Re: LDAP _without_ built-in Django user authentication
On 3/10/06, Matt <[EMAIL PROTECTED]> wrote: > > OK, I was confused about why Django still needs usernames in its > database even though LDAP is the new authentication method. I thought > it would require authenticating via LDAP, then checking for the user > _and_ pass in Django's database. I didn't realize that I will only > have to copy the username (not the password), and that authentication > does not need to occur a second time against the Django user list. It > looks like I'll be able to convince the man in charge that Django is a > great framework choice for our needs. > > Thanks to all for the feedback! > > I'm using the method mentioned in the link to do LDAP auth. http://www.carcosa.net/jason/blog/computing/django/authentication-2005-12-05-13-25.html A dummy django user must exist, with or without your app's django permissions or groups assigned, before LDAP is looked up. In my environment I didn't want all LDAP users to be able to login to the application, only thosee userrs that had had been explicitly created in the django user db. So the flow is this: If user in django userdb: check user password via ldap (or whatever) auth method. I have written a very simple pluggable auth module that does all of this and has support for LDAP. I'll put it up in the django wiki next week when i get back to work if anyone is interested. It looks like the MultiAuth stuff will supersede this anyway in the near future. regards matthew --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: LDAP _without_ built-in Django user authentication
OK, I was confused about why Django still needs usernames in its database even though LDAP is the new authentication method. I thought it would require authenticating via LDAP, then checking for the user _and_ pass in Django's database. I didn't realize that I will only have to copy the username (not the password), and that authentication does not need to occur a second time against the Django user list. It looks like I'll be able to convince the man in charge that Django is a great framework choice for our needs. Thanks to all for the feedback! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: LDAP _without_ built-in Django user authentication
>Another issue that would create problems is >adding users to LDAP directly -- Django wouldn't know about those users Yes, but you create the user in django on login attempts to django sites. If LDAP auth successfukl: search user DB if not found: add usert to db based on ldap pertmissions --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: LDAP _without_ built-in Django user authentication
Sure that would work, but it sounds like a lot of work, and it's duplicating a lot of data. Another issue that would create problems is adding users to LDAP directly -- Django wouldn't know about those users. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: LDAP _without_ built-in Django user authentication
If it was my decision I'd simply use Django's authentication. Unfortunately it's my supervisor's decision, and he wants me to use LDAP _exclusively_ so that's what I have to do. I don't know much about LDAP, but from what I understand users can be grouped based on their level of access. For example, if John Doe has a new user account on our LDAP server, then he would be in the catch-all Employee group. However, to gain access to the web app he would need to be the in DjangoUser group (or whatever). Thus, even though he can be authenticated by LDAP, he wouldn't have the necessary group permissions. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: LDAP _without_ built-in Django user authentication
Whats the problem with faking a user ? I would reccomend during you LDAP auth code you simple create a user in django.users if it doesnt already exit. This can be compeltly transparent to the user, they will never know. I tend to like to have to setup users to my small admin sites, cause everyone who works for the company shouldnt have access to it even though they could auth via ldap correctlty. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: LDAP _without_ built-in Django user authentication
Is there any good documentation for implementing LDAP with Django? The admin feature of Django is awesome and I'd love to use it, but in addition to the need for LDAP my app will have to parse uploaded CSV files in order to populate certain database tables simply because there is far too much data to insert it one row at a time. Therefore, I will need a very customized admin interface -- at least for a few tables. Ideally, I want to use the Django admin interface for 90% of the tables that hold more basic info that could be entered manually, and then my own custom interface for the CSV files. Of course, the problem is I would only be able to use LDAP (exclusively) for the non-Django admin stuff. Are there plans to allow for alternate authentication methods for the Django admin by v1.0? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: LDAP _without_ built-in Django user authentication
Joseph, Here is a link to the rails+lap wiki entry: http://wiki.rubyonrails.com/rails/pages/HowtoAuthenticateViaLdap -- Nick --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: LDAP _without_ built-in Django user authentication
On 3/7/06, Matt <[EMAIL PROTECTED]> wrote: > > I've read about a 'hack' Jason Huggins posted a month ago. He > implements LDAP support for his Django app, but it requires every user > to be in both LDAP and the user database table. This seems pointless > to me. Either you use Django's built-in database authentication or you > use LDAP, not both. > > In my case, I want LDAP because we already have users in the directory. > We don't want to force users to create new accounts just for the web > app I will be building, and copying account info to the database is > simply out of the question -- only one directory is necessary. > > If incorporating LDAP authentication into a Django app is not possible > without duplicating (eww) account information in the database, then I'm > afraid I'll have to resort to Ruby on Rails because it has > well-documented LDAP support. I would really prefer to use Django > because Python has been much easier for me to pick up compared to Ruby. It really depends on what parts of Django you want to use. Right now, the admin system is intimately tied into django permissions, groups, and users, which are all implemented in Django models. I'm currently working on this, and I have code that authenticates against different backends, but to work with the admin system, it needs to fake a django user for every request. If you aren't using the admin system, there is nothing stopping you from using ldap and implementing your own security model. URLs, the ORM, templates, caching, views, etc. are all totally independent from authentication. I'm not sure what rails offers in that department. Links to the relevent rails+ldap documents would be much appreciated :) Joseph --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
LDAP _without_ built-in Django user authentication
I've read about a 'hack' Jason Huggins posted a month ago. He implements LDAP support for his Django app, but it requires every user to be in both LDAP and the user database table. This seems pointless to me. Either you use Django's built-in database authentication or you use LDAP, not both. In my case, I want LDAP because we already have users in the directory. We don't want to force users to create new accounts just for the web app I will be building, and copying account info to the database is simply out of the question -- only one directory is necessary. If incorporating LDAP authentication into a Django app is not possible without duplicating (eww) account information in the database, then I'm afraid I'll have to resort to Ruby on Rails because it has well-documented LDAP support. I would really prefer to use Django because Python has been much easier for me to pick up compared to Ruby. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---