ldap provider #166
ldap provider #166
Conversation
|
Hey @metallkopf thank you for this PR! I will take a look at it, set up a test environment and check whether everything works as intended. Unfortunately I'm currently swamped at work, will take care of this on the weekend. |
|
This is what am using:
|
|
This looks promising! Unfortunately I did not get my example working ... can you check (and maybe fix) the example in docs/auth_examples/ldap-auth? Things I want to check when we got this working:
|
| import ldap | ||
| has_ldap = True | ||
| except ImportError as e: | ||
| app.logger.debug(f"Unable to import ldap: {e}") |
There was a problem hiding this comment.
this try/catch block was added to allow ldap to be an optional dependency
There was a problem hiding this comment.
I added the log to make sure, I have all the dependencies added to the docker image.
|
i couldnt get those docker services to work, so i integrated them into one. the problem: not all variables were defined in server.py, so they couldnt be read from the environment.
you mean auto-register on login?, sure the common name can be recovered after binding
i was considering ldap as a secundary login, allowing both type of users. but we can work something out ps: do you any preference on how to implement database migrations? |
Looks good to me. Have not tested this yet.
Yes, this should be an option.
I'm open for suggestions. I've used flask-migrate before. |
|
Got the example working! Have to think about the best way to integrate this. But even with a seperate |
otterwiki/preferences.py
Outdated
| @@ -408,6 +408,7 @@ def handle_user_add(form): | |||
| # update user from form | |||
| user.name = form.get("name").strip() # pyright: ignore | |||
| user.email = form.get("email").strip() # pyright: ignore | |||
| user.provider = form.get("provider").strip() # pyright: ignore | |||
There was a problem hiding this comment.
this addition was producing an error on my end
There was a problem hiding this comment.
Juste tested this on the resent commit 615c511 adding a User works as expected. Can ypu please try to reproduce the error?
you luck with that
i've already added retrieving the -common- name of an user when he self-registers
can you elaborate a bit more |
The request for more fine grained permissions exists for a long time. I think, that for a useful implementation a concept groups is necessary (For some more details, please see #54 (comment)). But I think that this can be implemented easily on top of your ldap auth and is no case a blocker. |
|
Sorry, my time is very limited at the moment 😞 Please don't let this discourage you. The example works as expected, wonderful! Will be on vacation in a week, will spent time on this then. |
As requested in redimp#176 code blocks can be configured to display line numbers by adding a = to the specified language. e.g. ```python= print("Hello Line Numbers!") ```
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.4...3.1.5) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
|
I chose to implement the database migrations myself. This works for sqlite, mariadb and postgres. |
Add ldap as an external authentication provider.
pending work in no specific order: