On Tuesday, January 12, 2016 at 9:07:23 PM UTC+1, Alex Glaros wrote: > > So for a rookie like me, does the simplest solution seem to be to create a > special independent app for each organization just for auth/LDAP purposes, > then transmit the user data to the centralized, common, shared instance? > > you can hack an app that authenticates users via multiple LDAP (whose access and delegations SHOULD be designed beforehand with a tight process-flow for the aforementioned issues) and then use it as a CAS provider for every app you need. CAS by default would only provide the id part, not the authorization one, which in your case still needs to be properly tailored because there won't be a "sharing" between LDAP domains.
I don't really know if something can be accomplished already by doing from gluon.contrib.login_methods.ldap_auth import ldap_auth auth.settings.login_methods.append(ldap_auth(mode='ad', server='chicago.domain.controller', base_dn='ou=Users,dc=domain,dc=com')) auth.settings.login_methods.append(ldap_auth(mode='ad', server='losangeles.domain.controller', base_dn='ou=Users,dc=domain,dc=com')) because theoretically when you "append" methods if a result isn't returned by the previous method it'll check into the following one.....but I'd stll quadruple check the behaviour. The goal is to allow for example, Paris and Chicago to auth independent of > each other, but then use the shared system for collaborative projects. > > Ehm. Following the beforementioned.... Paris should only allow paris users, Chicago chigago users and everyone using collaborative means implementing strict checks on Paris controllers, Chicago controllers and collaborative controllers which can very well be done using appropriate group memberships. > thanks > > Alex > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
