I am trying to block access on specific things using Active Directory groups and am a bit lost.
I can login just fine using active directory and here is my connection string (with revealing info removed): from gluon.contrib.login_methods.ldap_auth import ldap_auth auth.settings.login_methods = [ldap_auth(mode='ad', #allowed_groups = ['UnixAdmin'], group_dn = 'OU=<>,DC=<>,DC=<>', group_name_attrib = 'cn', group_member_attrib = 'member', group_filterstr = 'objectClass=Group', server='<>', base_dn='dc=<>,dc=<>')] This works just fine and if I uncomment the allowed_groups line, it blocks access correctly to the entire application. I only want to block access to specific parts though. For example I want to make a database writable only if the user is a member of a specific Active Directory group but all users/groups should be able to login. Here is the code that was working when using local login but being able to use Active Directory would be great: if auth.has_membership(group_id='UnixAdmin'): db.config_detail.value.writable=True else: db.config_detail.value.writable=False Thanks! -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.