Maybe you can delegate auth to Ldap and use auth.settings.login_onaccept.append(lambda form: my_postlogin_tasks(form. vars.username......))
to set a session variable that enables or disables admin access depending on who the user is. Then you could use auth decorators like @auth.requires(session.auth._adminaccess == True) at admin actions. I've never used such a "mixed system". This is just what it came to my mind... Regards. El miércoles, 11 de febrero de 2015, 0:12:07 (UTC+1), Gary Cowell escribió: > > I would like my app to authenticate with AD (ldap) for users and passwords. > > But, I'm not in control of the LDAP, and I can't get them to add new > groups etc. and the app requires users to be in a web2py admin group to do > certain admin functions within the app. > > So at the moment, I'm using standard auth, where users can self register, > then I add them to the admin group myself if necessary > > I found a web2py slices for authenticating against AD, but how can I also > use web2py groups, /instead of/ AD/ldap groups? So authenticate the user > and password against AD, but use my app groups for additional permissions > > Is it the case of the auth.settings.create_user_groups and > auth.settings.login_methods [ manage_groups ] options? > > I won't be able to test it sadly until I have access to an ldap server. > Might be time to run my own for now, I suppose! > > Question for now is, is this possible at all? If so, I will set up and > configure an ldap server to test it with. > > Thanks > > > from gluon.tools import Auth, Crud, Service, PluginManager, prettydate > auth = Auth(db, hmac_key = Auth.get_or_create_key()) > > then > > auth.define_tables(username=True) > #auth.settings.create_user_groups=False > > after > > # all we need is login > > auth.settings.actions_disabled=['register','change_password','request_reset_password','retrieve_username','profile'] > > # you don't have to remember me > auth.settings.remember_me_form = False > > and > > from gluon.contrib.login_methods.ldap_auth import ldap_auth > auth.settings.login_methods = [ldap_auth(mode='ad', > manage_groups= True, > db = db, > group_name_attrib = 'cn', > group_member_attrib = 'member', > group_filterstr = 'objectClass=Group', > server='<server>', > base_dn='OU=<my org unit>,DC=<domain>,DC=<domain>')] > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
