On Fri, Nov 22, 2013 at 11:41 PM, wrote:

We have implemented a django based website that uses LDAP as the
authentication backend(using django-auth-ldap library). We have implemented
the following so far:

1> We can authenticate a user against the LDAP server
2> On succesful login, an entry is created in the AUTH_USER table, if it
does not exist. (Note: Passwords are not saved since it is considered as a
possible security "threat")
3> A certain section of people in the company are assigned `is_staff` flag
to True.

Now, we would like to allow these `is_staff = True` employees to be able
to login the admin site. However, since the passwords are not saved in the
database, we would have to redirect the authentication on the admin site to
use the same LDAP server.

Is it possible to change the authentication backed of the admin site to
point to the same LDAP server?
It's a little unclear what the problem is here. If you've done everything
you describe, admin logins should "just work".

Admin doesn't have it's own authentication backends -- it's uses the same
authentication as the rest of Django. If you've got a login scheme that
allows users to log in with LDAP, that should be all you need to be able to
log into admin as well.

The only extra piece that admin enforces is exactly what you've described
-- there is a check to see that the admin user has is_staff and is_active
properties, and that these properties return True. These properties can be
backed by the database, or just a Python property.

What problem/errors are you seeing?

Russ Magee %-)

You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJxq84-E_VUE-ghj2D%3DhWaYQeMm5yBoMyiz-xgr5Z9kZ%3DBdEFg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 2 | next ›
Discussion Overview
groupdjango-users @
categoriesdjango, python
postedNov 22, '13 at 3:42p
activeNov 23, '13 at 1:45a

2 users in discussion

Spk265: 1 post Russell Keith-Magee: 1 post



site design / logo © 2022 Grokbase