coin_ynh/conf/local.py.j2

# -*- coding: utf-8 -*-
from __future__ import unicode_literals
import os
from .settings_base import *
from .django_ldap_extension import *

DEBUG = TEMPLATE_DEBUG = False

ALLOWED_HOSTS = ['{{ domain }}']

# Prefix is hard coded for now as the app can only be installed on whole domain
URL_PREFIX = ''
STATIC_ROOT = '{{ install_dir }}/static'
NOTIFICATION_EMAILS = ['{{ email }}']
DEFAULT_FROM_EMAIL = '{{ app }}@{{ domain }}'
SITE_URL = "https://{{ domain }}{{ path }}"
SECRET_KEY = '{{ secret }}'
ISP = {
    'NAME': '{{ isp_name }}',
    'SITE': '{{ isp_site }}',
    'EMAIL': '{{ email }}',
}
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

PROJECT_DIR = os.path.abspath(os.path.dirname(__file__))

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': '{{ db_name }}',
        'USER': '{{ db_user }}',
        'PASSWORD': '{{ db_pwd }}',
        'HOST': '127.0.0.1',
        'PORT': '5432',
    },
}

FEEDS = (('ffdn', 'http://www.ffdn.org/fr/rss.xml', 3),)

# Email settings
EMAIL_USE_TLS = True
EMAIL_PORT = 587
EMAIL_HOST = '{{ domain }}'
EMAIL_HOST_USER = '{{ app }}@{{ domain }}'
EMAIL_HOST_PASSWORD = '{{ mail_pwd }}'

# LDAP authentication and group management
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion, MemberDNGroupType, LDAPGroupType
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://localhost:389"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {
    "username": "uid",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": "cn={{ app }}.main,ou=permission,dc=yunohost,dc=org",
    "is_staff": "cn={{ app }}.staff,ou=permission,dc=yunohost,dc=org",
    "is_superuser": "cn={{ app }}.superadmin,ou=permission,dc=yunohost,dc=org"
}
AUTH_LDAP_GROUP_SEARCH = LDAPSearchUnion(
    LDAPSearch("ou=permission,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, filterstr=u'(cn=coin.*)'),
    LDAPSearch("ou=groups,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE)
)
AUTH_LDAP_GROUP_TYPE = MemberDNGroupTypeUnion(
    MemberDNGroupType("inheritPermission"), # permissionYnh
    MemberDNGroupType("member")) # groupOfNamesYnh
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_AUTHORIZE_ALL_USERS = False
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 1000
# Link Yunohost group with django permission group
AUTH_LDAP_MIRROR_GROUPS_EXCEPT = ("{{ app }}.main", "{{ app }}.staff", "{{ app }}.superadmin")
# import logging
# logger = logging.getLogger('django_auth_ldap')
# logger.addHandler(logging.StreamHandler())
# logger.setLevel(logging.DEBUG)