Version 16 (modified by jkocherhans, 9 years ago) (diff)

clarifications/comments on example LDAP stuff

Multiple Authentication Backends

Multiple authentication backends are now possible on the multi-auth branch.

To get a copy, execute the following:

svn co

The documentation has been updated and can be found here:

If you have problems, or the docs are unclear, please post your questions to the django-users or django-developers list.

Note: For those paying attention to this proposal, credential plugins have been completely removed. While useful for some applications, the added complexity just wasn't worth it.

Start: Added by a relative newbie on May 12, 2006

Note: In the multi-auth branch (2892), you need to set AUTHENTICATION_BACKENDS to a tuple, similar to MULTIAUTH_BACKENDS above. the authenticate method looks for this setting in your file. I have it working and all I have is:


I made a copy of contrib.auth.backends so the svn can update it without overwriting my LDAPBackend class. Don't know if that is the best way to do it or not, but it works.

I recommend you put it someplace like myapp.auth.LDAPBackend. Maintianing patches to Django is going to be a PITA. --Joseph Kocherhans

I also hacked the contrib.auth.models file to change the check_password function to check against our LDAP server, and added a few small functions to check the type of user account. I know this will break next time I update the source, but I have a copy of that as well. There is surely a better way, but I'm still learning.

You shouldn't have to hack the check_password function at all. It isn't called directly by Django's views anymore... only indirectly via django.contrib.auth.backends.ModelBacked, which you aren't using. -Joseph Kocherhans

End of newbie addition

sample LDAPBackend class

From the same newbie as above on May 12, 2006

This is located in the contrib/auth/ file. The two original models are still in the file as well. I just added this one in the middle.

class LDAPBackend:
    Authenticate against our LDAP Database
    def authenticate(self, username=None, password=None):
        # bind and see if the user exists
        if ldap.userExists(username):
            # user exists in our LDAP, see if they exist in Django
            # if not, add them to django's user database since django relies on that
                user = User.objects.get(username=username)
                if ldap.check_ldap_password(username, password):
                    return user
            except User.DoesNotExist:
                # get the first name, last name, email from ldap
                u = ldap.getUser(username)
                # get user attributes here as well, like mail, fname, lname
                user = User(username=username, password='getmefromldap')
       = mail
                user.first_name = fname
                user.last_name = lname
                user.is_staff = False
                user.is_superuser = False
                return user
            return None

    def get_user(self, user_id):
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

And it worked! I was able to logon as a user who had no entry in Django, and then it added my entry and away I went. Pretty nice stuff.

Back to Top