Incorrect documentation for LD_ENABLE_AUTH_PROXY?

[jhauris]

In Options.md there is a note:

Note that this does not automatically create new users, you still need to create users as described in the README, and users need to have the same username as in the auth proxy.

But it seems the Django RemoteUser backend actually does create a user when this header is included. Is this meant to indicate that user can't access the admin panel unless separately created?

[sissbruecker]

Yeah, the assumption in the documentation is wrong. Either the documentation should be updated to state that new users are created automatically (which seems to be the default behavior of the Django authentication mechanism used here), or the application should actually prevent authentication for unknown users. I'm not really sure what is preferable.

[jhauris]

As someone looking to use this mechanism, I think the correct path is to create the user (and therefore update the documentation). The assumption would be whatever mechanism is creating the user is also managing user registration, so if you get to the REMOTE_USER stage, the user is valid.
If you agree, I can open a PR with the update later.

[sissbruecker]

Sounds good, I was just checking if someone had more experience with this. A PR updating the documentation would be welcome 👍.