I'm using django-auth-ldap (v1.1.4) to allow users in an LDAP directory to log in to my Django web application. This works very well, however, I would also like my users to be able to access some static resources via their Django credentials, including LDAP logins.
I'm following the pattern documented in this page of the Django documentation, using a WSGI authentication script to allow users in.
The issue I'm having is that my WSGI script appears to invoke the check_password method of the authentication provider of choice. This works fine for pure Django users, but LDAP users are out of luck, since their password is blank in the Django database.
This results in a 401 Unauthorized error on static resources, even with valid LDAP credentials. In the logs, Apache reports a password mismatch, since the (valid) entered password doesn't match a null string.
Meanwhile, users who are in Django's main authentication database are able to access the resources without a problem.
Here's a sanitised version of my Apache directives for the static resources:
<Location "/secure/">
AuthType Basic
AuthName "Authentication Required"
Require valid-user
AuthBasicProvider wsgi
WSGIAuthUserScript /path/myapp/wsgi.py
</Location>
Here's what's in '/path/myapp/wsgi.py':
import os
import os, sys
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "myapp.settings")
from django.contrib.auth.handlers.modwsgi import check_password
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
I realise that a possible workaround would be to have Apache bind directly to the LDAP, but this would lock out my non-LDAP Django users from accessing the static resources.
I'm using Django 1.5.1 and Apache 2 (point something).
Thanks in advance for any assistance.
