Opened 16 years ago

Closed 14 years ago

Last modified 14 years ago

#7282 closed (wontfix)

Integrated ldap for contrib.auth

Reported by: Jeff Anderson Owned by: nobody
Component: Contrib apps Version: dev
Severity: Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: yes
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Currently, the patch for ldap authentication [2507] works, but django still creates the user table in the database and stores password hashes that way.

Example of negative side effects from the current way that things work: We had someone that moved from one group to another in ldap, but he still appeared as a privileged user to django. When his object was created in the mysql database, the is_staff flag was set because of the group he belonged to at creation. I think he would have been switched over the next time he logged in, but it was still annoying to have to make the change in two different places, as he wasn't going to be logging in anytime soon.

The way to resolve this involves a decent amount of design decisions, but I think that the end result would be beneficial.

The obvious solution is to get the User object to be able to use ldap as a backend directly. The User object is a django model, so I'm not 100% sure what the 'right' way would be to change this behavior. Here are my ideas so far:

  • The way to have the existing code still used when using the ldap backend I believe would require that django can 1) use ldap as a database type and 2) can handle multiple databases for models.
  • One could re-write the whole model using custom field classes that are hard coded to use ldap as a backend. ldap configuration settings would go in settings.py

Some other things to consider:

  • Support for the unix-type user objects.
  • Support for the samba/active directory type user objects.
  • Support for both types-- giving priority to one over the other.
  • Support for SASL password fields.

Change History (5)

comment:1 by Jeff Anderson, 16 years ago

Needs documentation: set
Triage Stage: UnreviewedDesign decision needed

comment:2 by Thomas Güttler, 15 years ago

You mean ticket #2507 (not the changeset).

comment:3 by Thomas Güttler, 15 years ago

Cc: hv@… added

comment:4 by Thomas Güttler, 14 years ago

Resolution: wontfix
Status: newclosed

Like #2507 this feature can live outside of django.

comment:5 by Thomas Güttler, 14 years ago

Cc: hv@… removed
Note: See TracTickets for help on using tickets.
Back to Top