Skip to content

Resolve "Allow using Django-local accounts in addition to LDAP accounts"

This approach moves the check for the SET_USABLE_PASSWORD setting to happen before failing authentication. If we do not handle passwords, we allow logging in with whatever is there.

The default behaviour remains to fail authentication for users that are not found in LDAP for the security reasons pointed out in #389 (closed).

Closes #388, #389 (closed)

@debdolph We have to check what this does to the password changing feature. How does it behave if we disable usable Django passwords, and do we need to disable the feature then?

Edited by Tom Teichler

Merge request reports

Loading