3

I got the LDAP authentication working but now I need two more things.

  1. I need to add the new User to the permission group default.
  2. And I need to store the department field additionally to the User.

For the first Problem I didn't find any solutions. I can only set boolean fields in the user model by using the AUTH_LDAP_USER_FLAGS_BY_GROUP directive.

How can I add the new User to this group?

The second Problem: I map the following fields to the django user model:

AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

The default user model does not have a department field. I could create a new model that inherits from the user model. But how can I tell the ldap-auth to use my own model?

baam
  • 1,122
  • 2
  • 14
  • 25
  • LDAP huh? Well, [good luck](http://875357559f655c0fd9842374.eventingnation.netdna-cdn.com/wp-content/uploads/2013/02/youre-entering-a-world-of-pain.gif). – yuvi Sep 22 '15 at 08:24
  • Ok I see no one said anything. Look I'm not an LDAP expert, but I think the point of using the LDAP backend is you're passing responsibility to LDAP instead of Django - that's why you can only set boolean on the flags - you're supposed to manage the groups through LDAP - though I think the option you're looking for is to [mirror the groups](https://pythonhosted.org/django-auth-ldap/reference.html#auth-ldap-mirror-groups) maybe? – yuvi Sep 22 '15 at 09:52
  • 1
    the group i need to set is no ldap group, so mirroring would be nice, but wont work. I found this: https://pythonhosted.org/django-auth-ldap/reference.html#django_auth_ldap.backend.LDAPBackend it says that I can override the LDAPBackend class and in populate_user i get the username. I just cant figure out how and where i should do this... any tips maybe? – baam Sep 22 '15 at 10:25
  • I understand, but the whole point of using the LDAP auth backend (or, really, any alternative authentication) is that you pass responsibility off to that backend. That means managing everything through LDAP. The best you can do is create the groups through LDAP and then mirror them for use within Django's auth system – yuvi Sep 22 '15 at 10:38
  • @baam: Have you found any working solution without LDAP mirroring? Overriding the LDAPBackend sounds promising. – Berci Mar 20 '18 at 17:04

0 Answers0