Good Morning Richard,
First thank you for your fast help.
I'd changed my configuration according your example.
Now, It is:
auth.settings.login_methods = [ auth,
ldap_auth(mode='ad',
server= server_ldap,
base_dn= 'DC=domain,DC=net',
bind_dn='domain\user',
bind_pw='passwd',
manage_groups=False,
manage_user=False,
user_firstname_attrib='cn:1',
user_lastname_attrib='cn:2',
user_mail_attrib='mail',
username_attrib='CN',
db=db
) ]
It works perfectly with double validation in my firsts tests.
Thanks for your help.
2017-06-26 21:49 GMT+02:00 Richard Vézina <ml.richard.vez...@gmail.com>:
> Note : Don't use many differents methods of authentication, if you can...
> I was doing it before until I realize that my user was block/locked
> regularly because of automated testing... The web2py is performing multiple
> authentication, trying one method before shift to the other if the password
> is not working... Automated test launching failing authentication attempt
> to AD because I was using web2py auth password block my AD account...
>
> Richard
>
>
>
>
> On Mon, Jun 26, 2017 at 3:44 PM, Richard Vézina <
> ml.richard.vez...@gmail.com> wrote:
>
>> Here my conf :
>>
>> auth.settings.login_methods = \
>> [auth,
>> ldap_auth(mode='ad',
>> # ------------------------------
>> -----------------------------------------
>> # To unlock LDAPS with self-signed certificate this line
>> should be
>> # present in ldap_auth.py :
>> # ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
>> ldap.OPT_X_TLS_NEVER)
>> # This line should be inside : ldap_auth()
>> # Ref: https://onemoretech.wordpress.
>> com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/
>> # Ref: http://bneijt.nl/blog/post/con
>> necting-to-ldaps-with-self-signed-cert-using-python/
>> # Ref: https://mail.python.org/piperm
>> ail/python-ldap/2015q4/003631.html
>> port=636,
>> secure=True,
>> self_signed_certificate=True,
>> # ------------------------------
>> -----------------------------------------
>> bind_dn='DOMAIN\AD_USER_NAME',
>> bind_pw='PASSWORD',
>> manage_groups=False,
>> manage_user=True,
>> user_firstname_attrib='cn:1', # May use other attributes
>> you have to try
>> user_lastname_attrib='cn:2', # May use other attributes
>> you have to try
>> server='SERVER_DNS',
>> user_mail_attrib='mail',
>> # userPrincipalName #mail #proxyAddresses:1
>> # username_attrib='sAMAccountName',
>> base_dn='dc=DOMAIN,dc=COM/NET/ORG/ETC', # Depend of AD
>> config
>> logging_level='error',
>> db=db)]
>>
>> I think your main issue is not having bind username and bind password...
>> You need a AD user that can accees the same base dn then the users to
>> authenticate...
>>
>> Richard
>>
>> On Mon, Jun 26, 2017 at 1:32 PM, Francisco García <fgclaramo...@gmail.com
>> > wrote:
>>
>>> Hello all,
>>>
>>> I have the following configuration to validate users with windows Active
>>> directory:
>>>
>>>
>>> auth.define_tables(username=False, signature=False)
>>> auth.settings.create_user_groups = False
>>>
>>> auth.settings.actions_disabled=['register','change_password'
>>> ,'request_reset_password','retrieve_username','profile']
>>> auth.settings.remember_me_form = False
>>>
>>> auth.settings.login_methods.append(ldap_auth(mode='ad',
>>> server= server_ldap,
>>>
>>> base_dn='OU=_delegat,DC=domain,DC=net'
>>> ))
>>>
>>> auth.settings.login_methods = [ldap_auth, auth]
>>>
>>>
>>> With this configuration, Active directory server doesn't validate users.
>>> And whatever email and password access, creates the new user, if it
>>> doesn't exist, and grant access to application.
>>>
>>> Do you know what could be the problem?.
>>> Any help is appreciated. Thank you.
>>>
>>> Best regards,
>>> Francisco.
>>>
>>> --
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to web2py+unsubscr...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "web2py-users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/web2py/tACcnQ9-kyk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
Francisco M. García Claramonte
Debian GNU/Linux Developer <franci...@debian.org>
GPG: public key ID 3219C4E7
http://people.debian.org/~francisco/
http://garciac.es - <franci...@garciac.es>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
