After using LDAP authentication for a bit now in a project that will be going live soon, I'm comfortable writing up the status of integrating an LDAP authentication backend into Pinax.
As I am aware today, there are two existing options for implementation:
- django-ldap-groups
- django-auth-ldap
I've tested django-ldap-groups and the authentication portion works. Settings can get a bit messy (and change per LDAP vendor) and the group mapping didn't seem to work properly out of the box with Active Directory. For these reasons, I've held off offering a patch to Pinax.
I just found django-auth-ldap today through a bit of searching. It seems to be a fairly mature package (shipping with docs and tests) and the configuration options seem to be implemented cleanly. I have not tested it with Pinax yet, but will do so in the coming day(s).
Both are license compatible with Pinax, so I'm going to do a bit more research and work on an implementation with whichever fits in better with Pinax.
I just tested django-auth-ldap and found that it worked perfectly with a few basic settings. It supports LDAP->Django group mapping better than all other options I've looked at—other modules only check group membership upon first login.
When used alongside ModelBackend the clone_project experience should be unaffected; even with placeholder LDAP settings, regular Django accounts work as expected and the LDAP backend fails gracefully.
I'll get a start project together and post a link here.
I've created pinax-ldap-project on on Github:
http://github.com/lukeman/pinax-ldap-project
It's a clone of the current (as of right now) 0.9prealpha1 basic_project with ldap hooks baked in.
I could use a bit of feedback on the changes made to settings.py. I couldn't find any other cases of having additional imports in settings.py, so I grouped the project specific imports together.
My next step is documentation. The django-auth-ldap docs are well done, so it's a matter of answering the simplest use case (auth all users in the tree) and referring more advanced setups to the docs.
