Closed spapas closed 10 months ago
@spapas We'd be happy to accept a PR for this functionality. Thanks!
It would be great if you could also let us know how integrating django-auth-ldap
is going. We've had other requests for implementing SSO integration (see this discussion) and we're exploring different options for how to implement that.
Hello @kgodey you are welcome, I've provided the PR on #3064.
About the LDAP integration, it already works fine and it's very easy: First install
django-auth-ldap==2.4.0 python-ldap==3.4.3
And then add a local.py (after #3064 is merged) with the following contents
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
AUTHENTICATION_BACKENDS = [
"django_auth_ldap.backend.LDAPBackend",
'django.contrib.auth.backends.ModelBackend'
]
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_SERVER_URI = ""
AUTH_LDAP_USER_SEARCH = None
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_PROFILE_ATTR_MAP = {}
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_SERVER_URI = "ldap://login1.example.com"
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
LDAPSearch("ou=People,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
)
(of course you need to add your LDAP settings). Then users would be able to login with the LDAP credentials. When they login they'll get an "Error No databases found" message but their user account would be created. Then you can login with a superuser and give them the proper permissions so when they login again they'll be able to use mathesar normally.
After #3064 is merged I'll be happy to add a PR documenting that in the docs.
Using django-auth-ldap is not real SSO because you'll need to login again in mathesar. However it is very simple and most organizations support LDAP (mainly through AD). On the other hand, SSO solutions are very complex and are very painful to be implemented resulting in only big and "enterprise-y" organizations having them.
Thank you for the detailed response @spapas, this is very helpful to know!
I'm troubleshooting some strange behavior with our GitHub project synchronization, so I'm re-opening and then closing this issue, just to see if it fixes the problem I'm observing. Apologies for the notifications!
Description
I want to override the mathsar settings in order to allow LDAP login using django-auth-ldap. I changed the
config/settings/production.py
file that mentions:# Override default settings
and added the needed configuration.This worked fine however that file is under version control so if it is changed on the origin I'll get a conflict and would need to also merge my changes. The usual way to implement this functionality is to add a non tracked
local.py
file that would contain any extra configuration for each environment (either dev or production) and import that file from the corresponding file. I.e the production.py would be changed to:This way, if the local.py file is there it will be used to override the config but if it isnt' there it will be ignored.
Expected behavior
Being able to override django settings for my environment without keeping a fork.
To Reproduce
Change the production.py file and you'll see that it's version controlled so it can't be easily changed!
Environment
Not needed
Additional context
I'd be happy to provide a PR implementing the functionality described here, i.e allow an untracked local.py file to override django settings for each user/environment.