web2py doesn't write to ldap. ldap auth has a meaning just for sidestepping the registration process and password renewal. Also, the group table is needed to avoid querying over and over ldap for group membership . If you pass "manage_groups" as True, at every login web2py will fetch the membership and it will store the AD groups on the table, creating the needed relationships. That information is refreshed at login-time, and it's not fetched for every request that comes in (ldap is notoriously NOT lightning-fast)
On Tuesday, November 4, 2014 2:16:05 PM UTC+1, Dennis Jacobs wrote: > > Hi Guys, > > I'm having some trouble with understanding how the Auth-module actualy > works with ldap. > The thing i'm actually trying to do is to create a user (in the best case > using the register-form/function), both in ldap and in web2py. > > After some research i've discovered that web2py requires the > auth_user-table to exist, mainly to match the web2py user-id with the > ldap-user. > So for each ldap-user, there should be one record with a unique web2py > user-id. > And that this user will automaticly be added (in auth_user) upon logging > in, when this records doesn't exist. > > Since web2py authenticates to the ldap-directory. But uses the web2py > user-id for internal stuff (e.g. which user is logged in.) > I assume this "auth_users vs ldap" matching is done by comparing the > usernames? > Can some confirm this is 100% true, and i'm not missing anything? > > Also Since the authentication is done based on the ldap-service. > I'm starting to doubt that the auth_group table is really necessary, > since the user memberlist can be deducted from the ldap. > But if web2py also uses the group-id for internal things, i could be wrong > on this subject. > > With kind regards, > Jacobs Dennis. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
