User Authentication

We use the default Django authentication provided in the django.contrib.auth.views.login view. This will render the template from templates/registration/login.html.

In openl2m/settings.py, we set

LOGIN_REDIRECT_URL = 'home'

This forces all logins, re-logins on time-out etc. back to the ‘home’ url (defined in openl2m/urls.py)

Then we enforce login requirements without redirect to a specific page with the @login_required(redirect_field_name=None) decorator for all url handler functions, except for the ‘basic view’ in switches/views.py, switch_basics()

This allows for bookmarks to specific switches to redirect properly.

Logging

We tie into the django signals for user_logged_in/out/failed() in users/models.py, and add Log() entries as needed.

Logout

This is handled in users/views.py, LogoutView()

Accounts & Profiles

The Profile() model is defined in users/models.py. This adds fields to the base Django User() object via a 1to1 relationship. We also receive signals here to handle user account actions, so we can add/update the profile fields as needed.

Finally, in users/admin.py we override the default admin page for User(), and add in the view for both the Profile() and SwitchGroup() to the user view.

LDAP Authentication

in openl2m/settings.py, if openl2m/ldap_config.py exists, we import it. After settings variables for the django ldap module, we then add this to the authentication workflow as such:

AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend')

Ldap authentication now becomes to first one to check, so this now takes care of all the magic!

LDAP group mapping is managed via a signal handler in users/signals.py, ldap_auth_handler()

Here we enumerate through the group names for the user, and match them to the

settings.AUTH_LDAP_GROUP_TO_SWITCHGROUP_REGEX

expression. Matching ldap groups get created as SwitchGroup() (if needed), and the user is assigned a member of that SwitchGroup().