Here my conf : auth.settings.login_methods = \ [auth, ldap_auth(mode='ad', # ----------------------------------------------------------------------- # To unlock LDAPS with self-signed certificate this line should be # present in ldap_auth.py : # ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) # This line should be inside : ldap_auth() # Ref: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/ # Ref: http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/ # Ref: https://mail.python.org/pipermail/python-ldap/2015q4/003631.html port=636, secure=True, self_signed_certificate=True, # ----------------------------------------------------------------------- bind_dn='DOMAIN\AD_USER_NAME', bind_pw='PASSWORD', manage_groups=False, manage_user=True, user_firstname_attrib='cn:1', # May use other attributes you have to try user_lastname_attrib='cn:2', # May use other attributes you have to try server='SERVER_DNS', user_mail_attrib='mail', # userPrincipalName #mail #proxyAddresses:1 # username_attrib='sAMAccountName', base_dn='dc=DOMAIN,dc=COM/NET/ORG/ETC', # Depend of AD config logging_level='error', db=db)]
I think your main issue is not having bind username and bind password... You need a AD user that can accees the same base dn then the users to authenticate... Richard On Mon, Jun 26, 2017 at 1:32 PM, Francisco García <fgclaramo...@gmail.com> wrote: > Hello all, > > I have the following configuration to validate users with windows Active > directory: > > > auth.define_tables(username=False, signature=False) > auth.settings.create_user_groups = False > > auth.settings.actions_disabled=['register','change_ > password','request_reset_password','retrieve_username','profile'] > auth.settings.remember_me_form = False > > auth.settings.login_methods.append(ldap_auth(mode='ad', > server= server_ldap, > base_dn='OU=_delegat,DC= > domain,DC=net' > )) > > auth.settings.login_methods = [ldap_auth, auth] > > > With this configuration, Active directory server doesn't validate users. > And whatever email and password access, creates the new user, if it > doesn't exist, and grant access to application. > > Do you know what could be the problem?. > Any help is appreciated. Thank you. > > Best regards, > Francisco. > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.