although manage_group=True seems to create/update/maintain at login-time the groups a user is in. This apparently works out: - fetching ldap groups user is in - inserting them in auth_groups - inserting/deleting the correct auth_membership infos
every time a user logs in. So, each time a user logs in you have the same "situation" in ldap and in web2py --> you can use auth.has_membership On Friday, February 7, 2014 7:53:35 PM UTC+1, Massimo Di Pierro wrote: > > It does not work this way. One think are web2py groups which you check with > > @auth.has_membership(role='group-name') > > and another things are Active Directory groups. There is no login in > web2py that maps one into the other. ldap_auth(...allowed_groups = > ['UnixAdmin'],...) if it works (I have not personally tested it) only > allows members of the group to login, but does not transfer the group info > into the web2py auth_group/auth_membership tables. > > > On Thursday, 6 February 2014 11:10:16 UTC-6, Doug Campbell wrote: >> >> I am trying to block access on specific things using Active Directory >> groups and am a bit lost. >> >> I can login just fine using active directory and here is my connection >> string (with revealing info removed): >> >> from gluon.contrib.login_methods.ldap_auth import ldap_auth >> auth.settings.login_methods = [ldap_auth(mode='ad', >> #allowed_groups = ['UnixAdmin'], >> group_dn = 'OU=<>,DC=<>,DC=<>', >> group_name_attrib = 'cn', >> group_member_attrib = 'member', >> group_filterstr = 'objectClass=Group', >> server='<>', >> base_dn='dc=<>,dc=<>')] >> >> >> This works just fine and if I uncomment the allowed_groups line, it >> blocks access correctly to the entire application. I only want to block >> access to specific parts though. For example I want to make a database >> writable only if the user is a member of a specific Active Directory group >> but all users/groups should be able to login. >> >> Here is the code that was working when using local login but being able >> to use Active Directory would be great: >> >> if auth.has_membership(group_id='UnixAdmin'): >> db.config_detail.value.writable=True >> else: >> db.config_detail.value.writable=False >> >> >> Thanks! >> >> >> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.