Implement a Django authentication backend for NAV-style LDAP login flows#3624
Merged
johannaengland merged 6 commits intomasterfrom Dec 8, 2025
Merged
Implement a Django authentication backend for NAV-style LDAP login flows#3624johannaengland merged 6 commits intomasterfrom
johannaengland merged 6 commits intomasterfrom
Conversation
12fddee to
720763d
Compare
Test results 27 files 27 suites 45m 59s ⏱️ Results for commit fdff073. ♻️ This comment has been updated with latest results. |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3624 +/- ##
==========================================
+ Coverage 62.95% 63.00% +0.04%
==========================================
Files 611 612 +1
Lines 45163 45213 +50
Branches 43 43
==========================================
+ Hits 28431 28485 +54
+ Misses 16722 16718 -4
Partials 10 10 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
129f823 to
c45f372
Compare
720763d to
55c9d73
Compare
79e2568 to
1946a3c
Compare
78c2967 to
27ba495
Compare
10 tasks
|
hmpf
approved these changes
Oct 30, 2025
Contributor
hmpf
left a comment
There was a problem hiding this comment.
Looks like this can safely be merged to master.
Then poc/allauth needs to move to the new master, and then rebase the dependents. (poc/django-auth-2, poc/allauth-dataporten, feature/enable-django-auth.. I think that's all of them.)
lunkwill42
commented
Oct 31, 2025
lunkwill42
commented
Dec 8, 2025
Preparing a new LDAP authentication backend module for integrating NAV's LDAP authentication with Django. When finished, there should be no LDAP-specific stuff in the generic auth module.
This `LdapBackend` can replace the existing legacy LDAP login flow in NAV, by re-using the `nav.web.auth.ldap` module, and without unnecessarily leaking LDAP abstractions and errors to the rest of the login system.
Grokking what this function did from its name wasn't all too easy. Also, given all the other methods of the LdapBackend class, it fit better as an extra method of that class. Additionally, added a more explicit docstring.
This ensures basic OpenLDAP library configuration is installed in the devcontainer. These configuration files are necessary in order to point the OpenLDAP library to the correct set of CA certificates to consider when verifying LDAP server connections. Without this, setting up NAV to authenticate against an SSL-protected LDAP server will just fail.
cca7923 to
fdff073
Compare
|
johannaengland
added a commit
that referenced
this pull request
Dec 11, 2025
These are covered by the new ldap tests from #3624
johannaengland
added a commit
that referenced
this pull request
Dec 11, 2025
These are covered by the new ldap tests from #3624
johannaengland
added a commit
that referenced
this pull request
Dec 19, 2025
These are covered by the new ldap tests from #3624
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Scope and purpose
Fixes #3498.
This adds a new Django authentication backend implementation that reframes the legacy NAV LDAP authentication into Django's way of doing authentication.
The back-end is only implemented, not activated. Se subsequent PRs for this.
Contributor Checklist
Every pull request should have this checklist filled out, no matter how small it is.
More information about contributing to NAV can be found in the
Hacker's guide to NAV.
<major>.<minor>.x). For a new feature or other additions, it should be based onmaster.If applicable: Created new issues if this PR does not fix the issue completely/there is further work to be doneIf it's not obvious from a linked issue, described how to interact with NAV in order for a reviewer to observe the effects of this change first-hand (commands, URLs, UI interactions)If this results in changes in the UI: Added screenshots of the before and after