Problem using my own Groups

[yeti68]

Hi,

i'm trying to use other groups than active, staff and superuser and am
not very successfull 8-(

In my settings - file i have this line:

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_shop": "cn=Shop,ou=groups,dc=gea,dc=at"
}

the binding seems to work, i#m getting this messages in my log:

search_s('ou=people,dc=gea,dc=at', 2, 'uid=ldaptest') returned 1
objects: uid=ldaptest,ou=people,dc=gea,dc=at
Populating Django user ldaptest
uid=ldaptest,ou=people,dc=gea,dc=at is a member of
cn=Shop,ou=groups,dc=gea,dc=at

as you can see my group is called Shop.

I did change the model of auth_user and the table auth_user in the
database. they look like this:

model:

class AuthUser(models.Model):
id = models.IntegerField(primary_key=True)
username = models.CharField(unique=True, max_length=30)
first_name = models.CharField(max_length=30)
last_name = models.CharField(max_length=30)
email = models.CharField(max_length=75)
password = models.CharField(max_length=128)
is_staff = models.BooleanField()
is_active = models.BooleanField()
is_superuser = models.BooleanField()
last_login = models.DateTimeField()
date_joined = models.DateTimeField()
is_shop = models.BooleanField()
class Meta:
db_table = u'auth_user'

Table:

CREATE TABLE auth_user
(
id serial NOT NULL,
username character varying(30) NOT NULL,
first_name character varying(30) NOT NULL,
last_name character varying(30) NOT NULL,
email character varying(75) NOT NULL,
"password" character varying(128) NOT NULL,
is_staff boolean NOT NULL,
is_active boolean NOT NULL,
is_superuser boolean NOT NULL,
last_login timestamp with time zone NOT NULL,
date_joined timestamp with time zone NOT NULL,
is_shop boolean NOT NULL DEFAULT false,
CONSTRAINT auth_user_pkey PRIMARY KEY (id),
CONSTRAINT auth_user_username_key UNIQUE (username)
)
WITH (
OIDS=FALSE
);
ALTER TABLE auth_user OWNER TO postgres;

Maybe i don't grasp the intention of the group-mapping, what's wrong?

thanks

werner

[Peter Sagerson]

When LDAPBackend populates a user, it uses the django.contrib.auth.models.User model class. You're apparently piggybacking a custom User class on top of the standard one, but third-party apps will have no way of knowing this and using your model. It looks like the backend is happily setting user.is_shop, but of course it doesn't get committed to the database because the standard user model doesn't recognize it as a field. This is pretty much why Django has user profiles.

If you're sure you want a custom user model, then you can subclass LDAPBackend and override get_or_create_user so that it instantiates your private model object. While we didn't have custom user models in mind at the time, get_or_create_user is specifically meant to be overridden. The more conventional way to handle this would be to use one of the group-handling facilities to map Shops membership to a permission and treat this as an authorization problem.

[yeti68]

Sorry, i did not consider using permissions.

Now i use

AUTH_LDAP_MIRROR_GROUPS = True

in the settings-file.

Then I can determine if the user is member of a group by selecting the
desired combination of user_id/group_id in auth_user_groups. Wenn it
is there the user is member of the group, otherwise not.

Works fine for me and i don't have to mess around with the django-
models.

thanks

werner

[Di majo]

MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER

Thanks.


NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.

DM ME ON WHATSAPP
+44 7529 555638