-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Store Password and Set Admin #17
Comments
Actually, it is possible for LDAP users to access the Django admin panel, but the LDAP user must be a "super user" :
It is currently not possible to set a super user directly from LDAP but that is one of the items discussed in #15. As a reminder, the proposal was to set an LDAP Taiga administration group:
Everytime a user connects with the specified group, it is automatically set a super user. Would that seem like a proper solution for you ? |
I think that would be a good solution, at least for us. Would save a lot of headaches. |
That would also be a great solution - I agree that would make our life much easier. I'd consider allowing a raw ldap query instead of / in addition to a group. Some places it's easier than others to adjust LDAP structure and groups, and a query (with an example for how to query group membership) would offer the most flexibility. |
For information, following this issue and #21, I finally had the time to implement the save of LDAP password to DB, thus allowing LDAP users to log to the admin console (if they were previously set as super user). Though I'm still not comfortable enough to develop a full "Admin Group" functionality by myself (I'm not really a Python developer 😅), it's a little step toward that goal. A new release with that functionality is available in pypi. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I implemented something that solves this issue for the combination posixGroup and memberUid. Some refactoring was also required to avoid replicating code. |
Hi @a-ts Thank you very much for offering a Pull Request. I do think it's a good idea to send a PR. We can work together to make it more generic after that. |
From what I have been able to test and the same thing happens to me in our installation migrated from Taiga 5 to 6 latest version, the authentication works well for Taiga but in the login process it updates or modifies the password value of the users table and this prevents the access to the Django admin because the encryption is different, expecting to have data of type pbkdf2_sha256$xxxxxxxxx. In the case of using the option to recover password and indicating it manually, the data saved in the DB is correct but once I log in again in Taiga it is modified. I'm using the taiga-contrib-ldap-auth-ext plugin and it supposedly has an option to disable this behavior via LDAP_SAVE_LOGIN_PASSWORD = False, but it doesn't work. In addition to this being the case, I understand that the Django admin would not be using LDAP validation if not the one stored at that moment in the DB. Greetings!! |
Currently, LDAP users can't use the Django admin panel (/admin). Is there an option, or could there be, to store user's passwords, and perhaps even ability to specify an ldap query for admin?
The text was updated successfully, but these errors were encountered: