[英]How do you Create Groups and Permissions in Django model from Active Directory Groups with django-python3-ldap?
I have two groups that I have created in django. 我有两个在Django中创建的群组。 I created billing_users and billing_admins.
我创建了billing_users和billing_admins。 I also have two groups of users in ldap, internalBilling-admin and internalBilling-users.
我在ldap中还有两组用户,internalBilling-admin和internalBilling-users。
I currently have django-python3-ldap authentication working. 我目前正在使用django-python3-ldap身份验证。 But I have to log into Django and manually set the user as a is_staff and is_superuser to allow the user to login into the admin the default admin console.
但是我必须登录Django并手动将用户设置为is_staff和is_superuser,以允许用户登录默认管理控制台的admin。 In addition, I have to assign them to the group that they belong to.
另外,我必须将它们分配给它们所属的组。
Question 1: Is there a way that I can have the flags automatically set based on the Django group they belong to? 问题1:有没有一种方法可以根据它们所属的Django组自动设置标志?
Question 2: Is there a way that I can have the Active Directory user's group set the Django group set the user in the proper Django group using django-python3-ldap? 问题2:有没有一种方法可以让Active Directory用户组设置Django组,并使用django-python3-ldap将用户设置为适当的Django组?
The author states the following: 作者指出:
The LDAP_AUTH_CLEAN_USER_DATA and LDAP_AUTH_SYNC_USER_RELATIONS settings are your friends here. LDAP_AUTH_CLEAN_USER_DATA和LDAP_AUTH_SYNC_USER_RELATIONS设置是您的朋友。 Check out the docs here:
在这里查看文档:
https://github.com/etianen/django-python3-ldap#available-settings https://github.com/etianen/django-python3-ldap#available-settings
But I don't understand how LDAP_AUTH_CLEAN_USER_DATA and LDAP_AUTH_SYNC_USER_RELATIONS work because there are no examples of it being implemented. 但是我不明白LDAP_AUTH_CLEAN_USER_DATA和LDAP_AUTH_SYNC_USER_RELATIONS是如何工作的,因为没有实现它的示例。
The author confirmed that this is the correct way to do this https://github.com/etianen/django-python3-ldap/issues/74#issuecomment-304396431 作者确认这是执行此操作的正确方法https://github.com/etianen/django-python3-ldap/issues/74#issuecomment-304396431
def sync_all_user_group_relations(user, data):
ldap_groups = list(data.get('memberOf', ()))
for group in ldap_groups:
if group == 'CN=InternalBilling-Users,OU=ABC-Users,OU=Groups,DC=abc,DC=abc,DC=com':
g = Group.objects.get(name='Billing clerks')
user.is_staff=True
user.save()
g.user_set.add(user)
elif group == 'CN=InternalBilling-Admin,OU=ABC-Users,OU=Groups,DC=abc,DC=abc,DC=com':
g = Group.objects.get(name='Billing admins')
user.is_staff=True
user.save()
g.user_set.add(user)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.