1

I'm new to LDAP authentication and going through some of the StackOverflow questions and django-auth-ldap documentation I was able to implement LDAP authentication in my django project. I have a custom user model to store the user information. But my question here is that when we do authenticate using user_id and password why does authenticate store the user info in the custom user model. It also stores the hashed password.

I have used LDAPBackend as my authentication backend in settings.py file like this

AUTHENTICATION_BACKENDS = [
    'django_auth_ldap.backend.LDAPBackend'
]

and for example when we perform the below operation

auth = LDAPBackend()
user = auth.authenticate(request, username=user_id, password=user_password)

the user object is stored in the custom user model. My requirement is here not to store any user information when authenticate happens and not to store any password(be it hashed password). There are some pre-checks I need to do before storing it into user info to the custom user model. But LDAPBackend.authenticate() stores user info as it authenticates.

Can anyone please help me on this and clarify what's going on here.

Thanks

Aashay Amballi
  • 1,321
  • 3
  • 17
  • 39

1 Answers1

0

Here you can see a full example very well guided showing how to create a custom LDAPBackend.

If you need to add extra logic to the authentication you can use a custom LDAPBackend instead of the default one:

AUTHENTICATION_BACKENDS = (
    'accounts.backends.MyLDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

Then in accounts/backends.py:

from django_auth_ldap.backend import LDAPBackend

class MyLDAPBackend(LDAPBackend):
    """ A custom LDAP authentication backend """

    def authenticate(self, username, password):
        """ Overrides LDAPBackend.authenticate to add custom logic """

        user = LDAPBackend().authenticate(self, username, password)
        
        # If user has successfully logged, make your custom steps
        if user:
            """ Add custom logic here """
            # user.set_password(password)
            # user.save()
            
            return user

Check the example linked above for more details.

ubiquibacon
  • 10,451
  • 28
  • 109
  • 179
gdef_
  • 1,888
  • 9
  • 17