I am working on a project to integrate LDAP authentication in an existing Django app. Using this site and others I have finally been able to configure everything correctly using the django_auth_ldap backend. Including:
AUTH_LDAP_REQUIRE_GROUP = "CN=myGroup,CN=groups [...] "
So only users in group "myGroup" can log in.
Everything is configured correctly now in the settings.py and within the user_login view there is just:
...
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return redirect('index')
else:
message = "Your account is disabled."
else:
message = "Invalid username or password supplied."
...
Now the last step has to be a notification to the user why his login had failed. right now the fail message will always be: "Invalid username or password supplied."
This should be either:
- Wrong username/password
- Not in the right group
Something like:
if user:
...
else:
if (LDAP auth failed reason == user does not satisfy AUTH_LDAP_REQUIRE_GROUP):
message = "You are not in the right user group."
else:
message = "Invalid username or password supplied."
...
How can I know, in my user_login view the reason for LDAP Authentication failed?
P.S.: in the django_auth_ldap log I DO see "DEBUG Authentication failed for username: user does not satisfy AUTH_LDAP_REQUIRE_GROUP"
But how to know this in the user_login view?
