On Aug 4, 2:26 pm, Johann Spies <johann.sp...@gmail.com> wrote: > My next > question comes from the fact that now anyone on the ldap-tree can > login and then become a registered user.
I guess you can't move those users that you wish to login to be placed in a specific OU so that the logins can be restricted to just that OU? > At the moment there are at least two problems: > 1. Anyone in the ldap-tree can login and will then be registered > although there is no email address and registration key. > I want only registered users to be able to log in. And I want the > registration to be approved by the administrator before it is valid. > How do I do it in this setup? > auth.settings.registration_requires_approval = True Unfortunately Auth isn't currently set-up the way that you want it to be. This setting is only activated during auth.register() which isn't happening when users login through LDAP. It also doesn't check whether there is an existing registration_key. I'd consider this a bug...a patch is simple & so I'll send to Massimo to see if he agrees that this should still be checked with alternate login methods. However this won't help you majorly since you'd have to block all AD users other than those you anted to be able to access. Options that I can see for changing Web2Py to work as you'd like it: (1) Have an option where ldap-auth checks for Group membership & only allows in users who are in that group (defaulting to None, so no group check done) ldap_auth(server='stbldap01.sun.ac.za', port=636, base_dn='ou=users,O=SU', mode='cn', secure=True, group='Permitted Users') (2) Have an option to auth.login to say that even alternate login types need to register 1st auth.settings.registration_required = True (default to False for backward compatibility & probable usually- desired method) I think both of these have generic value & would be worth enhancing the system with. (2) Seems to be what you're after & is easier to code, so I'll work on that 1st. I'm happy to take suggestions from anyone on the syntax of these settings :) > 2. Any email address I type in results in an error: "Invalid email address" > t.email.requires = [IS_EMAIL(), IS_NOT_IN_DB(db, db.auth_user.email)] > Why does the registration form complain about an invalid email address? This is during register(), right? I can't see why that would happen & I can't replicate it here... Not sure why you get "Invalid email address" as the default error for the IS_EMAIL() validator is: error_message='invalid email!' The default requires is: t.email.requires = [IS_EMAIL (error_message=self.messages.invalid_email), IS_NOT_IN_DB(db, db.auth_user.email)] with self.messages.invalid_email = 'Invalid email' These values haven't changed in a long time, so where this comes from I cannot tell... (If it's the IS_IN_DB validator then get a 'Vlue already in database' error...) F --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
