Using Django Admin Page to Add Users with other AUTHENTICATION_BACKEND

Question

I'm using django_auth_ldap to authenticate users for a Django project against a large corporate ActiveDirectory system that's not organized in a useful way (and I don't have the ability to change it). As such, I have to add users individually so that I don't end up with any user who can authenticate against LDAP being able to sign into the system. It's possible to add LDAP users on the command line using

from django_auth_ldap.backend import LDAPBackend

user = LDAPBackend().populate_user('alice')

but I can't use the admin page to do the same thing (adding user forces me to enter a password rather than just having the account inherit the LDAP credentials that already exist.)

It would appear that there isn't an easy/clever way to accomplish this without having to write a django admin page (though if I'm wrong on this, please correct me). How do I add a simple admin page that just creates a user without setting the password or anything else?

I understand that the basic mechanics basically involve doing something like:

from django.contrib.auth.admin import UserAdmin
from django.contrib.auth.models import User

UserAdmin.add_form_template = ('addLDAPuser.html')

admin.site.unregister(User)
admin.site.register(User,UserAdmin)

but I'm still fuzzy on making a template and processing logic so that I don't just end up with a bunch of user accounts that will successfully authenticate against django.contrib.auth.backends.ModelBackend with empty passwords. (Obviously, I could just remove django.contrib.auth.backends.ModelBackend from the AUTHENTICATION_BACKENDS in settings.py, but that also removes my ability to have a local admin account separate from LDAP.)

related to tagging of questions, [see this feedback I received about performing curatorial actions](http://meta.stackexchange.com/q/197592/194328). You'll find it interesting. — New Alexandria, Oct 14 '13 at 14:28

OldTinfoil · Accepted Answer · 2013-10-16T12:57:32.660

What you could try is extending the standard user model and overriding its save() method. Make sure you read up on the consequences of overriding the save method here. Such a model could look like this:

from django.db import models
from django.contrib.auth.models import User

# Create your models here.

class LDAPUser(models.Model):
        user = models.OneToOneField(User, editable=False)
        username = models.CharField(max_length=32, unique=True)

        def save(self, *args, **kwargs):
                self.user, _ = User.objects.get_or_create(username=self.username)
                self.user.save()
                '''
                Do custom saving here:
                from django_auth_ldap.backend import LDAPBackend

                user = LDAPBackend().populate_user('alice')
                '''
                super(LDAPUser, self).save(*args, **kwargs)

        def __unicode__(self):
                return self.username

By not providing the user with a password, they cannot log in using the password field. Hopefully this means your LDAP backend will be the only way of authenticating for the LDAP users..

score 0 · Answer 2 · answered Oct 02 '13 at 19:33

0

Unfortunately, I don't think there's a clean way to do it without writing your custom admin page.

However, I wouldn't be so scared of it. Just create a new ModelAdmin for the auth.User model with your custom Form which will not require the password.

answered Oct 02 '13 at 19:33

knaperek

2,113
24
39

Using Django Admin Page to Add Users with other AUTHENTICATION_BACKEND

2 Answers2