#2507: [patch] LDAPBackend in django/contrib/auth/backends.py
---------------------------------------+------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: nobody
Status: new | Milestone:
Component: Contrib apps | Version: SVN
Resolution: | Keywords: ldap,usernames
Stage: Accepted | Has_patch: 1
Needs_docs: 0 | Needs_tests: 1
Needs_better_patch: 1 |
---------------------------------------+------------------------------------
Comment (by spkane):
Replying to [comment:28 programmerq]:
> Replying to [comment:26 spkane]:
> > ldapauth.patch (4.5 kB) - added by spkane on 10/24/08 10:33:11.
> > This patch is reasonably specific to my needs, but I would bet
hard money, that this is an issue faced by other people, so a more robust
version of this patch should likely be considered. The issue is that the
best thing for me to use as a username within our LDAP implementation is
the prefix of the email address, since it is the only thing guaranteed to
be unique (we have many employees with the same name). However, our email
addresses are, [EMAIL PROTECTED] Django does not allow a period
in the username, so I added some logic to handle the username (for django)
and the ldap_username separately and use the proper one in the proper
place. Basically, the users login as "sean_kane" and the ldap backend
converts that to "sean.kane" when talking to the ldap server and then uses
"sean_kane" when talking to the Django server.
>
> I'm not sure that's where that kind of logic belongs. I'd be inclined to
use the cn as the "username" field, and then just tell users to login with
their e-mail address. I've never implemented that, but I've heard of
people using the Django auth system in such a way that people can log in
with their e-mail address instead of their username. You'd basically just
have to roll your own login forms, and make sure your views don't spit out
the actual "username"-- they'll just spit out the e-mail address.
>
> I've also seen some discussion come up about allowing dots in a
username. I don't know where that discussion went though. Ultimately the
decision to include this logic in the ldapbackend will need to come from a
core dev, but I'm a big fat -1 on the issue.
I don't really care about it being implemented here, and I'm not the one
to make such a decision, but I had to do the work and wanted something
that would not prevent me from upgrading Django so I put it here for
myself. Since I did the work, I wanted to make it available to others,
until something is properly designed. If the decision is to remove it from
here, I would strongly suggest opening up a ticket to handle creating a
mechanism in the auth framework to handle providing proper mapping of
usernames used in auth backends with Django usernames.
--
Ticket URL: <http://code.djangoproject.com/ticket/2507#comment:29>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
