1. Peter Sagerson
  2. django-auth-ldap
  3. Issues


Issue #8 wontfix

Add the ablility to change password

Marcin Kałuża
created an issue

Hi Regarding my previous message to you I attach a diff. It's just a draft, so it probably needs some more work (and some doc about permissions in ldap), but I just wanted to give an example. Tell me what you think of it.


Comments (2)

  1. Peter Sagerson repo owner

    For now, I don't think the authentication backend is actually an appropriate place for this. django.contrib.auth has a facility for changing a user's password, but it makes several assumptions: that the user is always capable of changing their password, that the password is changed via the user's model object, and that the password can be changed without providing the old password. All of these assumption as problematic for us. The second could be satisfied by using a proxy model class for User, but the first is dubious and the third is broken.

    I actually needed some account management for my own Django app with LDAP auth and I ended up writing a completely separate app for it. This app has to save the user's password in the session in order to perform the modify_s or passwd_s operation as the user in question. Until django.contrib.auth provides an interface to delegate password management to authentication plugins, I don't see anything sensible to do in the backend. We certainly can't do anything that will play nicely with the admin app, for example. For now, I'd recommend getting the user's DN from user.ldap_user.dn and making a few LDAP calls on your own.

  2. Log in to comment