The magic word herefore is kerberos authentication.
Your user does not authenticate against your django application but
against your webserver. Your intranet probably has a kerberos service
running, that authenticates your user for you and just gives you a user
name in REMOTE_USER if he is authenticated.
You can then search your LDAP for specific Access Rights or have an own
database with special access rights.
Here is a short article from CentOS. It is very important what your
environment looks like, so all I cann do is show you the direction ;-)