From af48fab1b031b3474f24b78e5bf59b14c8346ea8 Mon Sep 17 00:00:00 2001
From: Christian Franke <nobody@nowhere.ws>
Date: Thu, 5 Jan 2012 01:32:41 +0100
Subject: make ldap authentication work

authorization is still missing -> people can login but can't really
do anything. It seems like we should add a group for members to ldap
and authorize the matching django group to be allowed to edit news,
projects, and so on.

Maybe there is a better solution, which I did not see?
Also, there is probably a better code for the populate_user handler
I placed in accounts/models.py
---
 sublab_project/accounts/models.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 sublab_project/accounts/models.py

(limited to 'sublab_project/accounts/models.py')

diff --git a/sublab_project/accounts/models.py b/sublab_project/accounts/models.py
new file mode 100644
index 0000000..821bed3
--- /dev/null
+++ b/sublab_project/accounts/models.py
@@ -0,0 +1,21 @@
+from django.contrib.auth.models import User
+from django.db import models
+
+from django.db.models.signals import post_save
+from django_auth_ldap.backend import populate_user
+
+class UserProfile(models.Model):
+    """A (dummy) user profile, needed for LDAP
+    """
+    user = models.OneToOneField(User)
+
+
+def create_user_profile(sender, instance, created, **kwargs):
+    if created:
+        UserProfile.objects.create(user=instance)
+post_save.connect(create_user_profile, sender=User)
+
+
+def set_user_as_staff(sender, user, ldap_user, **kwargs):
+    user.is_staff = True # Every LDAP user should be able to use admin
+populate_user.connect(set_user_as_staff)
-- 
cgit v1.2.1