0

I have a django app and I want to add authentication to it. Django is very good friend so it has a great security part.
I can use the User object and the built-in admin GUI to maintain users, groups, etc.

I want to give the opportunity to the app user to connect to LDAP and use it to authenticate the user against. Ok, there are django-ldap modules that I can use, brilliant!

However I don't understand at the moment how it works exactly. Will the user be propagated to the local django suth database (the reason why I ask that is that we still deal with the User object when call LDAP)? Or whenever we need the user or auth has to be done the LDAP will be called and authenticate the user there?

Sorry for the novice question but I am a little bit confused.

Thanks,
V.

Viktor
  • 1,325
  • 2
  • 19
  • 41
  • The real question is: Do you want DLAP users to be propagated in the Django Database or not? – Kostas Livieratos May 23 '17 at 12:04
  • Hmm... no :) So I can use the same User object if I use django-ldap module (e.g. django-auth-ldap). Which one do you recommend to use? – Viktor May 23 '17 at 12:50
  • By the time you don't want to propagate the user to Django database, then you can use the User model manually. More precisely, use ldap to authenticate against the ldap provider, and then, if successful, create a User object manually. Would that help or does it sound too "hacky"? – Kostas Livieratos May 23 '17 at 14:04
  • Oh, I thought thd django-auth-ldap will retrieve a User object to me. Ok, so I have to make a User object manually then. Thanks! If you put your comment as an answer I'd be happy to accept it! – Viktor May 24 '17 at 14:11
  • Actually, that's doable as well. You may just insert `'django_auth_ldap.backend.LDAPBackend'` into your `AUTHENTICATION_BACKENDS`. Then you can use `get_or_create_user()` (https://pythonhosted.org/django-auth-ldap/reference.html#django_auth_ldap.backend.LDAPBackend.get_or_create_user) in order to map each user to a Django User instance. At first, I though you didn't want that, that's why I suggested you do it manually, sorry for any confusion - I'll be happy to help more if needed! – Kostas Livieratos May 24 '17 at 14:32

0 Answers0