#2507: [patch] LDAPBackend in django/contrib/auth/backends.py
---------------------------------------+------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: nobody
Status: new | Milestone:
Component: Contrib apps | Version: SVN
Resolution: | Keywords: ldap,usernames
Stage: Accepted | Has_patch: 1
Needs_docs: 0 | Needs_tests: 1
Needs_better_patch: 1 |
---------------------------------------+------------------------------------
Changes (by programmerq):
* needs_tests: 0 => 1
Comment:
Replying to [comment:26 spkane]:
> ldapauth.patch (4.5 kB) - added by spkane on 10/24/08 10:33:11.
> This patch is reasonably specific to my needs, but I would bet hard
money, that this is an issue faced by other people, so a more robust
version of this patch should likely be considered. The issue is that the
best thing for me to use as a username within our LDAP implementation is
the prefix of the email address, since it is the only thing guaranteed to
be unique (we have many employees with the same name). However, our email
addresses are, [EMAIL PROTECTED] Django does not allow a period
in the username, so I added some logic to handle the username (for django)
and the ldap_username separately and use the proper one in the proper
place. Basically, the users login as "sean_kane" and the ldap backend
converts that to "sean.kane" when talking to the ldap server and then uses
"sean_kane" when talking to the Django server.
I'm not sure that's where that kind of logic belongs. I'd be inclined to
use the cn as the "username" field, and then just tell users to login with
their e-mail address. I've never implemented that, but I've heard of
people using the Django auth system in such a way that people can log in
with their e-mail address instead of their username. You'd basically just
have to roll your own login forms, and make sure your views don't spit out
the actual "username"-- they'll just spit out the e-mail address.
I've also seen some discussion come up about allowing dots in a username.
I don't know where that discussion went though. Ultimately the decision to
include this logic in the ldapbackend will need to come from a core dev,
but I'm a big fat -1 on the issue.
--
Ticket URL: <http://code.djangoproject.com/ticket/2507#comment:28>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
