TG-258 TG-280 move ldap settings in separate file and pass default settings

To activate ldap settings, you have to set LDAP_ENABLED to true. Unless you
set the environment variables to configure ldap, the defaults are used.

castellum_core/castellum_core/castellum_core/settings/default.py

@@ -70,18 +70,24 @@ AUTH_PASSWORD_VALIDATORS = [
     },
 ]
 
+
 AUTHENTICATION_BACKENDS = [
-    'django_auth_ldap.backend.LDAPBackend',
-    'django.contrib.auth.backends.ModelBackend',
+    "django.contrib.auth.backends.ModelBackend",
 ]
 
-import ldap
-from django_auth_ldap.config import LDAPSearch
 
-AUTH_LDAP_SERVER_URI = 'ldap://localhost'
-AUTH_LDAP_BIND_DN = 'cn=admin,dc=example,dc=org'
-AUTH_LDAP_BIND_PASSWORD = 'admin'
-AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=example,dc=org', ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
+LDAP_ENABLED = True
+
+if LDAP_ENABLED:
+    try:
+        from .ldap import *
+    except ImportError:
+        raise ImportError(
+            "Failed to load LDAP settings. Either you disable LDAP by setting "
+            "'LDAP_ENABLED = False' or you create a ldap.py file in the settings directory!"
+        )
+    AUTHENTICATION_BACKENDS.append("django_auth_ldap.backend.LDAPBackend")
+
 
 AUTH_USER_MODEL = 'castellum_auth.User'
 

castellum_core/castellum_core/castellum_core/settings/ldap.py

+import ldap
+import os
+
+from django_auth_ldap.config import LDAPSearch
+
+
+host = os.environ.get("LDAP_HOST", "ldap://localhost")
+distinguised_name = os.environ.get("LDAP_DISTINGUISHED_NAME", "dc=example,dc=org")
+username = os.environ.get("LDAP_USERNAME", "cn=admin," + distinguised_name)
+password = os.environ.get("LDAP_PASSWORD", "admin")
+
+AUTH_LDAP_SERVER_URI = host
+AUTH_LDAP_BIND_DN = username
+AUTH_LDAP_BIND_PASSWORD = password
+AUTH_LDAP_USER_SEARCH = LDAPSearch(distinguised_name, ldap.SCOPE_SUBTREE, '(uid=%(user)s)')