Also, what meaning does the @auth.requires_membership() decorator have in the context of LDAP authentication? Based on my limited knowledge of LDAP (pretty much what's on http://ldapman.org/articles/intro_to_ldap.html), it doesn't look like LDAP implements groups; the closest thing to it would be an entry's Distinguished Name/Domain Components.
Thanks, Aaron On Thursday, March 8, 2012 6:04:15 AM UTC-8, Aaron wrote: > > I'm using gluon.tools.Auth and the default ldap_auth login_method to > provide access control to my web2py application. > Now, once the user has successfully logged in (@auth.require_login() > passes), I want to find out which user is logged in, and some of this > user's attributes. > I could get additional information from the LDAP server (using > python-ldap) if I knew the user name; however, the only entry I see in > Auth<http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools.Auth-class.html> > that > provides similar information is Auth.user_id, and I don't know how this ID > maps to the current user's LDAP username. > > More generally, is there a good way for me to take control of my > application's interaction with our LDAP server, while still leveraging the > many built-ins Auth has to offer? > Should I modify the ldap_auth login_method to store the username and > password information in the session object? > Should I write my own custom login_method? If so, what resources exist to > help me along? >
