Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can I turn off ldap auth? #44

Open
antarcticrainforest opened this issue Feb 20, 2024 · 2 comments
Open

How can I turn off ldap auth? #44

antarcticrainforest opened this issue Feb 20, 2024 · 2 comments
Labels
bug Something isn't working invalid This doesn't seem right

Comments

@antarcticrainforest
Copy link
Member

I am playing with the deployment to add the ability to deploy the whole system with a user that hasn't root privileges.

That said, I noticed something annoying. After I managed to set up everything (locally and with my username instead of root). I opened my browser to check the web app and got this after I tried to log into the website:

ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 11, 'ctrls': [], 'info': 'Resource temporarily unavailable'}

In the config, I specifically left the LDAP server setting empty. Because the app settings, do set the DKRZ server if it is not set at all.

a) Why is this pointing to the DKRZ LDAP server by default?
b) How can I tell the thing not to use ldap at all?

To me, it would be more natural if the thing would try to talk to any LDAP instance unless not specifically told to do so.
@antarcticrainforest antarcticrainforest added bug Something isn't working invalid This doesn't seem right labels Feb 20, 2024
@Karinon
Copy link
Collaborator

Karinon commented Feb 21, 2024

regarding a) I think this was like this before and I just didn't bothered to change it as it is also convenient to me when I try to change anything. Do you think we shouldn't have a default? This would be mildly more annoying to me, but it would be fine by me.

regarding b)

If you don't mind touching the settings, in local.py there is a codeblock

AUTHENTICATION_BACKENDS = (
    "django.contrib.auth.backends.ModelBackend",
    "django_auth_ldap.backend.LDAPBackend",
)

Comment out the LDAPBackend and then only Django-Accounts are going to work (at least in order to log in, you will probably not be able to do much more than this).

Keep in mind that we are using LDAP not only for Authentication but also in order to get information about other users and that it will fail on another step. Of course we can make it more robust. That it ignore the whole user-stuff

To me, it would be more natural if the thing would try to talk to any LDAP instance unless not specifically told to do so.

Is there a "not" missing somewhere? I think we can make LDAP "more optional" but with the downside that some functionality will not work anymore. Would this be ok for you?

@antarcticrainforest
Copy link
Member Author

  • I guess something like, if an LDAP server wasn't set (is empty) then don't try to connect to LDAP - that is turn off the LDAP auth backend.

  • We keep the default LDAP server if you want to keep it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@antarcticrainforest @Karinon