Django
t2core basiert auf einem Webframework namens Django.
User Authentication
There are two ways to handle user logins: The built-in User Auth. Backend of Django or an LDAP based User Auth. Backend.
Both can be active at the same time.
Users logged in via LDAP are created without setting a password. Users who log in via Django must create a password in Django Admin.
There are three levels of user access rights. Users can be:
Users: normal ‚‘User‘‘ is able to login
Admins: user permissions plus login to the Admin Backend, in Django terms ‚‘Staff User‘‘
Superuser: all permissions, or
Superuser
User Auth. Backend
This is the Django Auth. Backend which is enabled by default.
It uses a postgres database that comes with t2core.
At the first start a root user root is created with a random initial password.
The password can be changed after the user has logged in http://127.0.0.1/accounts/password_change/
New users can be added in the Users / Admin Portal <http://127.0.0.1/admin/auth/user/>.
LDAP based User Auth. Backend
This backend allows users of an external LDAP Server to login.
The configuration of this backend is made with ENV Vars in .env:
To enable this backend set:
# Enable the LDAP Login Backend
AUTH_LDAP_ENABLED=true
Then configure the connection to the external LDAP Server or AD:
# LDAP server URI
AUTH_LDAP_SERVER_URI=ldap://192.168.28.30
# LDAP Bind DN
AUTH_LDAP_BIND_DN=example\Administrator
# LDAP Bind Passowrd
AUTH_LDAP_BIND_PASSWORD=9s8d7f9s87dkf9s8d7f
To search users by loginname or username, we need to search for them:
#LDAP USER Search
AUTH_LDAP_USER_SEARCH=DC=berlin,DC=example,DC=de
AUTH_LDAP_USER_SEARCH_FILTER=sAMAccountName=%(user)s
Search users in this group:
# LDAP Group Search
AUTH_LDAP_GROUP_SEARCH=CN=Person,CN=Schema,CN=Configuration,DC=berlin,DC=example,DC=de
AUTH_LDAP_GROUP_SEARCH_FILTER=(objectClass=*)
When users are in these groups at the external LDAP tree, the users are set to be Stuff or Superusers:
# set is_superuser based on group membership
AUTH_LDAP_USER_FLAGS_BY_GROUP_ISSUPERUSER=CN=Domänen-Admins,CN=Users,DC=berlin,DC=example,DC=de
# set is_stuff based on group membership
AUTH_LDAP_USER_FLAGS_BY_GROUP_ISSTAFF=CN=Domänen-Admins,CN=Users,DC=berlin,DC=example,DC=de
Match fields between Django model fields and fields at the external LDAP tree:
# match fields between django model fields and ldap fields
AUTH_LDAP_USER_ATTR_MAP_USERNAME=sAMAccountName
AUTH_LDAP_USER_ATTR_MAP_FIRSTNAME=givenName
AUTH_LDAP_USER_ATTR_MAP_LASTNAME=sn
AUTH_LDAP_USER_ATTR_MAP_EMAIL=mail
Bemerkung
Users are created in the database without a set password. Before these accounts can be logged in to/searched via LDAP this has to be set in Django Admin.
Django manage.py
Ausgabe aller Django Module:
root@cfebe6e5493a:/t2# python3 manage.py
Type 'manage.py help <subcommand>' for help on a specific subcommand.
Available subcommands:
[auth]
changepassword
createsuperuser
[background_task]
process_tasks
[contenttypes]
remove_stale_contenttypes
[django]
check
compilemessages
createcachetable
dbshell
diffsettings
dumpdata
flush
inspectdb
loaddata
makemessages
makemigrations
migrate
sendtestemail
shell
showmigrations
sqlflush
sqlmigrate
sqlsequencereset
squashmigrations
startapp
startproject
test
testserver
[rest_framework]
generateschema
[sessions]
clearsessions
[staticfiles]
collectstatic
findstatic
runserver
[t2ldap]
load
make_compose
sync