Correct way to add ubuntu packages with tutor

Arsenii_Lebedev · December 2, 2021, 10:56am

Hello,
We have a running openedx in production managed by tutor, and we would like to add authentication via LDAP.
For this authentication, according to this answer, we neet to install packages (ibsasl2-dev python-dev libldap2-dev libssl-dev python-ldap django-auth-ldap)

We found only one solution: add this packages to dockerfile at end of apt install command which Install useful system requirements
vi "$(tutor config printroot)/env/build/openedx/dockerfile"

How we should install this packages in right way? Via new plugin? I don’t see such possibility via plugin.

Arsenii_Lebedev · February 3, 2022, 3:10pm

I wrote a pllugin that solve my problem (download ubuntu packages and add LDAP authentication)

name: addldap
version: 0.1.1
patches:
  openedx-dockerfile-post-python-requirements: |
    RUN apt update && apt install -y libsasl2-dev libldap2-dev python-dev
    RUN pip install django-auth-ldap==2.2.0 pyasn1-modules==0.2.8 pyasn1==0.4.8 python-ldap==3.3.1
  openedx-common-settings: |
    import ldap
    from django_auth_ldap.config import LDAPSearch

    # LDAP authentication settings

    AUTH_LDAP_SERVER_URI = os.getenv('AUTH_LDAP_SERVER_URI', 'ldap://your.ldap.domain.url:389')
    AUTH_LDAP_CONNECTION_OPTIONS = {ldap.OPT_REFERRALS: 0}
    AUTH_LDAP_BIND_DN = 'your-dn'
    AUTH_LDAP_BIND_PASSWORD = 'password'
    AUTH_LDAP_ALWAYS_UPDATE_USER = True
    AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True

    AUTH_LDAP_USER_SEARCH = LDAPSearch(
    'dc=your,dc=ldap,dc=domain,dc=url',
    ldap.SCOPE_SUBTREE,
    '(mail=%(user)s)',  
    )

    # Populate appropriate Django `User` instance with LDAP data
    AUTH_LDAP_USER_ATTR_MAP = {
      'username': 'UserName',
      'first_name': 'FirstName',
      'last_name': 'sn',
      'email': 'mail',
    }

    AUTHENTICATION_BACKENDS.append('django_auth_ldap.backend.LDAPBackend')
    AUTHENTICATION_BACKENDS.append('django.contrib.auth.backends.ModelBackend')

There need to do some update for maple release in login.py:
add code after line

possibly_authenticated_user = _authenticate_first_party(request, user, third_party_auth_requested)

            if possibly_authenticated_user is None:
                with transaction.atomic():  # should be tested for performance and correct use
                    possibly_authenticated_user = authenticate(
                        username=request.POST.get('email', ''), password=request.POST.get('password', ''), request=request)
                    if possibly_authenticated_user:
                        password = normalize_password(request.POST.get('password', ''))
                        possibly_authenticated_user.set_password(password)
                        possibly_authenticated_user.save()
                        profile = UserProfile(user=possibly_authenticated_user)
                        try:
                            profile.save()
                        except Exception:
                            log.exception(f"UserProfile creation failed for user {user.id}.")
                            raise
                        user = possibly_authenticated_user

system · May 4, 2022, 3:10pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.