Closed alandmoore closed 8 years ago
Thanks Alan, this looks good.
Remembering how I implemented the LDAP group support, I wonder if we could somehow simplify how it works, instead of patching on some related functionality. Presently there is support to restrict login by LDAP group (AUTH_LDAP_LOGIN_GROUP
, AUTH_LDAP_ADMIN_GROUP
). Perhaps we could merge that code with your patch, so that we can sync the LDAP group with Django, and use that for authorization?
I haven't had much time to sit down and hash it out so I'm not sure if that would work or not.
What are your thoughts?
I think it would be better to leave them separate. Even though they all deal with LDAP groups, on the Django side they map to conceptually different things.
It might be nice to have a setting to map a group to superusers, but that's another ball of wax.
Could you possibly rebase this PR to ensure it works properly with your latest change, and then I can merge this too and release a new version on PyPi.
Let me just close this and open a fresh one.
This PR addresses issue #11 by adding a GROUP_MAP setting which allows an LDAP group to be mapped to a list of Django groups. The listed groups will be added or removed from a user's account at login time based on the users membership or non-membership in the LDAP group.