Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

settings: Move LDAP configuration together, in the same order. 

Match the order of the variables between `default_settings.py` and
`settings.py`, and move the defaults into `default_settings.py` so
the section does not require any uncommented lines in `settings.py` if
LDAP is not in use.
This commit is contained in:
Alex Vandiver 2021-01-12 17:05:30 -08:00 committed by Tim Abbott
parent 16ad65dd66
commit a315579140
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
zproject/default_settings.py
View File

@ -39,10 +39,19 @@ EMAIL_HOST: Optional[str] = None
# LDAP auth # LDAP auth
AUTH_LDAP_SERVER_URI = "" AUTH_LDAP_SERVER_URI = ""
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_USER_SEARCH: Optional["LDAPSearch"] = None
LDAP_APPEND_DOMAIN: Optional[str] = None LDAP_APPEND_DOMAIN: Optional[str] = None
LDAP_EMAIL_ATTR: Optional[str] = None LDAP_EMAIL_ATTR: Optional[str] = None
AUTH_LDAP_USERNAME_ATTR: Optional[str] = None
AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None
AUTH_LDAP_USERNAME_ATTR: Optional[str] = None
# AUTH_LDAP_USER_ATTR_MAP is uncommented in prod_settings_template.py,
# so the value here mainly serves to help document the default.
AUTH_LDAP_USER_ATTR_MAP: Dict[str, str] = {
"full_name": "cn",
}
# Automatically deactivate users not found by the AUTH_LDAP_USER_SEARCH query.
LDAP_DEACTIVATE_NON_MATCHING_USERS: Optional[bool] = None
# AUTH_LDAP_CONNECTION_OPTIONS: we set ldap.OPT_REFERRALS in settings.py if unset. # AUTH_LDAP_CONNECTION_OPTIONS: we set ldap.OPT_REFERRALS in settings.py if unset.
AUTH_LDAP_CONNECTION_OPTIONS: Dict[int, object] = {} AUTH_LDAP_CONNECTION_OPTIONS: Dict[int, object] = {}
# Disable django-auth-ldap caching, to prevent problems with OU changes. # Disable django-auth-ldap caching, to prevent problems with OU changes.
@ -424,8 +433,5 @@ IS_DEV_DROPLET = False
# Used by puppet/zulip_ops/files/cron.d/check_send_receive_time. # Used by puppet/zulip_ops/files/cron.d/check_send_receive_time.
NAGIOS_BOT_HOST = EXTERNAL_HOST NAGIOS_BOT_HOST = EXTERNAL_HOST
# Automatically deactivate users not found by the AUTH_LDAP_USER_SEARCH query.
LDAP_DEACTIVATE_NON_MATCHING_USERS: Optional[bool] = None
# Use half of the available CPUs for data import purposes. # Use half of the available CPUs for data import purposes.
DEFAULT_DATA_EXPORT_IMPORT_PARALLELISM = (len(os.sched_getaffinity(0)) // 2) or 1 DEFAULT_DATA_EXPORT_IMPORT_PARALLELISM = (len(os.sched_getaffinity(0)) // 2) or 1

5
zproject/prod_settings_template.py
View File

@ -142,12 +142,11 @@ from django_auth_ldap.config import LDAPSearch
# The LDAP server to connect to. Setting this enables Zulip # The LDAP server to connect to. Setting this enables Zulip
# automatically fetching each new user's name from LDAP. # automatically fetching each new user's name from LDAP.
# Example: "ldaps://ldap.example.com" #AUTH_LDAP_SERVER_URI = "ldaps://ldap.example.com"
AUTH_LDAP_SERVER_URI = ""
# The DN of the user to bind as (i.e., authenticate as) in order to # The DN of the user to bind as (i.e., authenticate as) in order to
# query LDAP. If unset, Zulip does an anonymous bind. # query LDAP. If unset, Zulip does an anonymous bind.
AUTH_LDAP_BIND_DN = "" #AUTH_LDAP_BIND_DN = ""
# Passwords and secrets are not stored in this file. The password # Passwords and secrets are not stored in this file. The password
# corresponding to AUTH_LDAP_BIND_DN goes in `/etc/zulip/zulip-secrets.conf`. # corresponding to AUTH_LDAP_BIND_DN goes in `/etc/zulip/zulip-secrets.conf`.