#2507: [patch] LDAPBackend in django/contrib/auth/backends.py
--------------------------------+-------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: adrian
Status: new | Component: Contrib apps
Version: | Resolution:
Keywords: | Stage: Accepted
Has_patch: 1 | Needs_docs: 1
Needs_tests: 0 | Needs_better_patch: 1
--------------------------------+-------------------------------------------
Comment (by Marc Fargas <[EMAIL PROTECTED]>):
Here's a new patch, two thing to do before applying:
* Create a new directory: django/contrib/auth/contrib (that's, the last
contrib is new)
* touch/create a blank __init__.py file on this new directory
I think this is the best place to place "contributed authentication
modules", documentation is still inside the code, there's one issue for
documenting this (more below), the patch will create ldapauth.py and you
should be able to use "django.contrib.auth.contrib.ldapauth.LDAPBackend"
as an authentication backend and It should almost work as before.
The documentation issue is that djangoproject.com has no way to provide
subdirectories (in this case /authentication/contributed/) which would
place docs for this in an ugly url (/contributed_authenticators/ and
/ldap_autenticator/), my idea was to create a new doc
(/authentication/contributed/ or /contributed_authenticators/) to explain
small contribued authenticators and link bigger ones like
(/authentication/contributed/ldap/ or /ldap_authenticator/) just to be
ready in case more authenticators get contributed. As you see URLs are far
more clean with some directory depth support so I've left the docs where
they are until we get this discussed ;)
The second thing left is the attributes mapping, right now the mapping is
done "by hand" in _update_user my idea was to provide a setting with the
ldap<>User mappings and loop over them:
{{{
LDAP_ATTR_MAP = {'first_name': 'givenName', 'last_name': 'sn'}
}}}
That would make things far more customizable and a cleaner code, I talked
on the get_profile() a few comments above, the idea would be to have a
similar mapping directory for it being fully optional, but usefull if you
have more attributes than the ones in User.
The third and last issue is group membership, until django support
inheritance the cleanest approach is to flatten the memberships, On Active
Directory I'll only have to take all "memberOf" attributes from the user
and query all those cn's for more "memberOf" until I'm done, how is this
done on OpenLDAP?
If this behaviour is much different we could ship a base LDAPBackend and
an ADBackend and OLBackend which implement the different behaviours. I'll
work with the mapping and the memberships this week as I need them.
Cheers,
Marc.
--
Ticket URL: <http://code.djangoproject.com/ticket/2507#comment:8>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
