Issues

Issue #14 wontfix

multiple group DN for AUTH_LDAP_USER_FLAGS_BY_GROUP

fsaintma
created an issue

Hello,

Can i have multiple group dn for the boolean is_staff ? I want to verify boolean is_staff for a user with membership of a list group. ( if the user is member of one group of list it's OK)

I try this :

AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_staff": "cn=staff,ou=django,ou=groups,dc=example,dc=com", "is_staff": "cn=xxxx,ou=django,ou=groups,dc=example,dc=com" } but in the source code Backend.py populate_user_from_group_memberships return one entry for is_staff (the last cn=xxx,....)

Have you another solution ?

Thanks in advance.

Comments (2)

  1. Peter Sagerson repo owner

    That would be a bit problematic, since it wouldn't be clear whether a user must be a member of every group or only one in order to qualify. Either design is valid and there's no obvious way to choose between the two.

    In general, if you want to perform any customization beyond the simple options provided, you should attach a handler to the django_auth_ldap.backend.populate_user or django_auth_ldap.backend.populate_user_profile signal (make sure you have the latest version of the package). From there, you can use user.has_perm() to decide how to modify the user or profile object.

  2. Log in to comment