IMO It's almost always better to have the application (not the server) handle auth. This allows you to decouple the service layer from the application itself (this allows you to host flask on gunicorn etc. in the future). It also makes admin easier. Admining .htaccess usually requires more privileges (filesystem/OS level at minimum) instead of allowing the application itself to do so (you could keep your admin group(s) in LDAP if the app evaluates permissions based on LDAP).
On Monday, August 13, 2018 at 8:19:18 PM UTC-4, Graham Dumpleton wrote: > > > > > On 14 Aug 2018, at 9:13 am, jerry100 <[email protected] <javascript:>> > wrote: > > > > I have a flask application using mod_wsgi with Apache on CenOS 7 and I > want to only allow a specific group of AD users to login to the > application. I have not configured users. I am just doing research about > what the best path would be. Does mod_wsgi have to do anything special or > do I just use flask-ldap for this type of uthentiction? Being that the > application is served by Apache thanks to mod_wsgi, does that module have > to intervene > > If you are handling login/authentication/authorisation in Flask using > flask-ldap I would presume that mod_wsgi doesn't care. Apache and mod_wsgi > would only come into it if you were using an Apache module for handling > login/authentication/authorisation. > > Graham > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
