ldap server authentication
36 views
Skip to first unread message
pacopyc pacopyc
Dec 1, 2017, 7:20:45 AM12/1/17
to Django users
Hi, I am a beginner django programmer.
I would like to authenticate users of my web application to an ldap server (which has about 1000 users defined).
Not all users of the ldap server must be able to access the web application (only 50 ldap users must have access to the web application).
First problem: I can not authenticate users on ldap server. I referred to https://django-auth-ldap.readthedocs.io/en/latest/ and some articles on the Internet. Do you have any simple examples? I just want to check username and password.
Second issue: once the user has been authenticated on the ldap server, I must verify that he can access the web application. How can I do? Do I have to define it on Django too? How?
Third issue: web application users must have different permissions in using the application. Permissions are defined on Django. How can I link ldap users (only 50) to these permissions?
Thanks
pacopyc
Mike Dewhirst
Dec 3, 2017, 12:52:53 AM12/3/17
to Django users
On 1/12/2017 10:28 PM, pacopyc pacopyc wrote:
> Hi, I am a beginner django programmer.
>
> I would like to authenticate users of my web application to an ldap
> server (which has about 1000 users defined).
>
> Not all users of the ldap server must be able to access the web
> application (only 50 ldap users must have access to the web application).
>
> First problem: I can not authenticate users on ldap server. I referred
> to https://django-auth-ldap.readthedocs.io/en/latest/ and some
> articles on the Internet. Do you have any simple examples? I just want
> to check username and password.
Many years ago I successfully used Peter Herndon's django-ldap-groups
> Hi, I am a beginner django programmer.
>
> I would like to authenticate users of my web application to an ldap
> server (which has about 1000 users defined).
>
> Not all users of the ldap server must be able to access the web
> application (only 50 ldap users must have access to the web application).
>
> First problem: I can not authenticate users on ldap server. I referred
> to https://django-auth-ldap.readthedocs.io/en/latest/ and some
> articles on the Internet. Do you have any simple examples? I just want
> to check username and password.
which is no longer maintained but available here ...
https://code.google.com/archive/p/django-ldap-groups/
It took a while to get going but all my problems were in understanding
Novell Netware LDAP not in Peter's software. If you look at his code and
also the django-auth-ldap code you should detect similarities and
differences which will most likely switch on the lights for you.
>
> Second issue: once the user has been authenticated on the ldap server,
> I must verify that he can access the web application. How can I do? Do
> I have to define it on Django too? How?
similarly name permission group in Django. Never use individual
permissions on either system.
>
> Third issue: web application users must have different permissions in
> using the application. Permissions are defined on Django. How can I
> link ldap users (only 50) to these permissions?
username on the LDAP server issued by that server's admin. That will let
you do a search using the django login username and detect the LDAP
groups that user is in. If they are in the proper group you can add that
username to the django group (if not already in it). Likewise, if they
have been removed from that group on LDAP you can remove them from the
django group as well.
This segregates both logins and makes the task doable. If you try to
avoid a django login for a user already logged in to LDAP it becomes
much trickier requiring a custom auth backend. Single signon I think it
is called. Don't go there until you are more experienced.
Back in the day of Novell Netware this was working fine for me. I think
one of the requirements was that users wanted to stick with a the same
password on both systems - which is a security "bad" practice. If you do
that, you may get away without needing a privileged login to search the
LDAP directory and instead just use the username/password offered to
Django to log into to LDAP and check the LDAP groups then.
Its a long time since I looked at it so things may not be as I remember
them.
Good luck
Mike
>
> Thanks
> pacopyc
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users...@googlegroups.com
> <mailto:django-users...@googlegroups.com>.
> To post to this group, send email to django...@googlegroups.com
> <mailto:django...@googlegroups.com>.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/1f564b8b-da63-4f13-8305-906536f3f386%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/1f564b8b-da63-4f13-8305-906536f3f386%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages