AC-156 Added code and tests to support LDAP authentication (no organization or team mapping yet).

awx/settings/local_settings.py.example

@@ -60,6 +60,33 @@ SECRET_KEY = 'p7z7g1ql4%6+(6nlebb6hdk7sd^&fnjpal308%n%+p^_e6vo1y'
 # reverse proxy.
 REMOTE_HOST_HEADERS = ['REMOTE_ADDR', 'REMOTE_HOST']
 
+# LDAP connection and authentication settings.  Refer to django-auth-ldap docs:
+# http://pythonhosted.org/django-auth-ldap/authentication.html
+AUTH_LDAP_SERVER_URI = ''
+AUTH_LDAP_BIND_DN = ''
+AUTH_LDAP_BIND_PASSWORD = ''
+AUTH_LDAP_START_TLS = False
+
+import ldap
+from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
+
+# LDAP search query to find users.
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    'OU=Users,DC=example,DC=com',
+    ldap.SCOPE_SUBTREE,
+    '(sAMAccountName=%(user)s)',
+)
+
+# Alternative to user search.
+#AUTH_LDAP_USER_DN_TEMPLATE = 'sAMAccountName=%(user)s,OU=Users,DC=example,DC=com'
+
+# Mapping of LDAP attributes to user attributes.
+AUTH_LDAP_USER_ATTR_MAP = {
+    'first_name': 'givenName',
+    'last_name': 'sn',
+    'email': 'mail',
+}
+
 # Email address that error messages come from.
 SERVER_EMAIL = 'root@localhost'
 
@@ -111,6 +138,10 @@ LOGGING['handlers']['syslog'] = {
 #LOGGING['loggers']['awx.main.signals']['propagate'] = True
 #LOGGING['loggers']['awx.main.permissions']['propagate'] = True
 
+# Enable the following lines to turn on LDAP auth logging.
+#LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
+#LOGGING['loggers']['django_auth_ldap']['level'] = 'DEBUG'
+
 # Define additional environment variables to be passed to subprocess started by
 # the celery task.
 #AWX_TASK_ENV['FOO'] = 'BAR'
@@ -141,3 +172,32 @@ TEST_SVN_USERNAME = ''
 TEST_SVN_PASSWORD = ''
 TEST_SVN_PUBLIC_HTTPS = 'https://projects.ninemoreminutes.com/svn/django-site-utils/trunk/'
 TEST_SVN_PRIVATE_HTTPS = ''
+
+# LDAP connection and authentication settings for unit tests only.  LDAP tests
+# will be skipped if not configured. Refer to django-auth-ldap docs:
+# http://pythonhosted.org/django-auth-ldap/authentication.html
+TEST_AUTH_LDAP_SERVER_URI = ''
+TEST_AUTH_LDAP_BIND_DN = ''
+TEST_AUTH_LDAP_BIND_PASSWORD = ''
+TEST_AUTH_LDAP_START_TLS = False
+
+# LDAP username/password for testing authentication.
+TEST_AUTH_LDAP_USERNAME = ''
+TEST_AUTH_LDAP_PASSWORD = ''
+
+# LDAP search query to find users.
+TEST_AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    'OU=Users,DC=example,DC=com',
+    ldap.SCOPE_SUBTREE,
+    '(sAMAccountName=%(user)s)',
+)
+
+# Alternative to user search.
+TEST_AUTH_LDAP_USER_DN_TEMPLATE = 'sAMAccountName=%(user)s,OU=Users,DC=example,DC=com'
+
+# Mapping of LDAP attributes to user attributes.
+TEST_AUTH_LDAP_USER_ATTR_MAP = {
+    'first_name': 'givenName',
+    'last_name': 'sn',
+    'email': 'mail',
+}