Issue #14 wontfix

multiple group DN for AUTH_LDAP_USER_FLAGS_BY_GROUP

fsaintma avatarfsaintma created an issue

Hello,

Can i have multiple group dn for the boolean is_staff ? I want to verify boolean is_staff for a user with membership of a list group. ( if the user is member of one group of list it's OK)

I try this :

AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_staff": "cn=staff,ou=django,ou=groups,dc=example,dc=com", "is_staff": "cn=xxxx,ou=django,ou=groups,dc=example,dc=com" } but in the source code Backend.py populate_user_from_group_memberships return one entry for is_staff (the last cn=xxx,....)

Have you another solution ?

Thanks in advance.

Comments (2)

  1. Peter Sagerson

    That would be a bit problematic, since it wouldn't be clear whether a user must be a member of every group or only one in order to qualify. Either design is valid and there's no obvious way to choose between the two.

    In general, if you want to perform any customization beyond the simple options provided, you should attach a handler to the django_auth_ldap.backend.populate_user or django_auth_ldap.backend.populate_user_profile signal (make sure you have the latest version of the package). From there, you can use user.has_perm() to decide how to modify the user or profile object.

  2. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.