What about multi-tenancy? http://web2py.com/books/default/chapter/29/06/the-database-abstraction-layer?search=multi+#Common-fields-and-multi-tenancy
He could check which domain is accessed and authenticate against the proper LDAP instance, no? Richard On Tue, Jan 12, 2016 at 3:43 PM, Niphlod <niph...@gmail.com> wrote: > > > On Tuesday, January 12, 2016 at 9:07:23 PM UTC+1, Alex Glaros wrote: >> >> So for a rookie like me, does the simplest solution seem to be to create >> a special independent app for each organization just for auth/LDAP >> purposes, then transmit the user data to the centralized, common, shared >> instance? >> >> > you can hack an app that authenticates users via multiple LDAP (whose > access and delegations SHOULD be designed beforehand with a tight > process-flow for the aforementioned issues) and then use it as a CAS > provider for every app you need. CAS by default would only provide the id > part, not the authorization one, which in your case still needs to be > properly tailored because there won't be a "sharing" between LDAP domains. > > I don't really know if something can be accomplished already by doing > > from gluon.contrib.login_methods.ldap_auth import ldap_auth > auth.settings.login_methods.append(ldap_auth(mode='ad', > server='chicago.domain.controller', > base_dn='ou=Users,dc=domain,dc=com')) > auth.settings.login_methods.append(ldap_auth(mode='ad', > server='losangeles.domain.controller', > base_dn='ou=Users,dc=domain,dc=com')) > > because theoretically when you "append" methods if a result isn't returned > by the previous method it'll check into the following one.....but I'd stll > quadruple check the behaviour. > > The goal is to allow for example, Paris and Chicago to auth independent of >> each other, but then use the shared system for collaborative projects. >> >> > Ehm. Following the beforementioned.... Paris should only allow paris > users, Chicago chigago users and everyone using collaborative > means > implementing strict checks on Paris controllers, Chicago controllers and > collaborative controllers > > which can very well be done using appropriate group memberships. > > >> thanks >> >> Alex >> >> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
