Note : Don't use many differents methods of authentication, if you can... I was doing it before until I realize that my user was block/locked regularly because of automated testing... The web2py is performing multiple authentication, trying one method before shift to the other if the password is not working... Automated test launching failing authentication attempt to AD because I was using web2py auth password block my AD account...
Richard On Mon, Jun 26, 2017 at 3:44 PM, Richard Vézina <ml.richard.vez...@gmail.com > wrote: > Here my conf : > > auth.settings.login_methods = \ > [auth, > ldap_auth(mode='ad', > # ------------------------------ > ----------------------------------------- > # To unlock LDAPS with self-signed certificate this line > should be > # present in ldap_auth.py : > # ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, > ldap.OPT_X_TLS_NEVER) > # This line should be inside : ldap_auth() > # Ref: https://onemoretech.wordpress. > com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/ > # Ref: http://bneijt.nl/blog/post/ > connecting-to-ldaps-with-self-signed-cert-using-python/ > # Ref: https://mail.python.org/ > pipermail/python-ldap/2015q4/003631.html > port=636, > secure=True, > self_signed_certificate=True, > # ------------------------------ > ----------------------------------------- > bind_dn='DOMAIN\AD_USER_NAME', > bind_pw='PASSWORD', > manage_groups=False, > manage_user=True, > user_firstname_attrib='cn:1', # May use other attributes > you have to try > user_lastname_attrib='cn:2', # May use other attributes > you have to try > server='SERVER_DNS', > user_mail_attrib='mail', > # userPrincipalName #mail #proxyAddresses:1 > # username_attrib='sAMAccountName', > base_dn='dc=DOMAIN,dc=COM/NET/ORG/ETC', # Depend of AD > config > logging_level='error', > db=db)] > > I think your main issue is not having bind username and bind password... > You need a AD user that can accees the same base dn then the users to > authenticate... > > Richard > > On Mon, Jun 26, 2017 at 1:32 PM, Francisco García <fgclaramo...@gmail.com> > wrote: > >> Hello all, >> >> I have the following configuration to validate users with windows Active >> directory: >> >> >> auth.define_tables(username=False, signature=False) >> auth.settings.create_user_groups = False >> >> auth.settings.actions_disabled=['register','change_password' >> ,'request_reset_password','retrieve_username','profile'] >> auth.settings.remember_me_form = False >> >> auth.settings.login_methods.append(ldap_auth(mode='ad', >> server= server_ldap, >> base_dn='OU=_delegat,DC=domai >> n,DC=net' >> )) >> >> auth.settings.login_methods = [ldap_auth, auth] >> >> >> With this configuration, Active directory server doesn't validate users. >> And whatever email and password access, creates the new user, if it >> doesn't exist, and grant access to application. >> >> Do you know what could be the problem?. >> Any help is appreciated. Thank you. >> >> Best regards, >> Francisco. >> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
