I have a Django app which has two authentication backends, an LDAP backend that has all 'internal' users and a custom backend having 'external' users. All internal users which match the LDAP group search filter should be created with is_staff: True.
Previously, we used
AUTH_LDAP_USER_ATTR_MAP = {
"name": "cn",
"email": "mail",
"is_staff": "mail",
}
and this seemed to work just fine, however using Django 1.10 we now get:
django.core.exceptions.ValidationError: ["'[email protected]' value must be either True or False."]
I know I can search for group membership and match that to is_staff but basically I want all accounts for users that authenticate against LDAP automatically set to is_staff: True.
Is there a proper way to do this? I know I can fix it after the fact by hooking into the django_auth_ldap.backend.populate_user signal but then the user is already created, preferably I'd want to modify the user before they are created.
The proper implementation would likely be with the
AUTH_LDAP_USER_FLAGS_BY_GROUPsetting, as documented here: http://pythonhosted.org/django-auth-ldap/users.html#easy-attributesSpecifically, if you can identify a group to which all of your users belong, you can have something like: