I am trying to block access on specific things using Active Directory
groups and am a bit lost.
I can login just fine using active directory and here is my connection
string (with revealing info removed):
from gluon.contrib.login_methods.ldap_auth import ldap_auth
auth.settings.login_methods = [ldap_auth(mode='ad',
#allowed_groups = ['UnixAdmin'],
group_dn = 'OU=<>,DC=<>,DC=<>',
group_name_attrib = 'cn',
group_member_attrib = 'member',
group_filterstr = 'objectClass=Group',
server='<>',
base_dn='dc=<>,dc=<>')]
This works just fine and if I uncomment the allowed_groups line, it blocks
access correctly to the entire application. I only want to block access to
specific parts though. For example I want to make a database writable only
if the user is a member of a specific Active Directory group but all
users/groups should be able to login.
Here is the code that was working when using local login but being able to
use Active Directory would be great:
if auth.has_membership(group_id='UnixAdmin'):
db.config_detail.value.writable=True
else:
db.config_detail.value.writable=False
Thanks!
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
