Skip to content

Feature: Add support to search within multiple organisational units in ldap#535

Open
nicoklaus wants to merge 2 commits into
aboutcode-org:mainfrom
nicoklaus:main
Open

Feature: Add support to search within multiple organisational units in ldap#535
nicoklaus wants to merge 2 commits into
aboutcode-org:mainfrom
nicoklaus:main

Conversation

@nicoklaus
Copy link
Copy Markdown

@nicoklaus nicoklaus commented May 13, 2026

Issues

Changes

This change adds support for searching users across multiple LDAP locations instead of only a single base DN. A new AUTH_LDAP_USER_SEARCHES setting allows multiple LDAP search definitions to be provided as a JSON list. The code validates the configuration, creates multiple LDAPSearch objects, and combines them using LDAPSearchUnion. If the new setting is not configured, the existing single-search behavior remains unchanged for backward compatibility. This is needed for environments where users are stored in different OUs or LDAP directory structures.

Checklist

  • I have read the contributing guidelines
  • I have linked an existing issue above
  • I have added unit tests covering the new code
  • I have reviewed and understood every line of this PR

nicoklaus added 2 commits May 13, 2026 14:30
@nicoklaus
feat: add support for django LDAPSearchUnion
a271d71 
Signed-off-by: Nicolas <32845761+nicoklaus@users.noreply.github.com>
@nicoklaus
doc: add documentation for USER_SEARCHES
498db91 
Signed-off-by: Nicolas <32845761+nicoklaus@users.noreply.github.com>
@tdruez
Copy link
Copy Markdown
Contributor

tdruez commented May 18, 2026

Hey @nicoklaus, nice feature. A few suggestions:

  • Consider moving the parsing/validation logic out of settings.py into a small helper module so it can be unit tested and keep settings declarative.
  • Use django.core.exceptions.ImproperlyConfigured instead of ValueError for config errors.
  • Include the entry index in error messages to make debugging easier.
  • The if not ldap_searches: check is unreachable, the empty-list case could be validated right after the isinstance(..., list) check.
  • Doc section title USER_SEARCHES could match the setting name AUTH_LDAP_USER_SEARCHES.
  • Unit tests are missing, would be good to cover the parsing and validation paths (valid config, invalid JSON, empty list, missing base/filter, etc.).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enhancement request: Add support to search within multiple organisational units in ldap

2 participants

@nicoklaus @tdruez