AUTH_LDAP_REQUIRE_GROUP support for multiple groups

[Marco Roose]

First: I really enjoi working with django_auth_ldap. Recently an issue came up for me: I want to have some authentication where if a user is not in one required group but in another (and so forth) the user is permitted. So basically what I want to have is the possibility to have not a string in AUTH_LDAP_REQUIRE_GROUP but a list.According to this list the mebership should be checked one after the other.

I achived my goal by having multipe LDAPBackends defined each of them only differing in the REQUIRED_GROUP setting. But this is not dry ;-)

Maybe there is a better solution already?

Thanks for your help with this!

[Peter Sagerson]

There isn’t a simple solution for this, at least as stated. Frankly, AUTH_LDAP_REQUIRE_GROUP as it is represents an uneasy compromise, as it begins to confuse authentication with authorization. The principled solution is to associate these groups with permissions and define your access control policies based on those permissions, rather than using the groups to decide who gets to log in at all.

Thanks,

Peter

--
You received this message because you are subscribed to the Google Groups "django-auth-ldap" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-auth-ld...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Di majo]

MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER

Thanks.


NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.

DM ME ON WHATSAPP
+44 7529 555638