search

sjkingo / django_auth_ldap3

A library for connecting Django's authentication system to an LDAP directory
BSD 2-Clause "Simplified" License
23 stars 13 forks source link

Add LDAP->Django Group mapping #13

Closed alandmoore closed 8 years ago

alandmoore commented 8 years ago

This PR addresses issue #11 by adding a GROUP_MAP setting which allows an LDAP group to be mapped to a list of Django groups. The listed groups will be added or removed from a user's account at login time based on the users membership or non-membership in the LDAP group.

sjkingo commented 8 years ago

Thanks Alan, this looks good.

Remembering how I implemented the LDAP group support, I wonder if we could somehow simplify how it works, instead of patching on some related functionality. Presently there is support to restrict login by LDAP group (AUTH_LDAP_LOGIN_GROUP, AUTH_LDAP_ADMIN_GROUP). Perhaps we could merge that code with your patch, so that we can sync the LDAP group with Django, and use that for authorization?

I haven't had much time to sit down and hash it out so I'm not sure if that would work or not.

What are your thoughts?

alandmoore commented 8 years ago

I think it would be better to leave them separate. Even though they all deal with LDAP groups, on the Django side they map to conceptually different things.
It might be nice to have a setting to map a group to superusers, but that's another ball of wax.

sjkingo commented 8 years ago

Could you possibly rebase this PR to ensure it works properly with your latest change, and then I can merge this too and release a new version on PyPi.

alandmoore commented 8 years ago

Let me just close this and open a fresh one.