ahmedbilal/uncloud
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[ldap] bind with admin to get attributes

Browse source
This commit is contained in:
Nico Schottelius 2020-02-23 16:52:30 +01:00
parent e2b5b5d102
commit edbfb7964e
4 changed files with 44 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
uncloud/opennebula/views.py
View file

@ -1,22 +1,27 @@
from rest_framework import viewsets, generics, permissions from rest_framework import viewsets, generics, permissions
from rest_framework.response import Response
from django.contrib.auth import get_user_model
from .models import VM from .models import VM
from .serializers import VMSerializer, OpenNebulaVMSerializer from .serializers import VMSerializer, OpenNebulaVMSerializer
#class VMList(generics.ListAPIView):
# queryset = VM.objects.all()
# serializer_class = VMSerializer
class RawVMViewSet(viewsets.ModelViewSet): class RawVMViewSet(viewsets.ModelViewSet):
# lookup_field = 'vmid'
queryset = VM.objects.all() queryset = VM.objects.all()
serializer_class = VMSerializer serializer_class = VMSerializer
permission_classes = [permissions.IsAuthenticated] permission_classes = [permissions.IsAdminUser]
class VMViewSet(viewsets.ModelViewSet): class VMViewSet(viewsets.ModelViewSet):
queryset = VM.objects.all()
serializer_class = OpenNebulaVMSerializer
permission_classes = [permissions.IsAuthenticated] permission_classes = [permissions.IsAuthenticated]
def list(self, request):
queryset = VM.objects.filter(owner=request.user)
serializer = OpenNebulaVMSerializer(queryset, many=True)
return Response(serializer.data)
def retrieve(self, request, pk=None):
queryset = VM.objects.filter(owner=request.user)
user = get_object_or_404(queryset, pk=pk)
serializer = OpenNebulaVMSerializer(queryset)
return Response(serializer.data)

8
uncloud/uncloud/secrets_sample.py
View file

@ -8,3 +8,11 @@ OPENNEBULA_URL='https://opennebula.ungleich.ch:2634/RPC2'
OPENNEBULA_USER_PASS='user:password' OPENNEBULA_USER_PASS='user:password'
POSTGRESQL_DB_NAME="uncloud" POSTGRESQL_DB_NAME="uncloud"
# See https://django-auth-ldap.readthedocs.io/en/latest/authentication.html
LDAP_ADMIN_DN=""
LDAP_ADMIN_PASSWORD=""
LDAP_SERVER_URI = ""
SECRET_KEY="dx$iqt=lc&yrp^!z5$ay^%g5lhx1y3bcu=jg(jx0yj0ogkfqvf"

26
uncloud/uncloud/settings.py
View file

@ -12,6 +12,10 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
import os import os
# Uncommitted file with secrets
import uncloud.secrets
# Build paths inside the project like this: os.path.join(BASE_DIR, ...) # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@ -20,7 +24,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/ # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'dx$iqt=lc&yrp^!z5$ay^%g5lhx1y3bcu=jg(jx0yj0ogkfqvf' SECRET_KEY = uncloud.secrets.SECRET_KEY
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True DEBUG = True
@ -100,15 +104,25 @@ AUTH_PASSWORD_VALIDATORS = [
import ldap import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
AUTH_LDAP_SERVER_URI = uncloud.secrets.LDAP_SERVER_URI
AUTH_LDAP_SERVER_URI = "ldaps://ldap1.ungleich.ch,ldaps://ldap2.ungleich.ch" AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=customer,dc=ungleich,dc=ch" "last_name": "sn",
"email": "mail"
}
AUTH_LDAP_BIND_DN = uncloud.secrets.LDAP_ADMIN_DN
AUTH_LDAP_BIND_PASSWORD = uncloud.secrets.LDAP_ADMIN_PASSWORD
AUTH_LDAP_USER_SEARCH = LDAPSearch( AUTH_LDAP_USER_SEARCH = LDAPSearch(
"ou=customer,dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)" "dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
) )
#AUTH_LDAP_BIND_AS_AUTHENTICATING_USER=True
#AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=customer,dc=ungleich,dc=ch"
################################################################################ ################################################################################
# AUTH/Django # AUTH/Django
AUTHENTICATION_BACKENDS = [ AUTHENTICATION_BACKENDS = [
@ -150,8 +164,6 @@ USE_TZ = True
STATIC_URL = '/static/' STATIC_URL = '/static/'
# Uncommitted file with secrets
import uncloud.secrets
# Database # Database

5
uncloud/uncloud/urls.py
View file

@ -24,7 +24,7 @@ from opennebula import views as oneviews
router = routers.DefaultRouter() router = routers.DefaultRouter()
router.register(r'users', views.UserViewSet) router.register(r'users', views.UserViewSet)
router.register(r'groups', views.GroupViewSet) router.register(r'groups', views.GroupViewSet)
router.register(r'opennebula', oneviews.VMViewSet) router.register(r'opennebula', oneviews.VMViewSet, basename='opennebula')
router.register(r'opennebula_raw', oneviews.RawVMViewSet) router.register(r'opennebula_raw', oneviews.RawVMViewSet)
# Wire up our API using automatic URL routing. # Wire up our API using automatic URL routing.
@ -34,7 +34,4 @@ urlpatterns = [
path('admin/', admin.site.urls), path('admin/', admin.site.urls),
path('products/', views.ProductsView.as_view(), name='products'), path('products/', views.ProductsView.as_view(), name='products'),
path('api-auth/', include('rest_framework.urls', namespace='rest_framework')) path('api-auth/', include('rest_framework.urls', namespace='rest_framework'))
# path('vm/list/', oneviews.VMList.as_view(), name='vm_list'),
# path('vm/detail/<int:vmid>/', oneviews.VMDetail.as_view(), name='vm_detail'),
] ]