dn: cn=Admin,ou=Groups,dc=domain,dc=com objectClass: top objectClass: posixGroup cn: Admin gidNumber: 5095 memberUid: root memberUid: toor memberUid: smith
2012. március 8., csütörtök 23:46:34 UTC+1 időpontban Aaron a következőt írta: > > Thank you, sir! This looks just right for my group needs (though I'm not > sure how I'd get a list of the current user's groups). > > Also, as I mentioned, I'm new to LDAP, so if you could provide sample LDIF > files for the groups, that'd help greatly. > > Unfortunately I'm also using OpenLDAP, so I can't help you test with AD. > > Thanks again. > > On Thursday, March 8, 2012 1:40:29 PM UTC-8, szimszon wrote: >> >> Group control is already in ldap_auth.py: >> >> >> http://www.web2pyslices.com/slice/show/1476/ldap-auth-with-allowed-groups-and-manage-groups >> >> And I work now on storing first name, last name, and email user prefs >> from ldap. I think I can send a patch to Massimo tomorrow. >> >> 2012. március 8., csütörtök 20:25:12 UTC+1 időpontban Aaron a következőt >> írta: >>> >>> Also, what meaning does the @auth.requires_membership() decorator have >>> in the context of LDAP authentication? >>> Based on my limited knowledge of LDAP (pretty much what's on >>> http://ldapman.org/articles/intro_to_ldap.html), it doesn't look like >>> LDAP implements groups; the closest thing to it would be an entry's >>> Distinguished Name/Domain Components. >>> >>> Thanks, >>> Aaron >>> >>> On Thursday, March 8, 2012 6:04:15 AM UTC-8, Aaron wrote: >>>> >>>> I'm using gluon.tools.Auth and the default ldap_auth login_method to >>>> provide access control to my web2py application. >>>> Now, once the user has successfully logged in (@auth.require_login() >>>> passes), I want to find out which user is logged in, and some of this >>>> user's attributes. >>>> I could get additional information from the LDAP server (using >>>> python-ldap) if I knew the user name; however, the only entry I see in >>>> Auth<http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools.Auth-class.html> >>>> that >>>> provides similar information is Auth.user_id, and I don't know how this ID >>>> maps to the current user's LDAP username. >>>> >>>> More generally, is there a good way for me to take control of my >>>> application's interaction with our LDAP server, while still leveraging the >>>> many built-ins Auth has to offer? >>>> Should I modify the ldap_auth login_method to store the username and >>>> password information in the session object? >>>> Should I write my own custom login_method? If so, what resources exist >>>> to help me along? >>>> >>> > On Thursday, March 8, 2012 1:40:29 PM UTC-8, szimszon wrote: >> >> Group control is already in ldap_auth.py: >> >> >> http://www.web2pyslices.com/slice/show/1476/ldap-auth-with-allowed-groups-and-manage-groups >> >> And I work now on storing first name, last name, and email user prefs >> from ldap. I think I can send a patch to Massimo tomorrow. >> >> 2012. március 8., csütörtök 20:25:12 UTC+1 időpontban Aaron a következőt >> írta: >>> >>> Also, what meaning does the @auth.requires_membership() decorator have >>> in the context of LDAP authentication? >>> Based on my limited knowledge of LDAP (pretty much what's on >>> http://ldapman.org/articles/intro_to_ldap.html), it doesn't look like >>> LDAP implements groups; the closest thing to it would be an entry's >>> Distinguished Name/Domain Components. >>> >>> Thanks, >>> Aaron >>> >>> On Thursday, March 8, 2012 6:04:15 AM UTC-8, Aaron wrote: >>>> >>>> I'm using gluon.tools.Auth and the default ldap_auth login_method to >>>> provide access control to my web2py application. >>>> Now, once the user has successfully logged in (@auth.require_login() >>>> passes), I want to find out which user is logged in, and some of this >>>> user's attributes. >>>> I could get additional information from the LDAP server (using >>>> python-ldap) if I knew the user name; however, the only entry I see in >>>> Auth<http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools.Auth-class.html> >>>> that >>>> provides similar information is Auth.user_id, and I don't know how this ID >>>> maps to the current user's LDAP username. >>>> >>>> More generally, is there a good way for me to take control of my >>>> application's interaction with our LDAP server, while still leveraging the >>>> many built-ins Auth has to offer? >>>> Should I modify the ldap_auth login_method to store the username and >>>> password information in the session object? >>>> Should I write my own custom login_method? If so, what resources exist >>>> to help me along? >>>> >>>
