0

Following this post (I was looking for a library allowing me to declare Django models on a ldap backend), I have decided to use ldapdb. After having played a while with this library, I figured out that it doesn't reach the level of control I need, and I am therefore looking for other solutions. What I am thinking of now is implementing a Django db backend based on python-ldap.

EDIT

I need this because I am currently implementing a user/group management system on a ldap directory (it requires to be able to manipulate not only users, but different classes of ldap objects as well). So basically, I would like to be able to use (nearly) full Django orm, but with a ldap backend.

Because I love Django (and would be rather motivated in learning the dirty low-level details of db.backends), and because there's already a lot of things implemented in this project, I would like to stick to Django (unless somebody has a very good reason why I shouldn't, and a very good alternative !).

  • Do some of you have a simpler solution to this problem ?
  • Do some of you know about an implementation of such a thing (ldap db backend) ?
  • Do some of you know some good reads to get started on "implementing a Django db backend"?
  • Are some of you interested in helping with this project ?
Community
  • 1
  • 1
sebpiq
  • 7,540
  • 9
  • 52
  • 69
  • Django is not really good for non-SQL databases. Please tell us why do you need that so we can bring better advice. – Paulo Scardine Nov 02 '10 at 15:49
  • @Paulo Scardine: I am currently implementing a user/group management system on a ldap directory. And because I love Django (and Python), and because there is already a lot of code implemented, I would like to stick to using Django (or can you suggest a really really simpler solution ?). – sebpiq Nov 02 '10 at 16:27
  • @sebpiq: even if I had a lot of free time, I would not go for the quest of writing an non-SQL backend for Django at this time. If it is just user/group management, I would write a few forms and use python-ldap directly. – Paulo Scardine Nov 02 '10 at 17:19
  • @Paulo Scardine: a "quest" ??? Is it that much work ? Actually ... this project is quite big, and it is a little more than "few groups and users". So I was thinking "instead of writing a lot a very specific code why not trying to do this properly, and try to find people for sharing the work ?". What do you think about this ? Do you have some experience in writing non-rel backends ? – sebpiq Nov 02 '10 at 20:31
  • @sebpiq: IMHO writing a new SQL backend should be straight forward, but it will take yet a few versions before Django have proper foundations to support easy development of non-SQL backends. Until that the task is an uphill battle, every non-SQL backend suffers the same quirks of ldapdb. – Paulo Scardine Nov 03 '10 at 01:13
  • @Paulo Scardine: Ok :-( ... Well ... that's kind of sad ! I guess I will post on django-users, just to see if nobody has already implemented (or begun) such a thing ... for I KNOW that some people already thought about it. I have read several posts where guys were telling : "We have implemented this for our project", but they keep the code for themselves, or "this would be cool to have this !". If I don't have any interesting answer, then I'll just do as you suggested : a few classes based on python-ldap. – sebpiq Nov 03 '10 at 07:22

3 Answers3

1

You make a lot of bold statements such as "lots of things broken because of the way it is implemented" and "the subclassing is very very far from being complete", would you care to elaborate on them? As the author of django-ldapdb I would welcome your suggestions as to what you would like changed/fixed, that's what the django-ldapdb mailing list is for!

FYI, I took the approach of subclassing the Model class because you will usually want to have just a couple of models using the LDAP backend, not all the models in your application, and django 1.1 did not support multiple databases. Also, LDAP is very different from existing SQL backends:

  • is not a relational database
  • it is not "flat", it is a tree-like
  • the true "primary key" for an entry is the Distinguished Name (DN), which is not an actual field, but a value computed from other fields
  • fields can be multi-valued

For all these reasons, I have serious doubts as to what can be achieved by writing a true LDAP backend. I think you will always have some LDAP-specific quirks, and subclassing Model allows just that.

Jeremy
  • 1,308
  • 10
  • 11
  • Hi Jeremy ! I am really sorry I was maybe a little unfair to django-ldapdb. In fact, I have been using it before on several other projects, and it worked pretty well. However, the project I am working on now has much bigger needs (it is a ldap manager), so django-ldapdb was not enough. At first, I tried to improve it to include the features I needed, but it ended-up being quite hackish. So I started my own ldap-om, tied to django. Now it works pretty well, and it has the advantage of being neater as I'm not constrained by django ORM. I'll give the link to the repository soon. – sebpiq Jan 03 '11 at 07:27
  • You might be interested to know that django-ldap is now a proper database backend! – Jeremy May 03 '11 at 19:45
  • That's great !!! But so sad that it comes much too late for me ... I have already implemented some kind of object mapper myself, and lost a huge amount of time because it is not tight into django's orm ... – sebpiq May 04 '11 at 16:02
0

Your best bet is probably to write an authentication backend for the application. Here is some documentation about it:

http://docs.djangoproject.com/en/dev/topics/auth/?from=olddocs#writing-an-authentication-backend

And here is an article that explains how to extend the User model to enable you to use this authentication backend seamlessly:

http://scottbarnham.com/blog/2008/08/21/extending-the-django-user-model-with-inheritance/

  • Thanks... but I have written already a few backends, and I know that I need much much more than this. The thing is that I want to be able to manipulate any ldap-object with django orm. So this includes users of course, but any other custom object as well. – sebpiq Nov 02 '10 at 16:51
0

Seems like there's no really good solution. And doing everything without Django's ORM is no good solution either.

I'll make new attempt at solving that problem soon, with a django-orm-based solution.

sebpiq
  • 7,540
  • 9
  • 52
  • 69