Thanks. I've just been given access to an LDAP server, so I'll be able to try things. If I get something working, I'll post it.
On Friday, 13 February 2015 10:41:13 UTC, mcamel wrote: > > Maybe you can delegate auth to Ldap and use > auth.settings.login_onaccept.append(lambda form: my_postlogin_tasks(form. > vars.username......)) > > to set a session variable that enables or disables admin access depending > on who the user is. > > Then you could use auth decorators like > @auth.requires(session.auth._adminaccess == True) > > at admin actions. > > I've never used such a "mixed system". This is just what it came to my > mind... > > Regards. > > > El miércoles, 11 de febrero de 2015, 0:12:07 (UTC+1), Gary Cowell escribió: >> >> I would like my app to authenticate with AD (ldap) for users and >> passwords. >> >> But, I'm not in control of the LDAP, and I can't get them to add new >> groups etc. and the app requires users to be in a web2py admin group to do >> certain admin functions within the app. >> >> So at the moment, I'm using standard auth, where users can self register, >> then I add them to the admin group myself if necessary >> >> I found a web2py slices for authenticating against AD, but how can I also >> use web2py groups, /instead of/ AD/ldap groups? So authenticate the user >> and password against AD, but use my app groups for additional permissions >> >> Is it the case of the auth.settings.create_user_groups and >> auth.settings.login_methods [ manage_groups ] options? >> >> I won't be able to test it sadly until I have access to an ldap server. >> Might be time to run my own for now, I suppose! >> >> Question for now is, is this possible at all? If so, I will set up and >> configure an ldap server to test it with. >> >> Thanks >> >> >> from gluon.tools import Auth, Crud, Service, PluginManager, prettydate >> auth = Auth(db, hmac_key = Auth.get_or_create_key()) >> >> then >> >> auth.define_tables(username=True) >> #auth.settings.create_user_groups=False >> >> after >> >> # all we need is login >> >> auth.settings.actions_disabled=['register','change_password','request_reset_password','retrieve_username','profile'] >> >> # you don't have to remember me >> auth.settings.remember_me_form = False >> >> and >> >> from gluon.contrib.login_methods.ldap_auth import ldap_auth >> auth.settings.login_methods = [ldap_auth(mode='ad', >> manage_groups= True, >> db = db, >> group_name_attrib = 'cn', >> group_member_attrib = 'member', >> group_filterstr = 'objectClass=Group', >> server='<server>', >> base_dn='OU=<my org unit>,DC=<domain>,DC=<domain>')] >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
