AUTHENTICATION_BACKENDS = (
    'custom_backend.ForceUidLDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True

AUTH_LDAP_START_TLS = True

# Cache group memberships for an hour to minimize LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType


# Baseline configuration.
AUTH_LDAP_SERVER_URI = "ldap://ldap.<%= domain %> ldap://ldap-slave-1.<%= domain %>"

AUTH_LDAP_BIND_DN = "cn=transifex-<%= hostname %>,ou=System Accounts,<%= dc_suffix %>"
AUTH_LDAP_BIND_PASSWORD = "<%= ldap_password %>"

AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,<%= dc_suffix %> ",
    ldap.SCOPE_SUBTREE, "(|(uid=%(user)s)(mail=%(user)s))")

# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,<%= dc_suffix %>",
    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")

# Only users in this group can log in.
#AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com"

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": "cn=mga-i18n,ou=Group,<%= dc_suffix %>",
    "is_staff": "cn=mga-i18n-committers,ou=Group,<%= dc_suffix %>",
    "is_superuser": "cn=mga-sysadmin,ou=Group,<%= dc_suffix %>"
}