[PR #146] [CLOSED] WIP: Ldap authentication #558

New issue

Closed

opened 2026-02-25 21:32:14 +03:00 by kerem · 0 comments

kerem commented

2026-02-25 21:32:14 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ciur/papermerge/pull/146
Author: @ibiBgOR
Created: 10/2/2020
Status: ❌ Closed

Base: master ← Head: ldap_authentication

📝 Commits (10+)

06f26ab #94: Enabled login via LDAP
275d8b3 #94: Refactored auth to be a module with different providers
9ba03f0 #94: Externalized configuration for LDAP
c4263ce Replaced single quotes with double quotes for the LDAP configuration section
8956810 Don't load LDAP authentication module if no requirements are installed
870d777 Fixed build
d736417 Added column to users to determine the auth source
11816fe Prevent the modification of users which are imported
76b4258 unittest to double check that by default search is NOT case sensitive
c3c1b88 add celery[redis] in requirements/extra. Add additional comments in

📊 Changes

27 files changed (+969 additions, -384 deletions)

View changed files

📝 config/settings/base.py (+59 -2)
📝 config/settings/dev.py (+2 -0)
📝 papermerge.conf.py.example (+32 -0)
📝 papermerge/contrib/admin/context_processors.py (+29 -2)
📝 papermerge/contrib/admin/forms.py (+15 -1)
📝 papermerge/contrib/admin/templates/admin/_aside.html (+41 -31)
📝 papermerge/contrib/admin/templates/admin/automates.html (+10 -7)
📝 papermerge/contrib/admin/templates/admin/groups.html (+7 -4)
📝 papermerge/contrib/admin/templates/admin/log_entries.html (+29 -25)
📝 papermerge/contrib/admin/templates/admin/tags.html (+7 -5)
📝 papermerge/contrib/admin/templates/admin/user.html (+11 -3)
📝 papermerge/contrib/admin/templates/admin/user_change_password.html (+18 -0)
📝 papermerge/contrib/admin/templates/admin/users.html (+52 -45)
📝 papermerge/contrib/admin/views/automates.py (+6 -0)
📝 papermerge/contrib/admin/views/groups.py (+6 -0)
📝 papermerge/contrib/admin/views/logs.py (+6 -0)
📝 papermerge/contrib/admin/views/tags.py (+6 -0)
➕ papermerge/core/auth/LdapAuthBackend.py (+24 -0)
📝 papermerge/core/auth/NodeAuthBackend.py (+3 -254)
➕ papermerge/core/auth/__init__.py (+3 -0)

...and 7 more files

📄 Description

I tried to implement a possibility to configure the login via LDAP.

The current state is:

It is possible to login (new users) into the system
The user get the correct permissions by LDAP group (superuser, active, staff)
It is now possible to simply add more authentication providers (with or without existing library)

Currently absolutely missing:

Prevent LDAP users from trying to change the password
Therefor it is necessary to include an extra field within the database to mark an user as "external" (or something like that)

Nice to haves/missing for the future:

Furthermore it would be nice to show all groups available within the LDAP for the permissions (one could import all the groups into the django local environment, but the authors of the django-auth-ldap lib discurage this behaviour (see: Group Mirroring))

I'm sorry to not further discuss my changes on the referenced issue but if you have any feedback I'll try to look into them!

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ciur/papermerge/pull/146 **Author:** [@ibiBgOR](https://github.com/ibiBgOR) **Created:** 10/2/2020 **Status:** ❌ Closed **Base:** `master` ← **Head:** `ldap_authentication` --- ### 📝 Commits (10+) - [`06f26ab`](https://github.com/ciur/papermerge/commit/06f26ab75f4d3d6c1622afeb97b1da02fd84d2ab) #94: Enabled login via LDAP - [`275d8b3`](https://github.com/ciur/papermerge/commit/275d8b381cbc6705dd0e45de9e2b834383cb5f75) #94: Refactored auth to be a module with different providers - [`9ba03f0`](https://github.com/ciur/papermerge/commit/9ba03f076ad9b439d0ad6e9a72de2f861252a334) #94: Externalized configuration for LDAP - [`c4263ce`](https://github.com/ciur/papermerge/commit/c4263ce688e98be0a37debff666a70bcb0364d24) Replaced single quotes with double quotes for the LDAP configuration section - [`8956810`](https://github.com/ciur/papermerge/commit/8956810b2d209ff7d7cd03957f576d343ebb0b17) Don't load LDAP authentication module if no requirements are installed - [`870d777`](https://github.com/ciur/papermerge/commit/870d777ef6e19a72a8be0b9b9bb44be78f9b9aee) Fixed build - [`d736417`](https://github.com/ciur/papermerge/commit/d736417b7ce7be1c769a8764300490cf3d0128d9) Added column to users to determine the auth source - [`11816fe`](https://github.com/ciur/papermerge/commit/11816fe3bb0a62254560a6dd5da87ace2ef6da58) Prevent the modification of users which are imported - [`76b4258`](https://github.com/ciur/papermerge/commit/76b4258ee520e7369ff45508115c3dc3ca3cacf7) unittest to double check that by default search is NOT case sensitive - [`c3c1b88`](https://github.com/ciur/papermerge/commit/c3c1b88febead51d61f174369090d82040bfc92d) add celery[redis] in requirements/extra. Add additional comments in ### 📊 Changes **27 files changed** (+969 additions, -384 deletions) <details> <summary>View changed files</summary> 📝 `config/settings/base.py` (+59 -2) 📝 `config/settings/dev.py` (+2 -0) 📝 `papermerge.conf.py.example` (+32 -0) 📝 `papermerge/contrib/admin/context_processors.py` (+29 -2) 📝 `papermerge/contrib/admin/forms.py` (+15 -1) 📝 `papermerge/contrib/admin/templates/admin/_aside.html` (+41 -31) 📝 `papermerge/contrib/admin/templates/admin/automates.html` (+10 -7) 📝 `papermerge/contrib/admin/templates/admin/groups.html` (+7 -4) 📝 `papermerge/contrib/admin/templates/admin/log_entries.html` (+29 -25) 📝 `papermerge/contrib/admin/templates/admin/tags.html` (+7 -5) 📝 `papermerge/contrib/admin/templates/admin/user.html` (+11 -3) 📝 `papermerge/contrib/admin/templates/admin/user_change_password.html` (+18 -0) 📝 `papermerge/contrib/admin/templates/admin/users.html` (+52 -45) 📝 `papermerge/contrib/admin/views/automates.py` (+6 -0) 📝 `papermerge/contrib/admin/views/groups.py` (+6 -0) 📝 `papermerge/contrib/admin/views/logs.py` (+6 -0) 📝 `papermerge/contrib/admin/views/tags.py` (+6 -0) ➕ `papermerge/core/auth/LdapAuthBackend.py` (+24 -0) 📝 `papermerge/core/auth/NodeAuthBackend.py` (+3 -254) ➕ `papermerge/core/auth/__init__.py` (+3 -0) _...and 7 more files_ </details> ### 📄 Description I tried to implement a possibility to configure the login via LDAP. The current state is: * It is possible to login (new users) into the system * The user get the correct permissions by LDAP group (superuser, active, staff) * It is now possible to simply add more authentication providers (with or without existing library) Currently absolutely missing: * Prevent LDAP users from trying to change the password * Therefor it is necessary to include an extra field within the database to mark an user as "external" (or something like that) Nice to haves/missing for the future: * Furthermore it would be nice to show all groups available within the LDAP for the permissions (one could import all the groups into the django local environment, but the authors of the django-auth-ldap lib discurage this behaviour (see: [Group Mirroring](https://django-auth-ldap.readthedocs.io/en/latest/permissions.html#group-mirroring))) I'm sorry to not further discuss my changes on the referenced issue but if you have any feedback I'll try to look into them! --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>