From 858fdf6c193090f009e682a5e1922df29a22cc52 Mon Sep 17 00:00:00 2001
From: Victor Seva <vseva@sipwise.com>
Date: Fri, 7 Feb 2020 10:40:27 +0100
Subject: [PATCH] TT#19230 add LDAP support for prod environment

> https://django-auth-ldap.readthedocs.io/en/latest/index.html

Change-Id: Ib350b91e9337819ed1871d4bdc640d0bf5a71f13
---
 debian/control           |  3 +++
 debian/server.ini        |  2 ++
 repoapi/settings/prod.py | 10 ++++++++++
 requirements/prod.txt    |  1 +
 4 files changed, 16 insertions(+)

diff --git a/debian/control b/debian/control
index d8b571b..4fb75d8 100644
--- a/debian/control
+++ b/debian/control
@@ -5,6 +5,7 @@ Homepage: https://www.sipwise.com/
 Build-Depends:
  debhelper-compat (= 12),
  dh-systemd (>= 1.5),
+ libldap2-dev,
  libpq-dev,
  python3-dev,
  virtualenv,
@@ -16,7 +17,9 @@ Section: python
 Architecture: all
 Depends:
  build-essential,
+ libldap2-dev,
  libpq-dev,
+ libsasl2-dev,
  make,
  postgresql,
  python3,
diff --git a/debian/server.ini b/debian/server.ini
index 7ab6c2e..ab69d20 100644
--- a/debian/server.ini
+++ b/debian/server.ini
@@ -6,3 +6,5 @@ DOCKER_REGISTRY_URL=fake
 DB_NAME=fake
 DB_USER=fake
 DB_PWD=fake
+AUTH_LDAP_SERVER_URI=fake
+AUTH_LDAP_USER_BASE=fake
diff --git a/repoapi/settings/prod.py b/repoapi/settings/prod.py
index 9f3a111..d1acf2a 100644
--- a/repoapi/settings/prod.py
+++ b/repoapi/settings/prod.py
@@ -48,6 +48,16 @@ server_config.read(os.path.join(VAR_DIR, 'server.ini'))
 JENKINS_URL = server_config.get('server', 'JENKINS_URL')
 GERRIT_URL = server_config.get('server', 'GERRIT_URL')
 DOCKER_REGISTRY_URL = server_config.get('server', 'DOCKER_REGISTRY_URL')
+AUTH_LDAP_SERVER_URI = server_config.get('server', 'AUTH_LDAP_SERVER_URI')
+AUTH_LDAP_USER_BASE = server_config.get('server', 'AUTH_LDAP_USER_BASE')
+AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,' + AUTH_LDAP_USER_BASE
+
+# Keep ModelBackend around for per-user permissions and maybe a local
+# superuser.
+AUTHENTICATION_BACKENDS = (
+    "django_auth_ldap.backend.LDAPBackend",
+    "django.contrib.auth.backends.ModelBackend",
+)
 
 # Database
 # https://docs.djangoproject.com/en/1.8/ref/settings/#databases
diff --git a/requirements/prod.txt b/requirements/prod.txt
index 25780b5..2b9d0a8 100644
--- a/requirements/prod.txt
+++ b/requirements/prod.txt
@@ -1,2 +1,3 @@
 -r common.txt
 psycopg2
+django-auth-ldap