I'm starting a project in Django and I've already managed to get ldap authentication working, with django-auth-ldap.
Now, I want that after the user logs in, django checks if this user exists in certain tables of my models, and if it does, give these users permission to access certain apps.
For example, I have an app called 'alimentacao'. Only users registered in my model 'alimentacao.alunos' will be able to access "http://meu-projeto/alimentacao"
As the user is created automatically if it doesn't already exist in the user model, I believe I would have to create a custom ldap authentication backend and check, after successful login, if the user exists in the table, and then set the permission to user.
Neither the Django nor the django-auth-ldap documentation clearly explains how to create an authentication backend: in which folders the files need to be created, or how the application will call my custom method, or if I need to change any settings. I'm completely lost.
Related
I want make sign up and login on the base of their role there admin can add users and approved the request of other two user so that they can login.When user click on the sign up the user see sign up page accorading to their roll and same for login .
Django implements a pretty decent authentication framework inside it, so you already have things such as Users, Groups and Permissions to work on. All of those being managed easily by the admin page.
What you want to do is to assign a set of groups/permissions to a newly created user to determine its role and then build a frontend that manages the different kind of users in terms of templates. If you want an user to have itself validated before start using your page, refer to the is_active attribute of the User object.
Read for more information:
https://docs.djangoproject.com/en/2.2/topics/auth/default/#user-objects
I am new to django i made a registration page and login page now i want a user registered to login to my website when a user is logged in i want to associate a session for user which only dies when he logs out or he closes the browser
now whenever the user loads the page even after a week if the browser is not closed he should be granted access.Now the django is storing sessions in its database but will i be able to authenticate the user as different users have different permissions.can someone suggest any resource for my requirement.
I found what i needed http://gavinballard.com/associating-django-users-sessions/ its by creating a custom model extending the default one.
I would like my web application authenticate users on an ldap server (only for username and password), but that the permissions reside on django.
Not all ldap users must have access to the web application.
In particular, I would like to allow users to see only a few records (for example, suppose there is a model with a city field: some users should only be able to see records whose city field is london, others whose city is milano, etc.).
How can i define django permissions if users are defined on ldap?
How can I define the user's application admin if users are defined on ldap?
Do I need to implement a double authentication? Do I have to define ldap users who can access the web application even on django?
What is the best way to proceed?
Do you have any suggestions?
Examples?
Thanks
pacopyc
Not all LDAP users must have access to the web application.
Create a separate branch in LDAP tree for your application
What is the best way to proceed? Do you have any suggestions?
Take a look at the django-python3-ldap extension:
Define your settings in Django settings.py, then do a LDAP sync users to your local database
python manage.py ldap_sync_users
I am using django-python3-ldap for LDAP authentication in Django. This works completely fine but whenever an LDAP user is (successfully) authenticated the user details are stored in the local Django database (auth_user table).
My question now is when the same
(LDAP) user tries to authenticate next time, the user will be authenticated by LDAP or by the default Django authentication (since the user details are now stored in the local Django database)?
If the user is authenticated using local Django database then the user can still able to get access even after the user is removed from the LDAP server? This is a real concern for me?.
If this is the case is there a way, so that the LDAP user details is removed from the database (auth_user table) everytime the user is logged out and created every time the user is logged in?. Any help in the right direction is highly appreciated. Thank you for your valuable inputs.
From the documentation:
When a user attempts to authenticate, a connection is made to the LDAP
server, and the application attempts to bind using the provided
username and password. If the bind attempt is successful, the user
details are loaded from the LDAP server and saved in a local Django
User model. The local model is only created once, and the details will
be kept updated with the LDAP record details on every login.
It authenticates by binding each time, and updates the information from LDAP (as you have it configured) each time. The Django user won't be removed from Django's user table if removed from LDAP; if you set multiple auth backends to also using the Django default auth, the user should be able to login (perhaps after a password reset) if removed from LDAP. If you look in your auth_user table you will noticed users using Django auth have their passwords hashed with pbkdf2_sha256, and the LDAP users passwords do not.
I'm currently using django-auth-ldap to authenticate with LDAP, and I've looked through all the docs for the library, it doesn't mention what happens to the django database when the database we are authenticating against removes the user.
I know we can do a check when we authenticate to make sure if the user is removed, but how do I clean up the user since a user will be created if it's successfully authenticated. Do I just do it like I'd normally do with Django user object?
Thank you!