dn: cn=superusers,ou=groups,dc=redhat,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: superusers
+member: cn=super_user1,ou=people,dc=redhat,dc=com
+
+# group: Engineering
+
+dn: cn=engineering,ou=groups,dc=redhat,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: engineering
+member: cn=eng_admin1,ou=people,dc=redhat,dc=com
+member: cn=eng_user1,ou=people,dc=redhat,dc=com
+member: cn=eng_user2,ou=people,dc=redhat,dc=com
+
+dn: cn=engineering_admins,ou=groups,dc=redhat,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: engineering_admins
+member: cn=eng_admin1,ou=people,dc=redhat,dc=com
+
+# group: Sales
+
+dn: cn=sales,ou=groups,dc=redhat,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: sales
+member: cn=sales_user1,ou=people,dc=redhat,dc=com
+member: cn=sales_user2,ou=people,dc=redhat,dc=com
+
+# group: IT
+
+dn: cn=it,ou=groups,dc=redhat,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: it
+member: cn=it_user1,ou=people,dc=redhat,dc=com
+member: cn=it_user2,ou=people,dc=redhat,dc=com
+
+
+# users
+
+dn: ou=people,dc=redhat,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: people
+
+# users - superusers
+
+dn: cn=super_user1,ou=people,dc=redhat,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: super_user1
+sn: User 1
+givenName: Super
+mail: super_user1@redhat.com
+userPassword: password
+
+# users - engineering
+
+dn: cn=eng_user1,ou=people,dc=redhat,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: eng_user1
+sn: User 1
+givenName: Engineering
+mail: eng_user1@redhat.com
+userPassword: password
+
+dn: cn=eng_user2,ou=people,dc=redhat,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: eng_user2
+sn: User 2
+givenName: Engineering
+mail: eng_user2@redhat.com
+userPassword: password
+
+dn: cn=eng_admin1,ou=people,dc=redhat,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: eng_admin1
+sn: Admin 1
+givenName: Engineering
+mail: eng_admin1@redhat.com
+userPassword: password
+
+# users - IT
+
+dn: cn=it_user1,ou=people,dc=redhat,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: it_user1
+sn: Technology User 1
+givenName: Information
+mail: it_user1@redhat.com
+userPassword: password
+
+dn: cn=it_user2,ou=people,dc=redhat,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: it_user2
+sn: Technology User 2
+givenName: Information
+mail: it_user2@redhat.com
+userPassword: password
+
+# users - Sales
+
+dn: cn=sales_user1,ou=people,dc=redhat,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: sales_user1
+sn: Person 1
+givenName: Sales
+mail: sales_user1@redhat.com
+userPassword: password
+
+dn: cn=sales_user2,ou=people,dc=redhat,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: sales_user2
+sn: Person 2
+givenName: Sales
+mail: sales_user2@redhat.com
+userPassword: password

awx/main/tests/functional/conftest.py

@@ -73,7 +73,8 @@ def user():
         try:
             user = User.objects.get(username=name)
         except User.DoesNotExist:
-            user = User(username=name, is_superuser=is_superuser, password=name)
+            user = User(username=name, is_superuser=is_superuser)
+            user.set_password(name)
             user.save()
         return user
     return u

awx/main/tests/functional/test_ldap.py

@@ -0,0 +1,130 @@
+
+import ldap
+import ldif
+import pytest
+import os
+from mockldap import MockLdap
+
+from awx.api.versioning import reverse
+
+
+@pytest.fixture
+def ldap_generator():
+    def fn(fname, host='localhost'):
+
+        fh = open(os.path.join(os.path.dirname(os.path.realpath(__file__)), fname), 'rb')
+        ctrl = ldif.LDIFRecordList(fh)
+        ctrl.parse()
+
+        directory = dict(ctrl.all_records)
+
+        mockldap = MockLdap(directory)
+
+        mockldap.start()
+        mockldap['ldap://{}/'.format(host)]
+
+        conn = ldap.initialize('ldap://{}/'.format(host))
+
+        return conn
+        #mockldap.stop()
+
+    return fn
+
+
+@pytest.fixture
+def ldap_settings_generator():
+    def fn(prefix='', dc='ansible', host='ldap.ansible.com'):
+        prefix = '_{}'.format(prefix) if prefix else ''
+
+        data = {
+            'AUTH_LDAP_SERVER_URI': 'ldap://{}'.format(host),
+            'AUTH_LDAP_BIND_DN': 'cn=eng_user1,ou=people,dc={},dc=com'.format(dc),
+            'AUTH_LDAP_BIND_PASSWORD': 'password',
+            "AUTH_LDAP_USER_SEARCH": [
+                "ou=people,dc={},dc=com".format(dc),
+                "SCOPE_SUBTREE",
+                "(cn=%(user)s)"
+            ],
+            "AUTH_LDAP_TEAM_MAP": {
+                "LDAP Sales": {
+                    "organization": "LDAP Organization",
+                    "users": "cn=sales,ou=groups,dc={},dc=com".format(dc),
+                    "remove": True
+                },
+                "LDAP IT": {
+                    "organization": "LDAP Organization",
+                    "users": "cn=it,ou=groups,dc={},dc=com".format(dc),
+                    "remove": True
+                },
+                "LDAP Engineering": {
+                    "organization": "LDAP Organization",
+                    "users": "cn=engineering,ou=groups,dc={},dc=com".format(dc),
+                    "remove": True
+                }
+            },
+            "AUTH_LDAP_REQUIRE_GROUP": None,
+            "AUTH_LDAP_USER_ATTR_MAP": {
+                "first_name": "givenName",
+                "last_name": "sn",
+                "email": "mail"
+            },
+            "AUTH_LDAP_GROUP_SEARCH": [
+                "dc={},dc=com".format(dc),
+                "SCOPE_SUBTREE",
+                "(objectClass=groupOfNames)"
+            ],
+            "AUTH_LDAP_USER_FLAGS_BY_GROUP": {
+                "is_superuser": "cn=superusers,ou=groups,dc={},dc=com".format(dc)
+            },
+            "AUTH_LDAP_ORGANIZATION_MAP": {
+                "LDAP Organization": {
+                    "admins": "cn=engineering_admins,ou=groups,dc={},dc=com".format(dc),
+                    "remove_admins": False,
+                    "users": [
+                        "cn=engineering,ou=groups,dc={},dc=com".format(dc),
+                        "cn=sales,ou=groups,dc={},dc=com".format(dc),
+                        "cn=it,ou=groups,dc={},dc=com".format(dc)
+                    ],
+                    "remove_users": False
+                }
+            },
+        }
+
+        if prefix:
+            data_new = dict()
+            for k,v in data.iteritems():
+                k_new = k.replace('AUTH_LDAP', 'AUTH_LDAP{}'.format(prefix))
+                data_new[k_new] = v
+        else:
+            data_new = data
+
+        return data_new
+    return fn
+
+
+# Note: mockldap isn't fully featured. Fancy queries aren't fully baked.
+# However, objects returned are solid so they should flow through django ldap middleware nicely.
+@pytest.mark.django_db
+def test_login(ldap_generator, patch, post, admin, ldap_settings_generator):
+    auth_url = reverse('api:auth_token_view')
+    ldap_settings_url = reverse('api:setting_singleton_detail', kwargs={'category_slug': 'ldap'})
+
+    # Generate mock ldap servers and init with ldap data
+    ldap_generator("../data/ldap_example.ldif", "ldap.example.com")
+    ldap_generator("../data/ldap_redhat.ldif", "ldap.redhat.com")
+    ldap_generator("../data/ldap_ansible.ldif", "ldap.ansible.com")
+
+    ldap_settings_example = ldap_settings_generator(dc='example')
+    ldap_settings_ansible = ldap_settings_generator(prefix='1', dc='ansible')
+    ldap_settings_redhat = ldap_settings_generator(prefix='2', dc='redhat')
+
+    # eng_user1 exists in ansible and redhat but not example
+    patch(ldap_settings_url, user=admin, data=ldap_settings_example, expect=200)
+
+    post(auth_url, data={'username': 'eng_user1', 'password': 'password'}, expect=400)
+
+    patch(ldap_settings_url, user=admin, data=ldap_settings_ansible, expect=200)
+    patch(ldap_settings_url, user=admin, data=ldap_settings_redhat, expect=200)
+
+    post(auth_url, data={'username': 'eng_user1', 'password': 'password'}, expect=200)
+

awx/main/tests/functional/utils/test_common.py

@@ -20,7 +20,7 @@ def test_model_to_dict_user(alice):
     output_dict = model_to_dict(alice)
     assert output_dict['username'] == username
     assert output_dict['password'] == 'hidden'
-    assert alice.username == password
+    assert alice.username == username
     assert alice.password == password
 
 

awx/settings/defaults.py

@@ -305,6 +305,11 @@ REST_FRAMEWORK = {
 
 AUTHENTICATION_BACKENDS = (
     'awx.sso.backends.LDAPBackend',
+    'awx.sso.backends.LDAPBackend1',
+    'awx.sso.backends.LDAPBackend2',
+    'awx.sso.backends.LDAPBackend3',
+    'awx.sso.backends.LDAPBackend4',
+    'awx.sso.backends.LDAPBackend5',
     'awx.sso.backends.RADIUSBackend',
     'awx.sso.backends.TACACSPlusBackend',
     'social_core.backends.google.GoogleOAuth2',

awx/sso/backends.py

@@ -133,6 +133,26 @@ class LDAPBackend(BaseLDAPBackend):
         return set()
 
 
+class LDAPBackend1(LDAPBackend):
+    settings_prefix = 'AUTH_LDAP_1_'
+
+
+class LDAPBackend2(LDAPBackend):
+    settings_prefix = 'AUTH_LDAP_2_'
+
+
+class LDAPBackend3(LDAPBackend):
+    settings_prefix = 'AUTH_LDAP_3_'
+
+
+class LDAPBackend4(LDAPBackend):
+    settings_prefix = 'AUTH_LDAP_4_'
+
+
+class LDAPBackend5(LDAPBackend):
+    settings_prefix = 'AUTH_LDAP_5_'
+
+
 def _decorate_enterprise_user(user, provider):
     user.set_unusable_password()
     user.save()

awx/sso/conf.py

@@ -129,8 +129,12 @@ register(
 # LDAP AUTHENTICATION SETTINGS
 ###############################################################################
 
+
+def _register_ldap(append=None):
+    append_str = '_{}'.format(append) if append else ''
+
     register(
-    'AUTH_LDAP_SERVER_URI',
+        'AUTH_LDAP{}_SERVER_URI'.format(append_str),
         field_class=fields.LDAPServerURIField,
         allow_blank=True,
         default='',
@@ -146,7 +150,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_BIND_DN',
+        'AUTH_LDAP{}_BIND_DN'.format(append_str),
         field_class=fields.CharField,
         allow_blank=True,
         default='',
@@ -161,7 +165,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_BIND_PASSWORD',
+        'AUTH_LDAP{}_BIND_PASSWORD'.format(append_str),
         field_class=fields.CharField,
         allow_blank=True,
         default='',
@@ -174,7 +178,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_START_TLS',
+        'AUTH_LDAP{}_START_TLS'.format(append_str),
         field_class=fields.BooleanField,
         default=False,
         label=_('LDAP Start TLS'),
@@ -185,7 +189,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_CONNECTION_OPTIONS',
+        'AUTH_LDAP{}_CONNECTION_OPTIONS'.format(append_str),
         field_class=fields.LDAPConnectionOptionsField,
         default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30},
         label=_('LDAP Connection Options'),
@@ -205,7 +209,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_USER_SEARCH',
+        'AUTH_LDAP{}_USER_SEARCH'.format(append_str),
         field_class=fields.LDAPSearchUnionField,
         default=[],
         label=_('LDAP User Search'),
@@ -226,7 +230,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_USER_DN_TEMPLATE',
+        'AUTH_LDAP{}_USER_DN_TEMPLATE'.format(append_str),
         field_class=fields.LDAPDNWithUserField,
         allow_blank=True,
         allow_null=True,
@@ -244,7 +248,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_USER_ATTR_MAP',
+        'AUTH_LDAP{}_USER_ATTR_MAP'.format(append_str),
         field_class=fields.LDAPUserAttrMapField,
         default={},
         label=_('LDAP User Attribute Map'),
@@ -263,7 +267,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_GROUP_SEARCH',
+        'AUTH_LDAP{}_GROUP_SEARCH'.format(append_str),
         field_class=fields.LDAPSearchField,
         default=[],
         label=_('LDAP Group Search'),
@@ -281,7 +285,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_GROUP_TYPE',
+        'AUTH_LDAP{}_GROUP_TYPE'.format(append_str),
         field_class=fields.LDAPGroupTypeField,
         label=_('LDAP Group Type'),
         help_text=_('The group type may need to be changed based on the type of the '
@@ -294,7 +298,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_REQUIRE_GROUP',
+        'AUTH_LDAP{}_REQUIRE_GROUP'.format(append_str),
         field_class=fields.LDAPDNField,
         allow_blank=True,
         allow_null=True,
@@ -311,7 +315,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_DENY_GROUP',
+        'AUTH_LDAP{}_DENY_GROUP'.format(append_str),
         field_class=fields.LDAPDNField,
         allow_blank=True,
         allow_null=True,
@@ -327,7 +331,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_USER_FLAGS_BY_GROUP',
+        'AUTH_LDAP{}_USER_FLAGS_BY_GROUP'.format(append_str),
         field_class=fields.LDAPUserFlagsField,
         default={},
         label=_('LDAP User Flags By Group'),
@@ -344,7 +348,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_ORGANIZATION_MAP',
+        'AUTH_LDAP{}_ORGANIZATION_MAP'.format(append_str),
         field_class=fields.LDAPOrganizationMapField,
         default={},
         label=_('LDAP Organization Map'),
@@ -372,7 +376,7 @@ register(
     )
 
     register(
-    'AUTH_LDAP_TEAM_MAP',
+        'AUTH_LDAP{}_TEAM_MAP'.format(append_str),
         field_class=fields.LDAPTeamMapField,
         default={},
         label=_('LDAP Team Map'),
@@ -395,6 +399,14 @@ register(
         feature_required='ldap',
     )
 
+
+_register_ldap()
+_register_ldap('1')
+_register_ldap('2')
+_register_ldap('3')
+_register_ldap('4')
+_register_ldap('5')
+
 ###############################################################################
 # RADIUS AUTHENTICATION SETTINGS
 ###############################################################################

awx/sso/fields.py

@@ -31,6 +31,21 @@ class AuthenticationBackendsField(fields.StringListField):
         ('awx.sso.backends.LDAPBackend', [
             'AUTH_LDAP_SERVER_URI',
         ]),
+        ('awx.sso.backends.LDAPBackend1', [
+            'AUTH_LDAP_1_SERVER_URI',
+        ]),
+        ('awx.sso.backends.LDAPBackend2', [
+            'AUTH_LDAP_2_SERVER_URI',
+        ]),
+        ('awx.sso.backends.LDAPBackend3', [
+            'AUTH_LDAP_3_SERVER_URI',
+        ]),
+        ('awx.sso.backends.LDAPBackend4', [
+            'AUTH_LDAP_4_SERVER_URI',
+        ]),
+        ('awx.sso.backends.LDAPBackend5', [
+            'AUTH_LDAP_5_SERVER_URI',
+        ]),
         ('awx.sso.backends.RADIUSBackend', [
             'RADIUS_SERVER',
         ]),
@@ -70,6 +85,11 @@ class AuthenticationBackendsField(fields.StringListField):
 
     REQUIRED_BACKEND_FEATURE = {
         'awx.sso.backends.LDAPBackend': 'ldap',
+        'awx.sso.backends.LDAPBackend1': 'ldap',
+        'awx.sso.backends.LDAPBackend2': 'ldap',
+        'awx.sso.backends.LDAPBackend3': 'ldap',
+        'awx.sso.backends.LDAPBackend4': 'ldap',
+        'awx.sso.backends.LDAPBackend5': 'ldap',
         'awx.sso.backends.RADIUSBackend': 'enterprise_auth',
         'awx.sso.backends.SAMLAuth': 'enterprise_auth',
     }

requirements/requirements_dev.txt

@@ -16,3 +16,4 @@ uwsgitop
 jupyter
 matplotlib
 backports.tempfile  # support in unit tests for py32+ tempfile.TemporaryDirectory
+mockldap