It does not work this way. One think are web2py groups which you check with
@auth.has_membership(role='group-name') and another things are Active Directory groups. There is no login in web2py that maps one into the other. ldap_auth(...allowed_groups = ['UnixAdmin'],...) if it works (I have not personally tested it) only allows members of the group to login, but does not transfer the group info into the web2py auth_group/auth_membership tables. On Thursday, 6 February 2014 11:10:16 UTC-6, Doug Campbell wrote: > > I am trying to block access on specific things using Active Directory > groups and am a bit lost. > > I can login just fine using active directory and here is my connection > string (with revealing info removed): > > from gluon.contrib.login_methods.ldap_auth import ldap_auth > auth.settings.login_methods = [ldap_auth(mode='ad', > #allowed_groups = ['UnixAdmin'], > group_dn = 'OU=<>,DC=<>,DC=<>', > group_name_attrib = 'cn', > group_member_attrib = 'member', > group_filterstr = 'objectClass=Group', > server='<>', > base_dn='dc=<>,dc=<>')] > > > This works just fine and if I uncomment the allowed_groups line, it blocks > access correctly to the entire application. I only want to block access to > specific parts though. For example I want to make a database writable only > if the user is a member of a specific Active Directory group but all > users/groups should be able to login. > > Here is the code that was working when using local login but being able to > use Active Directory would be great: > > if auth.has_membership(group_id='UnixAdmin'): > db.config_detail.value.writable=True > else: > db.config_detail.value.writable=False > > > Thanks! > > > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
