although manage_group=True seems to create/update/maintain at login-time 
the groups a user is in.
This apparently works out:
- fetching ldap groups user is in
- inserting them in auth_groups
- inserting/deleting the correct auth_membership infos

every time a user logs in. 
So, each time a user logs in you have the same "situation" in ldap and in 
web2py --> you can use auth.has_membership

On Friday, February 7, 2014 7:53:35 PM UTC+1, Massimo Di Pierro wrote:
>
> It does not work this way. One think are web2py groups which you check with
>
> @auth.has_membership(role='group-name')
>
> and another things are Active Directory groups. There is no login in 
> web2py that maps one into the other. ldap_auth(...allowed_groups = 
> ['UnixAdmin'],...) if it works (I have not personally tested it) only 
> allows members of the group to login, but does not transfer the group info 
> into the web2py auth_group/auth_membership tables.
>
>
> On Thursday, 6 February 2014 11:10:16 UTC-6, Doug Campbell wrote:
>>
>> I am trying to block access on specific things using Active Directory 
>> groups and am a bit lost.
>>
>> I can login just fine using active directory and here is my connection 
>> string (with revealing info removed):
>>
>> from gluon.contrib.login_methods.ldap_auth import ldap_auth
>> auth.settings.login_methods = [ldap_auth(mode='ad',
>> #allowed_groups = ['UnixAdmin'],
>> group_dn = 'OU=<>,DC=<>,DC=<>',
>> group_name_attrib = 'cn',
>> group_member_attrib = 'member',
>> group_filterstr = 'objectClass=Group',
>>    server='<>',
>>    base_dn='dc=<>,dc=<>')]
>>
>>
>> This works just fine and if I uncomment the allowed_groups line, it 
>> blocks access correctly to the entire application. I only want to block 
>> access to specific parts though. For example I want to make a database 
>> writable only if the user is a member of a specific Active Directory group 
>> but all users/groups should be able to login. 
>>
>> Here is the code that was working when using local login but being able 
>> to use Active Directory would be great:
>>
>>  if auth.has_membership(group_id='UnixAdmin'):
>>         db.config_detail.value.writable=True
>>     else:
>> db.config_detail.value.writable=False
>>
>>
>> Thanks!
>>
>>
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to