id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
11526	LDAP authentication backend	Peter Sagerson	wiz	"There are two other tickets on LDAP authentication. #2507 shows no signs of moving to completion. #7282 is a fairly general future design suggestion. I would like to see LDAP authentication in Django, so I'm submitting here a robust implementation with full documentation and unit tests.

Key features:

  * Authentication by either direct bind or search/bind.
  * Extensible group support with included implementations for groupOfUniqueNames (flat or nested) and posixGroup. Additional mechanisms can be supported by subclassing an abstract base class and implementing at least one API.
  * Optional propagation of LDAP attributes to user and profile fields. Boolean fields can be set according to group membership.
  * Optionally calculates group permissions based on LDAP group membership and a configurable mapping from LDAP groups to Django groups.

Logistics:

  * Implementation is located in django/contrib/auth/contrib/ldap/. Of necessity, it is split into two modules: one with the backend itself and the other with classes used for configuration and support. The second is safe to import into settings.py.
  * Documentation is primarily in docs/howto/auth-ldap.txt. Settings are added to docs/ref/settings.txt. Appropriate links added to other files.
  * Unit tests include a mock ldap test harness. The python-ldap module will not be imported during unit tests. Tests pass in Python 2.3, 2.4, 2.5, and 2.6 both in the context of a project and from tests/runtests.py.

Notes:

In addition to the unit tests, I have tested this against slapd on GNU/Linux; I haven't gotten access to other LDAP servers for testing yet. It would be good to do a pass against !ActiveDirectory at least.

For grouping mechanisms, I've included support for posixGroup and groupOfUniqueNames. It's easy to add more, either before or after the initial commit.

The documentation lists versionadded as 1.1, which is obviously a fib. It should be updated to the current release version if and when it's checked in."		closed	contrib.auth	dev		wontfix	ldap	silas@… christoph.neuroth@… listuser@… ewoud+django@… django@… jeffschroeder@… francois@… django@… cstejerean@… hr.bjarni+django@… Dan Fairs	Design decision needed	1	0	0	0	0	0