OK, I figured out the first part: settings.domain_name used to be "ldap://domain.com"; -> changing this to just "domain.com" makes web2py query the ldap-server.
There seems to be a problem in my case with get_user_groups_from_ldap: The search for username in line 634 return the users full-name instead of the the username: CN="Firstname Lastname". :-( Am Dienstag, 17. September 2013 07:56:35 UTC+2 schrieb D.: > > Here are my auth-settings > auth = Auth(db, secure=True) > auth.define_tables(username=True) > auth.settings.create_user_groups=False > auth.settings.actions_disabled = > ['register','change_password','request_reset_password','retrieve_username','profile'] > auth.settings.create_user_groups = False > auth.settings.remember_me_form = False > auth.settings.login_methods = [ldap_auth(mode="ad", > server=settings.ldap_server, base_dn=settings.domain_name, db=db, > manage_user=True, > user_firstname_attrib="givenName", > user_lastname_attrib="sn", > user_mail_attrib="mail", > manage_groups=True, > group_dn="ou=Groups," + > settings.domain_name, > group_name_attrib="cn", > group_member_attrib="member", > group_filterstr='objectClass=*')] > > I'm passing in valid login-credentials via web2pys login-form. As > mentioned, according to the network-traffic web2py does not even contact > the ldap server but tells me "Invalid login" right away. > > Am Montag, 16. September 2013 19:06:50 UTC+2 schrieb D.: >> >> Dear community, >> >> I'm trying to user ldap to authenticate against an MS AD as described in >> the book but I keep getting "Invalid login". I can connect and verify my >> login through the normal pyhton-console using simple_bind_s and whoami_s >> just fine - not using web2py however :-( Apparently there's not even a >> request to the ldap-server: tcpdump on the server does not show any >> ldap-packets at all when trying to authenticate with web2py (I can see the >> ldap-process when doing it manually as described). >> Where and how does web2py write it's auth-logging? I tried adding a >> seperate logger in login_methods/ldap_auth, but it's never even called. All >> of the other logging-entries (scheduler etc.) work and are written to >> web2py/logs/web2py.log. >> >> Any help greatly appreciated! >> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
