Hi everyone,
recently I discovered web2py and tried to convert a little script I
wrote that is used by some colleagues here at work as a web
application. All went smoothly and the apps is ready to use with the
simple default authentication method. I tried to experiment with the
ldap authentication method, using our internal Active Directory
server.
Integrating the bits of code from the Official Book, disabled
registration of users (since they are already present into the
server), adding the users into the local user database i get this
error whenever I try to login: "Registration needs verification".
This is the contents of db.py:
# -*- coding: utf-8 -*-
# this file is released under public domain and you can use without
limitations
#########################################################################
## This scaffolding model makes your app work on Google App Engine too
#########################################################################
if request.env.web2py_runtime_gae: # if running on Google
App Engine
db = DAL('gae') # connect to Google
BigTable
# optional DAL('gae://
namespace')
session.connect(request, response, db = db) # and store sessions
and tickets there
### or use the following lines to store sessions in Memcache
# from gluon.contrib.memdb import MEMDB
# from google.appengine.api.memcache import Client
# session.connect(request, response, db = MEMDB(Client()))
else: # else use a normal
relational database
db = DAL('sqlite://storage.sqlite') # if not, use SQLite or
other DB
## if no need for session
# session.forget()
#########################################################################
## Here is sample code if you need for
## - email capabilities
## - authentication (registration, login, logout, ... )
## - authorization (role based authorization)
## - services (xml, csv, json, xmlrpc, jsonrpc, amf, rss)
## - crud actions
## (more options discussed in gluon/tools.py)
#########################################################################
from gluon.tools import *
from gluon.contrib.login_methods.ldap_auth import ldap_auth
auth = Auth(globals(),db) # authentication/
authorization
crud = Crud(globals(),db) # for CRUD helpers
using auth
service = Service(globals()) # for json, xml,
jsonrpc, xmlrpc, amfrpc
plugins = PluginManager()
auth.settings.login_methods = [ldap_auth(
mode='ad',
server='myserver',
port='389',
base_dn='base_dn',
bind_dn='bind_dn',
bind_pw='xxxsecretxxx')]
auth.settings.hmac_key = 'sha512:af8d07a5-98a5-4882-
af96-21a0254ccfce' # before define_tables()
auth.settings.actions_disabled.append('register')
########################################
db.define_table('auth_user',
Field('id','id',
represent=lambda id:SPAN(id,'
',A('view',_href=URL('auth_user_read',args=id)))),
Field('username', type='string',
label=T('Username')),
Field('first_name', type='string',
label=T('First Name')),
Field('last_name', type='string',
label=T('Last Name')),
Field('email', type='string',
label=T('Email')),
Field('password', type='password',
readable=False,
label=T('Password')),
Field('created_on','datetime',default=request.now,
label=T('Created On'),writable=False,readable=False),
Field('modified_on','datetime',default=request.now,
label=T('Modified On'),writable=False,readable=False,
update=request.now),
Field('registration_key',default='',
writable=False,readable=False),
Field('reset_password_key',default='',
writable=False,readable=False),
Field('registration_id',default='',
writable=False,readable=False),
format='%(username)s',
migrate=settings.migrate)
db.auth_user.first_name.requires =
IS_NOT_EMPTY(error_message=auth.messages.is_empty)
db.auth_user.last_name.requires =
IS_NOT_EMPTY(error_message=auth.messages.is_empty)
db.auth_user.password.requires = CRYPT(key=auth.settings.hmac_key)
db.auth_user.username.requires = IS_NOT_IN_DB(db,
db.auth_user.username)
db.auth_user.registration_id.requires = IS_NOT_IN_DB(db,
db.auth_user.registration_id)
db.auth_user.email.requires =
(IS_EMAIL(error_message=auth.messages.invalid_email),
IS_NOT_IN_DB(db, db.auth_user.email))
auth.define_tables(migrate=settings.migrate)
# creates all needed tables
auth.settings.registration_requires_verification = False
auth.settings.registration_requires_approval = False
auth.settings.reset_password_requires_verification = True
auth.messages.reset_password = 'Click on the link
http://'+request.env.http_host+URL('default','user',args=['reset_password'])+'/%(key)s
to reset your password'
#########################################################################
## If you need to use OpenID, Facebook, MySpace, Twitter, Linkedin,
etc.
## register with janrain.com, uncomment and customize following
# from gluon.contrib.login_methods.rpx_account import RPXAccount
#
auth.settings.actions_disabled=['register','change_password','request_reset_password']
# auth.settings.login_form = RPXAccount(request,
api_key='...',domain='...',
# url = "http://localhost:8000/%s/default/user/login"; %
request.application)
## other login methods are in gluon/contrib/login_methods
#########################################################################
crud.settings.auth = None # =auth to enforce
authorization on crud
#########################################################################
## Define your tables below (or better in another model file) for
example
##
## >>> db.define_table('mytable',Field('myfield','string'))
##
## Fields can be
'string','text','password','integer','double','boolean'
## 'date','time','datetime','blob','upload', 'reference
TABLENAME'
## There is an implicit 'id integer autoincrement' field
## Consult manual for more options, validators, etc.
##
## More API examples for controllers:
##
## >>> db.mytable.insert(myfield='value')
## >>> rows=db(db.mytable.myfield=='value').select(db.mytable.ALL)
## >>> for row in rows: print row.id, row.myfield
#########################################################################
