Hi Niphlod, First of all i wanted to thank you for your fast reply. And I was aware of the fact that web2py doesn't "write" to the ldap-directive, which is actually what i'm trying to implement.
Now after some testing, i've noticed that a user has to be a member of a certain group in order to login succesfuly. Otherwise the login will return an "Invalid login"-error. Now i'm not sure that this is the case because most of our functions require a certain group-membership, or that this is default web2py behaviour. But since it's not defined in the documentation, i thought it wouldn't hurt to mention it here. With kind regards, Jacobs. On Tuesday, November 4, 2014 9:59:28 PM UTC+1, Niphlod wrote: > > web2py doesn't write to ldap. ldap auth has a meaning just for > sidestepping the registration process and password renewal. > Also, the group table is needed to avoid querying over and over ldap for > group membership . > If you pass "manage_groups" as True, at every login web2py will fetch the > membership and it will store the AD groups on the table, creating the > needed relationships. That information is refreshed at login-time, and it's > not fetched for every request that comes in (ldap is notoriously NOT > lightning-fast) > > On Tuesday, November 4, 2014 2:16:05 PM UTC+1, Dennis Jacobs wrote: >> >> Hi Guys, >> >> I'm having some trouble with understanding how the Auth-module actualy >> works with ldap. >> The thing i'm actually trying to do is to create a user (in the best case >> using the register-form/function), both in ldap and in web2py. >> >> After some research i've discovered that web2py requires the >> auth_user-table to exist, mainly to match the web2py user-id with the >> ldap-user. >> So for each ldap-user, there should be one record with a unique web2py >> user-id. >> And that this user will automaticly be added (in auth_user) upon logging >> in, when this records doesn't exist. >> >> Since web2py authenticates to the ldap-directory. But uses the web2py >> user-id for internal stuff (e.g. which user is logged in.) >> I assume this "auth_users vs ldap" matching is done by comparing the >> usernames? >> Can some confirm this is 100% true, and i'm not missing anything? >> >> Also Since the authentication is done based on the ldap-service. >> I'm starting to doubt that the auth_group table is really necessary, >> since the user memberlist can be deducted from the ldap. >> But if web2py also uses the group-id for internal things, i could be >> wrong on this subject. >> >> With kind regards, >> Jacobs Dennis. >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
