Thank you, sir! This looks just right for my group needs (though I'm not sure how I'd get a list of the current user's groups).
Also, as I mentioned, I'm new to LDAP, so if you could provide sample LDIF files for the groups, that'd help greatly. Unfortunately I'm also using OpenLDAP, so I can't help you test with AD. Thanks again. On Thursday, March 8, 2012 1:40:29 PM UTC-8, szimszon wrote: > > Group control is already in ldap_auth.py: > > > http://www.web2pyslices.com/slice/show/1476/ldap-auth-with-allowed-groups-and-manage-groups > > And I work now on storing first name, last name, and email user prefs from > ldap. I think I can send a patch to Massimo tomorrow. > > 2012. március 8., csütörtök 20:25:12 UTC+1 időpontban Aaron a következőt > írta: >> >> Also, what meaning does the @auth.requires_membership() decorator have in >> the context of LDAP authentication? >> Based on my limited knowledge of LDAP (pretty much what's on >> http://ldapman.org/articles/intro_to_ldap.html), it doesn't look like >> LDAP implements groups; the closest thing to it would be an entry's >> Distinguished Name/Domain Components. >> >> Thanks, >> Aaron >> >> On Thursday, March 8, 2012 6:04:15 AM UTC-8, Aaron wrote: >>> >>> I'm using gluon.tools.Auth and the default ldap_auth login_method to >>> provide access control to my web2py application. >>> Now, once the user has successfully logged in (@auth.require_login() >>> passes), I want to find out which user is logged in, and some of this >>> user's attributes. >>> I could get additional information from the LDAP server (using >>> python-ldap) if I knew the user name; however, the only entry I see in >>> Auth<http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools.Auth-class.html> >>> that >>> provides similar information is Auth.user_id, and I don't know how this ID >>> maps to the current user's LDAP username. >>> >>> More generally, is there a good way for me to take control of my >>> application's interaction with our LDAP server, while still leveraging the >>> many built-ins Auth has to offer? >>> Should I modify the ldap_auth login_method to store the username and >>> password information in the session object? >>> Should I write my own custom login_method? If so, what resources exist >>> to help me along? >>> >> On Thursday, March 8, 2012 1:40:29 PM UTC-8, szimszon wrote: > > Group control is already in ldap_auth.py: > > > http://www.web2pyslices.com/slice/show/1476/ldap-auth-with-allowed-groups-and-manage-groups > > And I work now on storing first name, last name, and email user prefs from > ldap. I think I can send a patch to Massimo tomorrow. > > 2012. március 8., csütörtök 20:25:12 UTC+1 időpontban Aaron a következőt > írta: >> >> Also, what meaning does the @auth.requires_membership() decorator have in >> the context of LDAP authentication? >> Based on my limited knowledge of LDAP (pretty much what's on >> http://ldapman.org/articles/intro_to_ldap.html), it doesn't look like >> LDAP implements groups; the closest thing to it would be an entry's >> Distinguished Name/Domain Components. >> >> Thanks, >> Aaron >> >> On Thursday, March 8, 2012 6:04:15 AM UTC-8, Aaron wrote: >>> >>> I'm using gluon.tools.Auth and the default ldap_auth login_method to >>> provide access control to my web2py application. >>> Now, once the user has successfully logged in (@auth.require_login() >>> passes), I want to find out which user is logged in, and some of this >>> user's attributes. >>> I could get additional information from the LDAP server (using >>> python-ldap) if I knew the user name; however, the only entry I see in >>> Auth<http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools.Auth-class.html> >>> that >>> provides similar information is Auth.user_id, and I don't know how this ID >>> maps to the current user's LDAP username. >>> >>> More generally, is there a good way for me to take control of my >>> application's interaction with our LDAP server, while still leveraging the >>> many built-ins Auth has to offer? >>> Should I modify the ldap_auth login_method to store the username and >>> password information in the session object? >>> Should I write my own custom login_method? If so, what resources exist >>> to help me along? >>> >>
