Ldap-user with superuser status cant login to admin pages

[Chilinot]

I have a user that has logged in via his/her ldap-account, which has then been marked as a superuser in the admin pages. But said user is still not able to login to the admin page.

[madmath03]

Hello,

I hope I'm not too late (sorry for delay) but my guess would be that the issue is with the user's password. Since the admin pages does not use LDAP but local users info, the user must have a local password, which is currently not set when logging with LDAP. If you connect to the admin pages and see the user's details, you will probably see that the user has no password. This would confirm my guess.

To solve this, you could ask the user to change its (local) password by going to its Taiga profile page then "change password". After setting its local password, the user should be able to access the admin pages.

It might be a good idea that we set/update the local password with the one provided on each successful LDAP login... but I'm afraid I might not have the time to add this behavior right now. Any kind soul willing to help would be welcome.

[Chilinot]

Is it possible for the admin pages to test LDAP first, then local password similarly to how the regular login works?

[madmath03]

Not through any kind of configuration I know of. This extension only impacts Taiga, not the Django backend that generates the admin pages. If you wanted that, I guess you would need to add a plugin for Django LDAP authentication (like this one https://django-auth-ldap.readthedocs.io/en/latest/) but that would mean you would have 2 LDAP plugins to configure... Not sure that would be a good idea.