You are welcome Richard
On Tue, Jun 27, 2017 at 4:42 AM, Francisco García Claramonte < fgclaramo...@gmail.com> wrote: > Good Morning Richard, > > First thank you for your fast help. > I'd changed my configuration according your example. > > Now, It is: > > auth.settings.login_methods = [ auth, > ldap_auth(mode='ad', > server= server_ldap, > base_dn= 'DC=domain,DC=net', > bind_dn='domain\user', > bind_pw='passwd', > manage_groups=False, > manage_user=False, > user_firstname_attrib='cn:1', > user_lastname_attrib='cn:2', > user_mail_attrib='mail', > username_attrib='CN', > db=db > ) ] > > It works perfectly with double validation in my firsts tests. > > Thanks for your help. > > > 2017-06-26 21:49 GMT+02:00 Richard Vézina <ml.richard.vez...@gmail.com>: > >> Note : Don't use many differents methods of authentication, if you can... >> I was doing it before until I realize that my user was block/locked >> regularly because of automated testing... The web2py is performing multiple >> authentication, trying one method before shift to the other if the password >> is not working... Automated test launching failing authentication attempt >> to AD because I was using web2py auth password block my AD account... >> >> Richard >> >> >> >> >> On Mon, Jun 26, 2017 at 3:44 PM, Richard Vézina < >> ml.richard.vez...@gmail.com> wrote: >> >>> Here my conf : >>> >>> auth.settings.login_methods = \ >>> [auth, >>> ldap_auth(mode='ad', >>> # ------------------------------ >>> ----------------------------------------- >>> # To unlock LDAPS with self-signed certificate this line >>> should be >>> # present in ldap_auth.py : >>> # ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, >>> ldap.OPT_X_TLS_NEVER) >>> # This line should be inside : ldap_auth() >>> # Ref: https://onemoretech.wordpress. >>> com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/ >>> # Ref: http://bneijt.nl/blog/post/con >>> necting-to-ldaps-with-self-signed-cert-using-python/ >>> # Ref: https://mail.python.org/piperm >>> ail/python-ldap/2015q4/003631.html >>> port=636, >>> secure=True, >>> self_signed_certificate=True, >>> # ------------------------------ >>> ----------------------------------------- >>> bind_dn='DOMAIN\AD_USER_NAME', >>> bind_pw='PASSWORD', >>> manage_groups=False, >>> manage_user=True, >>> user_firstname_attrib='cn:1', # May use other attributes >>> you have to try >>> user_lastname_attrib='cn:2', # May use other attributes >>> you have to try >>> server='SERVER_DNS', >>> user_mail_attrib='mail', >>> # userPrincipalName #mail #proxyAddresses:1 >>> # username_attrib='sAMAccountName', >>> base_dn='dc=DOMAIN,dc=COM/NET/ORG/ETC', # Depend of AD >>> config >>> logging_level='error', >>> db=db)] >>> >>> I think your main issue is not having bind username and bind password... >>> You need a AD user that can accees the same base dn then the users to >>> authenticate... >>> >>> Richard >>> >>> On Mon, Jun 26, 2017 at 1:32 PM, Francisco García < >>> fgclaramo...@gmail.com> wrote: >>> >>>> Hello all, >>>> >>>> I have the following configuration to validate users with windows >>>> Active directory: >>>> >>>> >>>> auth.define_tables(username=False, signature=False) >>>> auth.settings.create_user_groups = False >>>> >>>> auth.settings.actions_disabled=['register','change_password' >>>> ,'request_reset_password','retrieve_username','profile'] >>>> auth.settings.remember_me_form = False >>>> >>>> auth.settings.login_methods.append(ldap_auth(mode='ad', >>>> server= server_ldap, >>>> >>>> base_dn='OU=_delegat,DC=domain,DC=net' >>>> )) >>>> >>>> auth.settings.login_methods = [ldap_auth, auth] >>>> >>>> >>>> With this configuration, Active directory server doesn't validate users. >>>> And whatever email and password access, creates the new user, if it >>>> doesn't exist, and grant access to application. >>>> >>>> Do you know what could be the problem?. >>>> Any help is appreciated. Thank you. >>>> >>>> Best regards, >>>> Francisco. >>>> >>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to web2py+unsubscr...@googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "web2py-users" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/to >> pic/web2py/tACcnQ9-kyk/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> web2py+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Francisco M. García Claramonte > Debian GNU/Linux Developer <franci...@debian.org> > GPG: public key ID 3219C4E7 > http://people.debian.org/~francisco/ > http://garciac.es - <franci...@garciac.es> > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
