1👍
To be modular, DRY and true to the django philosophy in general, you need to create a class named LDAPBackendEx that would inherit from LDAPBackend and use this class to your AUTHENTICATION_BACKENDS instead of django_auth_ldap.backend.LDAPBackend. Also, you’dd create an LDAPUserEx that would inhert from _LDAPUser and override the _check_required_groups method.
So, the LDAPUserEx would be something like:
class LDAPUserEx(_LDAPUser):
def _check_required_group(self):
pass # Put your implementation here !
Now, concerning the implementation of LDAPBackendEx: Unfortuanately there is no way of defining a custom _LDAPUser class so you’d have to search every method that uses the _LDAPUser class and override it with LDAPUserEx. The correct methdod of implementing django-auth-ldap (and if we actually needed to be modular) would be to add an user_class attribute to LDAPBackend, initialize it to _LDAPUser and use that instead of _LDAPUser.
Checking the code here, I found out that the methods of LDAPBackend that refer _LDAPUser are authenticate, get_user and get_group_permissions. So, the implementation of LDAPBackendEx would be something like this:
class LDAPBackendEx(LDAPBackend):
def authenticate(self, username, password):
ldap_user = LDAPUserEx(self, username=username)
user = ldap_user.authenticate(password)
return user
def get_user(self, user_id):
pass # please put definition of get_user here changing _LDAPUser to LDAPUserEx
def get_group_permissions(self, user):
pass # please put definition of get_group_permissions here changing _LDAPUser to LDAPUserEx