add LDAP support

Dockerfile

@@ -87,12 +87,12 @@ ADD "./setup.py" "$CODE_DIR/"
 ADD "./package.json" "$CODE_DIR/archivebox/"
 RUN apt-get update -qq \
     && apt-get install -qq -y --no-install-recommends \
-        build-essential python-dev python3-dev \
+        build-essential python-dev python3-dev libldap2-dev libsasl2-dev \
     && echo 'empty placeholder for setup.py to use' > "$CODE_DIR/archivebox/README.md" \
     && python3 -c 'from distutils.core import run_setup; result = run_setup("./setup.py", stop_after="init"); print("\n".join(result.install_requires + result.extras_require["sonic"]))' > /tmp/requirements.txt \
     && pip install -r /tmp/requirements.txt \
     && pip install --upgrade youtube-dl yt-dlp \
-    && apt-get purge -y build-essential python-dev python3-dev \
+    && apt-get purge -y build-essential python-dev python3-dev libldap2-dev libsasl2-dev \
     && apt-get autoremove -y \
     && rm -rf /var/lib/apt/lists/*
 

archivebox/config.py

@@ -100,12 +100,22 @@ CONFIG_SCHEMA: Dict[str, ConfigDefaultDict] = {
         'SNAPSHOTS_PER_PAGE':        {'type': int,   'default': 40},
         'CUSTOM_TEMPLATES_DIR':      {'type': str,   'default': None},
         'TIME_ZONE':                 {'type': str,   'default': 'UTC'},
-        'TIMEZONE':                 {'type': str,   'default': 'UTC'},
+        'TIMEZONE':                  {'type': str,   'default': 'UTC'},
         'REVERSE_PROXY_USER_HEADER': {'type': str,   'default': 'Remote-User'},
         'REVERSE_PROXY_WHITELIST':   {'type': str,   'default': ''},
         'LOGOUT_REDIRECT_URL':       {'type': str,   'default': '/'},
-        'PREVIEW_ORIGINALS':        {'type': bool,  'default': True},
-        'LOGOUT_REDIRECT_URL':   {'type': str,   'default': '/'},
+        'PREVIEW_ORIGINALS':         {'type': bool,  'default': True},
+
+        'LDAP':                      {'type': bool,  'default': False},
+        'LDAP_SERVER_URI':           {'type': str,   'default': None},
+        'LDAP_BIND_DN':              {'type': str,   'default': None},
+        'LDAP_BIND_PASSWORD':        {'type': str,   'default': None},
+        'LDAP_USER_BASE':            {'type': str,   'default': None},
+        'LDAP_USER_FILTER':          {'type': str,   'default': None},
+        'LDAP_USERNAME_ATTR':        {'type': str,   'default': None},
+        'LDAP_FIRSTNAME_ATTR':       {'type': str,   'default': None},
+        'LDAP_LASTNAME_ATTR':        {'type': str,   'default': None},
+        'LDAP_EMAIL_ATTR':           {'type': str,   'default': None},
     },
 
     'ARCHIVE_METHOD_TOGGLES': {

archivebox/core/settings.py

@@ -6,6 +6,9 @@ import re
 import logging
 import tempfile
 
+import ldap
+from django_auth_ldap.config import LDAPSearch
+
 from pathlib import Path
 from django.utils.crypto import get_random_string
 
@@ -20,6 +23,17 @@ from ..config import (
     OUTPUT_DIR,
     LOGS_DIR,
     TIMEZONE,
+
+    LDAP,
+    LDAP_SERVER_URI,
+    LDAP_BIND_DN,
+    LDAP_BIND_PASSWORD,
+    LDAP_USER_BASE,
+    LDAP_USER_FILTER,
+    LDAP_USERNAME_ATTR,
+    LDAP_FIRSTNAME_ATTR,
+    LDAP_LASTNAME_ATTR,
+    LDAP_EMAIL_ATTR,
 )
 
 IS_MIGRATING = 'makemigrations' in sys.argv[:3] or 'migrate' in sys.argv[:3]
@@ -54,7 +68,6 @@ INSTALLED_APPS = [
     'django_extensions',
 ]
 
-
 MIDDLEWARE = [
     'core.middleware.TimezoneMiddleware',
     'django.middleware.security.SecurityMiddleware',
@@ -67,11 +80,48 @@ MIDDLEWARE = [
     'core.middleware.CacheControlMiddleware',
 ]
 
+################################################################################
+### Authentication Settings
+################################################################################
+
 AUTHENTICATION_BACKENDS = [
     'django.contrib.auth.backends.RemoteUserBackend',
     'django.contrib.auth.backends.ModelBackend',
 ]
 
+if LDAP:
+    global AUTH_LDAP_SERVER_URI
+    AUTH_LDAP_SERVER_URI = LDAP_SERVER_URI
+
+    global AUTH_LDAP_BIND_DN
+    AUTH_LDAP_BIND_DN = LDAP_BIND_DN
+
+    global AUTH_LDAP_BIND_PASSWORD
+    AUTH_LDAP_BIND_PASSWORD = LDAP_BIND_PASSWORD
+
+    global AUTH_LDAP_USER_SEARCH
+    AUTH_LDAP_USER_SEARCH = LDAPSearch(
+        LDAP_USER_BASE,
+        ldap.SCOPE_SUBTREE,
+        '(&(' + LDAP_USERNAME_ATTR + '=%(user)s)' + LDAP_USER_FILTER + ')',
+    )
+
+    global AUTH_LDAP_USER_ATTR_MAP
+    AUTH_LDAP_USER_ATTR_MAP = {
+        'username': LDAP_USERNAME_ATTR,
+        'first_name': LDAP_FIRSTNAME_ATTR,
+        'last_name': LDAP_LASTNAME_ATTR,
+        'email': LDAP_EMAIL_ATTR,
+    }
+
+    AUTHENTICATION_BACKENDS = [
+        'django_auth_ldap.backend.LDAPBackend',
+    ]
+
+################################################################################
+### Debug Settings
+################################################################################
+
 # only enable debug toolbar when in DEBUG mode with --nothreading (it doesnt work in multithreaded mode)
 DEBUG_TOOLBAR = DEBUG and ('--nothreading' in sys.argv) and ('--reload' not in sys.argv)
 if DEBUG_TOOLBAR:

setup.py

@@ -47,6 +47,7 @@ INSTALL_REQUIRES = [
     "croniter>=0.3.34",
     "w3lib>=1.22.0",
     "ipython>5.0.0",
+    "django-auth-ldap>=4.1.0"
 ]
 EXTRAS_REQUIRE = {
     'sonic': [