I am trying to block access on specific things using Active Directory 
groups and am a bit lost.

I can login just fine using active directory and here is my connection 
string (with revealing info removed):

from gluon.contrib.login_methods.ldap_auth import ldap_auth
auth.settings.login_methods = [ldap_auth(mode='ad',
#allowed_groups = ['UnixAdmin'],
group_dn = 'OU=<>,DC=<>,DC=<>',
group_name_attrib = 'cn',
group_member_attrib = 'member',
group_filterstr = 'objectClass=Group',
   server='<>',
   base_dn='dc=<>,dc=<>')]


This works just fine and if I uncomment the allowed_groups line, it blocks 
access correctly to the entire application. I only want to block access to 
specific parts though. For example I want to make a database writable only 
if the user is a member of a specific Active Directory group but all 
users/groups should be able to login. 

Here is the code that was working when using local login but being able to 
use Active Directory would be great:

 if auth.has_membership(group_id='UnixAdmin'):
        db.config_detail.value.writable=True
    else:
db.config_detail.value.writable=False


Thanks!



-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to