WIP: Ldap authentication #146
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The general LDAP login is enabled and can be used.
To enable further functionality it was necessary to split the different login mechanisms into separate files.
To use the new LDAP login method it is necessary to be able to configure it via the papermerge.conf.py file.
|
@ibiBgOR, hey man, fantastic work! I will keep your PR in queue for two weeks; thus you can safely push further changes. |
The build fails, because no module for django_auth_ldap could be found. To resolve this issue, we now require the user to explicitly configure the AUTH_MECHANISM or use NodeAuthBackend as default. NodeAuthBackend is also the fallback if LDAP was configured but the required packages were not installed. This way the software will always run but the user can see within the logs that some problem occured.
Sadly I started implementing the import of the usersource into the database but forgot about removing the code within the LdapAuthBackend. This should fix the issue that the build fails.
As LDAP users should be altered within the LDAP itself the application should not be allowed to change any data.
As LDAP users should be created within the LDAP itself the application should not be allowed to add any new user.
This way even groups can be imported form external authentication sources. Furthermore this commit removed access to ui-elements depending on user permissions. The permissions can be given not only user wise but also group wise. This way it is possible to create an "administration" group which is able to administer the application (managing users and groups)
Not every user needs to be able to check the users visible to the system or all the groups available within the system. Not only will all interfaces be empty for said users (with no permissions) but the menu entries will be deleted from the menubar.
To better match the overall layout it is necessary to have a consistent layout throughout the application. Therefore some interfaces were required to change accordingly. Now pretty much all "administrative" interfaces look the same.
…_authentication � Conflicts: � papermerge/__init__.py � papermerge/core/backup_restore.py � papermerge/core/models/document.py � papermerge/core/views/users.py � papermerge/test/test_backup_restore.py � papermerge/test/test_page.py � papermerge/test/test_search.py
|
no activity |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I tried to implement a possibility to configure the login via LDAP.
The current state is:
Currently absolutely missing:
Nice to haves/missing for the future:
I'm sorry to not further discuss my changes on the referenced issue but if you have any feedback I'll try to look into them!