I have two groups that I have created in django. I created billing_users and billing_admins. I also have two groups of users in ldap, internalBilling-admin and internalBilling-users.
I currently have django-python3-ldap authentication working. But I have to log into Django and manually set the user as a is_staff and is_superuser to allow the user to login into the admin the default admin console. In addition, I have to assign them to the group that they belong to.
Question 1: Is there a way that I can have the flags automatically set based on the Django group they belong to?
Question 2: Is there a way that I can have the Active Directory user's group set the Django group set the user in the proper Django group using django-python3-ldap?
The author states the following:
The LDAP_AUTH_CLEAN_USER_DATA and LDAP_AUTH_SYNC_USER_RELATIONS settings are your friends here. Check out the docs here:
https://github.com/etianen/django-python3-ldap#available-settings
But I don't understand how LDAP_AUTH_CLEAN_USER_DATA and LDAP_AUTH_SYNC_USER_RELATIONS work because there are no examples of it being implemented.
The author confirmed that this is the correct way to do this https://github.com/etianen/django-python3-ldap/issues/74#issuecomment-304396431
def sync_all_user_group_relations(user, data):
ldap_groups = list(data.get('memberOf', ()))
for group in ldap_groups:
if group == 'CN=InternalBilling-Users,OU=ABC-Users,OU=Groups,DC=abc,DC=abc,DC=com':
g = Group.objects.get(name='Billing clerks')
user.is_staff=True
user.save()
g.user_set.add(user)
elif group == 'CN=InternalBilling-Admin,OU=ABC-Users,OU=Groups,DC=abc,DC=abc,DC=com':
g = Group.objects.get(name='Billing admins')
user.is_staff=True
user.save()
g.user_set.add(user)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.