Support SSO authentication via django-auth-ldap

Other changes:

* Bugfix Redis cache backend
* remove "virtualenv" and use "python3 -m venv"

README.md

@@ -31,9 +31,9 @@ You can edit the file `$final_path/local_settings.py` to enable or disable featu
 
 # Miscellaneous
 
-## LDAP connexion
+## LDAP connection
 
-TODO: https://github.com/django-auth-ldap/django-auth-ldap
+Supported by https://github.com/django-auth-ldap/django-auth-ldap
 
 ## Links
 

conf/ynh_pyinventory_settings.py

@@ -11,6 +11,8 @@
 
 from pathlib import Path as __Path
 
+import ldap
+from django_auth_ldap.config import LDAPSearch
 from inventory_project.settings.base import *  # noqa
 
 DEBUG = False
@@ -34,6 +36,45 @@ PATH_URL = PATH_URL.strip('/')
 ROOT_URLCONF = 'ynh_urls'  # /opt/yunohost/pyinventory/ynh_urls.py
 
 # -----------------------------------------------------------------------------
+# https://github.com/django-auth-ldap/django-auth-ldap
+
+LDAP_SERVER_URI = 'ldap://localhost:389'
+LDAP_START_TLS = True
+
+# enable anonymous searches
+# https://django-auth-ldap.readthedocs.io/en/latest/authentication.html?highlight=anonymous#search-bind
+LDAP_BIND_DN = ''
+LDAP_BIND_PASSWORD = ''
+
+LDAP_ROOT_DN = 'ou=users,dc=yunohost,dc=org'
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch(LDAP_ROOT_DN, ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+    'username': 'uid',
+    'first_name': 'givenName',
+    'last_name': 'sn',
+    'email': 'mail',
+}
+
+# This is the default, but I like to be explicit.
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+
+# Use LDAP group membership to calculate group permissions.
+AUTH_LDAP_FIND_GROUP_PERMS = True
+
+# Cache distinguished names and group memberships for an hour to minimize LDAP traffic
+AUTH_LDAP_CACHE_TIMEOUT = 3600
+
+# Keep ModelBackend around for per-user permissions and superuser
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+
+# -----------------------------------------------------------------------------
+
 
 ADMINS = (
     ('__ADMIN__', '__ADMINMAIL__'),
@@ -84,9 +125,6 @@ CACHES = {
         # 'LOCATION': 'unix:///var/run/redis/redis.sock?db=1',
         'OPTIONS': {
             'CLIENT_CLASS': 'django_redis.client.DefaultClient',
-            'PARSER_CLASS': 'redis.connection.HiredisParser',
-            'PASSWORD': None,
-            'CONNECTION_POOL_KWARGS': {},
         },
         'KEY_PREFIX': '__APP__',
     },
@@ -137,6 +175,7 @@ LOGGING = {
         'django': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
         'axes': {'handlers': ['syslog', 'mail_admins'], 'level': 'WARNING', 'propagate': False},
         'django_tools': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
+        'django_auth_ldap': {'handlers': ['syslog', 'mail_admins'], 'level': 'DEBUG', 'propagate': False},
         'inventory': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
     },
 }

manifest.json

@@ -5,7 +5,7 @@
 	"description": {
 		"en": "Web based management to catalog things including state and location etc."
 	},
-	"version": "0.8.1~ynh4",
+	"version": "0.8.1~ynh5",
 	"url": "https://github.com/jedie/PyInventory",
 	"license": "GPL-3.0",
 	"maintainer": {

scripts/_common.sh

@@ -24,12 +24,14 @@ log_file="${log_path}/pyinventory.log"
 #=================================================
 
 # dependencies used by the app
-pkg_dependencies="build-essential python3-dev python3-pip python3-virtualenv virtualenv git \
+pkg_dependencies="build-essential python3-dev python3-pip python3-virtualenv git \
-	postgresql postgresql-contrib"
+	postgresql postgresql-contrib python3-ldap libldap2-dev libsasl2-dev"
 
 # PyInventory's version for PIP and settings file
 pyinventory_version="0.8.1"
 
+# Extra python packages:
+pypi_extras="django-redis django-auth-ldap"
 
 #=================================================
 # Redis HELPERS

scripts/install

@@ -102,7 +102,7 @@ ynh_system_user_create --username="$app" --home_dir="$final_path" --use_shell
 #=================================================
 ynh_script_progression --message="Install PyInventory using PIP..." --weight=80
 
-virtualenv --python=python3 "${final_path}/venv"
+python3 -m venv "${final_path}/venv"
 chown -R "$app" "$final_path"
 
 #run source in a 'sub shell'
@@ -113,6 +113,7 @@ chown -R "$app" "$final_path"
 	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pip
 	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade setuptools wheel psycopg2-binary
 	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pyinventory=="$pyinventory_version"
+	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade ${pypi_extras}
 )
 
 #=================================================

scripts/upgrade

@@ -87,7 +87,7 @@ ynh_add_systemd_config --service="$app" --template="pyinventory.service"
 
 ynh_script_progression --message="Install pyinventory using PIP..." --weight=15
 
-virtualenv --python=python3 "${final_path}/venv"
+python3 -m venv "${final_path}/venv"
 chown -R "$app" "$final_path"
 
 #run source in a 'sub shell'
@@ -98,6 +98,7 @@ chown -R "$app" "$final_path"
   ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pip
   ynh_exec_as $app $final_path/venv/bin/pip install --upgrade setuptools wheel psycopg2-binary
   ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pyinventory=="$pyinventory_version"
+	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade ${pypi_extras}
 )
 
 #=================================================