Re: Using a different backend for admin site

On Fri, Nov 22, 2013 at 11:41 PM, <spk265@nyu.edu> wrote:

We have implemented a django based website that uses LDAP as the authentication backend(using django-auth-ldap library). We have implemented the following so far:

1> We can authenticate a user against the LDAP server

2> On succesful login, an entry is created in the AUTH_USER table, if it does not exist. (Note: Passwords are not saved since it is considered as a possible security "threat")

3> A certain section of people in the company are assigned `is_staff` flag to True.

Now, we would like to allow these `is_staff = True` employees to be able to login the admin site. However, since the passwords are not saved in the database, we would have to redirect the authentication on the admin site to use the same LDAP server.

Is it possible to change the authentication backed of the admin site to point to the same LDAP server?

It's a little unclear what the problem is here. If you've done everything you describe, admin logins should "just work".

Admin doesn't have it's own authentication backends -- it's uses the same authentication as the rest of Django. If you've got a login scheme that allows users to log in with LDAP, that should be all you need to be able to log into admin as well.

The only extra piece that admin enforces is exactly what you've described -- there is a check to see that the admin user has is_staff and is_active properties, and that these properties return True. These properties can be backed by the database, or just a Python property.

What problem/errors are you seeing?

Yours,

Russ Magee %-)

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJxq84-E_VUE-ghj2D%3DhWaYQeMm5yBoMyiz-xgr5Z9kZ%3DBdEFg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.