From c20bf265ad0906baf8f3b42298b9032d5155b2e8 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 3 Apr 2025 13:55:34 +0200
Subject: [PATCH] chore(web02/cas): Patch cas-eleves settings

---
 REUSE.toml                                |  2 +-
 default.nix                               |  1 +
 patches/cas-eleves/01-ldap-settings.patch | 20 ++++++++++++++++++++
 patches/default.nix                       |  4 ++++
 4 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 patches/cas-eleves/01-ldap-settings.patch

diff --git a/REUSE.toml b/REUSE.toml
index 142ad9f..53c1843 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -20,7 +20,7 @@ precedence = "closest"
 [[annotations]]
 SPDX-FileCopyrightText = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>"
 SPDX-License-Identifier = "EUPL-1.2"
-path = ["machines/nixos/compute01/ds-fr/01-smtp-tls.patch", "machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/vault01/k-radius/packages/02-remove-noisy-logs.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/01-pretalx-environment-file.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch"]
+path = ["machines/nixos/compute01/ds-fr/01-smtp-tls.patch", "machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/vault01/k-radius/packages/02-remove-noisy-logs.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/01-pretalx-environment-file.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch", "patches/cas-eleves/01-ldap-settings.patch"]
 precedence = "closest"
 
 [[annotations]]
diff --git a/default.nix b/default.nix
index 8ac629e..c2ba752 100644
--- a/default.nix
+++ b/default.nix
@@ -103,6 +103,7 @@ let
           "patches/nixpkgs/01-pretalx-environment-file.patch"
           "patches/nixpkgs/03-crabfit-karla.patch"
           "patches/nixpkgs/05-netbird-relay.patch"
+          "patches/cas-eleves/01-ldap-settings.patch"
         ];
         copyright = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>";
       }
diff --git a/patches/cas-eleves/01-ldap-settings.patch b/patches/cas-eleves/01-ldap-settings.patch
new file mode 100644
index 0000000..ef86635
--- /dev/null
+++ b/patches/cas-eleves/01-ldap-settings.patch
@@ -0,0 +1,20 @@
+diff --git i/app/settings.py w/app/settings.py
+index 57ff8ac..56f2581 100644
+--- i/app/settings.py
++++ w/app/settings.py
+@@ -174,14 +174,8 @@ LOGGING = {
+
+ CAS_AUTH_CLASS = "cas_server.auth.LdapAuthUser"
+ CAS_LDAP_SERVER = ldap3.Server(
+-    credentials.get("LDAP_URI", "ldaps://ldap.spi.ens.fr:636"),
++    credentials.get("LDAP_URI", "ldap://ldap.spi.ens.fr:389"),
+     get_info=ldap3.ALL,
+-    tls=ldap3.Tls(
+-        validate=ssl.CERT_REQUIRED,
+-        version=ssl.PROTOCOL_TLSv1_1,
+-        ciphers="AES256-SHA:@SECLEVEL=0",
+-        ssl_options=[ssl.OP_LEGACY_SERVER_CONNECT],
+-    ),
+ )
+ CAS_LDAP_BASE_DN = "dc=spi,dc=ens,dc=fr"
+ CAS_LDAP_USER_QUERY = "(uid=%s)"
diff --git a/patches/default.nix b/patches/default.nix
index dd1779e..1a48cef 100644
--- a/patches/default.nix
+++ b/patches/default.nix
@@ -11,6 +11,10 @@ let
 in
 
 {
+  cas-eleves = [
+    (local ./cas-eleves/01-ldap-settings.patch)
+  ];
+
   lix = [
     (local ./lix/01-disable-installChecks.patch)
   ];