FAQ
We have implemented a django based website that uses LDAP as the
authentication backend(using django-auth-ldap library). We have implemented
the following so far:

1> We can authenticate a user against the LDAP server
2> On succesful login, an entry is created in the AUTH_USER table, if it
does not exist. (Note: Passwords are not saved since it is considered as a
possible security "threat")
3> A certain section of people in the company are assigned `is_staff` flag
to True.

Now, we would like to allow these `is_staff = True` employees to be able to
login the admin site. However, since the passwords are not saved in the
database, we would have to redirect the authentication on the admin site to
use the same LDAP server.

Is it possible to change the authentication backed of the admin site to
point to the same LDAP server?


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a1c32ff3-b647-44cc-b5be-f89d40f9a552%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Russell Keith-Magee at Nov 23, 2013 at 1:45 am

    On Fri, Nov 22, 2013 at 11:41 PM, wrote:

    We have implemented a django based website that uses LDAP as the
    authentication backend(using django-auth-ldap library). We have implemented
    the following so far:

    1> We can authenticate a user against the LDAP server
    2> On succesful login, an entry is created in the AUTH_USER table, if it
    does not exist. (Note: Passwords are not saved since it is considered as a
    possible security "threat")
    3> A certain section of people in the company are assigned `is_staff` flag
    to True.

    Now, we would like to allow these `is_staff = True` employees to be able
    to login the admin site. However, since the passwords are not saved in the
    database, we would have to redirect the authentication on the admin site to
    use the same LDAP server.

    Is it possible to change the authentication backed of the admin site to
    point to the same LDAP server?
    It's a little unclear what the problem is here. If you've done everything
    you describe, admin logins should "just work".

    Admin doesn't have it's own authentication backends -- it's uses the same
    authentication as the rest of Django. If you've got a login scheme that
    allows users to log in with LDAP, that should be all you need to be able to
    log into admin as well.

    The only extra piece that admin enforces is exactly what you've described
    -- there is a check to see that the admin user has is_staff and is_active
    properties, and that these properties return True. These properties can be
    backed by the database, or just a Python property.

    What problem/errors are you seeing?

    Yours,
    Russ Magee %-)

    --
    You received this message because you are subscribed to the Google Groups "Django users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
    To post to this group, send email to django-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/django-users.
    To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJxq84-E_VUE-ghj2D%3DhWaYQeMm5yBoMyiz-xgr5Z9kZ%3DBdEFg%40mail.gmail.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupdjango-users @
categoriesdjango, python
postedNov 22, '13 at 3:42p
activeNov 23, '13 at 1:45a
posts2
users2
websitedjangoproject.com

2 users in discussion

Spk265: 1 post Russell Keith-Magee: 1 post

People

Translate

site design / logo © 2022 Grokbase