Home / server / Questions / 431040
Accepted
Greg_the_Ant
Asked: 2011-03-29 10:27:26 +0800 CST

Django LDAP - How to map description field to Django group

  • 772

I'm trying to set up LDAP authentication with my Django app using Django-Auth

The basic idea I want to do is any LDAP user with "IT - Help Desk" in the description would get mapped to a certain Django group, a user with "Admin" in the description would go to another Django group, and anyone else wouldn't be allowed in.

(There are legacy reasons I have to use the description field, so that's not an option to change)

Update: Some parts of the follow up conversation moved over here.

python

1 Answers

  1. Best Answer

    django-auth-ldap 1.0.9 (released 3/27) added a pair of Django signals that clients can use to do some custom population of user and profile objects. I would recommend connecting to the populate_user signal and using the LDAP attributes to update the user's group membership. e.g.:

    import django_auth_ldap.backend

def update_groups(sender, user=None, ldap_user=None, **kwargs):
    # Remember that every attribute maps to a list of values
    descriptions = ldap_user.attrs.get("description", [])

    if "IT - Help Desk" in descriptions:
        # Add user to group
    else:
        # Remove user from group

django_auth_ldap.backend.populate_user.connect(update_groups)

    This is even safe to combine with AUTH_LDAP_MIRROR_GROUPS, as the signal is sent after all built-in user population is complete.

    • 6