Not sure the web2py groups should be the same as the ldap groups.
On Jun 11, 7:50 am, "mr.freeze" <[email protected]> wrote:
> LDAP could be used to verify group membership too. It would be cool
> if we could do something similar to login_methods:
> auth.settings.membership_providers = [ldap_membership(...), auth]
>
> Not sure how tricky the implementation would be though...
>
> On Jun 11, 7:37 am, mdipierro <[email protected]> wrote:
>
> > fixing!
>
> > On Jun 11, 6:58 am, "mr.freeze" <[email protected]> wrote:
>
> > > Almost perfect. Line 705 in tools.py should be:
> > > if not self in self.settings.login_methods:
> > > instead of
> > > if not self in login_methods:
>
> > > All of the combinations work as advertised with the change above.
> > > Thanks!!! I will have a much easier time pushing web2py at work if we
> > > can use our existing AD users.
> > > Can you do the same thing to memberships now? :)
>
> > what do you mean?
>
> > > On Jun 11, 12:16 am, mdipierro <[email protected]> wrote:
>
> > > > I did not receive your patch but if you now do:
>
> > > > auth.settings.login.methods=[ldap_login(..)]
>
> > > > then it does not store password in db and always requres ldapauth.
> > > > If you do:
>
> > > > auth.settings.login.methods=[ldap_login(..),auth]
>
> > > > same as above but does store password in db.
> > > > if you do
>
> > > > auth.settings.login.methods=[auth, ldap_login(..)]
>
> > > > tries to login locally first, else tries ldap.
> > > > Of course you can do
>
> > > > auth.settings.login.methods=[auth, ldap_login(...), email_login
> > > > (...), basic_login(...)]
>
> > > > and combinations thereof.
>
> > > > Please give this a try.
>
> > > > Massimo
>
> > > > On Jun 10, 11:06 pm, "mr.freeze" <[email protected]> wrote:
>
> > > > > I just sent you another (very simple) patch that forcesauthto use
> > > > > the alternative login methods if present so, for example, LDAP will be
> > > > > queried each time.
>
> > > > > On Jun 9, 11:30 pm, mdipierro <[email protected]> wrote:
>
> > > > > > Thanks!
>
> > > > > > On Jun 9, 11:03 pm, "mr.freeze" <[email protected]> wrote:
>
> > > > > > > Massimo, you should have a patch in email for active directory
> > > > > > > ldap
> > > > > > >auth. As noted in my email:
> > > > > > > It works but we will also need to change tools.py so that it
> > > > > > > forces
> > > > > > > ldap authentication each time, not just the first (maybe track the
> > > > > > >authmethod in the db?).
> > > > > > > Currently after the account is authenticated through ldap, the
> > > > > > > credentials are stored in the db and ldap is never queried again.
>
> > > > > > > Also, ideally the login form would be specific to the theauthtype
> > > > > > > so
> > > > > > > ldap/active directory could include a domain name field.
> > > > > > > Then we can tackle an LDAP membership provider!
>
> > > > > > > On Jun 8, 11:52 pm, mdipierro <[email protected]> wrote:
>
> > > > > > > > only mode='uid' is implemented. I could use help debugging/
> > > > > > > > implementing the other modes
>
> > > > > > > > Massimo
>
> > > > > > > > On Jun 8, 10:38 pm, "mr.freeze" <[email protected]> wrote:
>
> > > > > > > > > Sorry, I saw 'raise SyntaxError, "Not yet implemented"' under
> > > > > > > > > the 'ad'
> > > > > > > > > and 'domino' if statements of ldap_auth_aux in ldap_auth.py
> > > > > > > > > and
> > > > > > > > > thought you weren't done. I tried it and it seems that if
> > > > > > > > > ad/ldapis
> > > > > > > > > enabled that it will take any username with a blank password.
>
> > > > > > > > > On Jun 8, 10:04 pm, mdipierro <[email protected]> wrote:
>
> > > > > > > > > >ldapshould work already. Please test it.
>
> > > > > > > > > > On Jun 8, 9:29 pm, "mr.freeze" <[email protected]> wrote:
>
> > > > > > > > > > > Massimo, I can testldapagainst AD when it is finished.
>
> > > > > > > > > > > On May 13, 12:01 am, mdipierro <[email protected]>
> > > > > > > > > > > wrote:
>
> > > > > > > > > > > > Please try this....
>
> > > > > > > > > > > > 1) to authenticate with gmail
>
> > > > > > > > > > > >auth=Auth(globals(),db)
> > > > > > > > > > > > from gluon.contrib.login_methods.email_auth import
> > > > > > > > > > > > email_auth
> > > > > > > > > > > >auth.settings.login_methods.append(email_auth())
>
> > > > > > > > > > > > 2) to authenticate using basic authentication of a
> > > > > > > > > > > > third party server
>
> > > > > > > > > > > >auth=Auth(globals(),db)
> > > > > > > > > > > > from gluon.contrib.login_methods.basic_auth import
> > > > > > > > > > > > basic_auth
> > > > > > > > > > > >auth.settings.login_methods.append(basic_auth('http://server'))
>
> > > > > > > > > > > > 3) to authenticate usingLDAP server
>
> > > > > > > > > > > >auth=Auth(globals(),db)
> > > > > > > > > > > > from gluon.contrib.login_methods.ldap_auth import
> > > > > > > > > > > > ldap_auth
> > > > > > > > > > > >auth.settings.login_methods.append(ldap_auth(...))
>
> > > > > > > > > > > > (requiresldaplibrary installed. look into gluon/contrib/
> > > > > > > > > > > > login_methods/ldap_auth.py for ... options).
>
> > > > > > > > > > > > Please let me know if this works for you.
>
> > > > > > > > > > > > CAS client will be next....- Hide quoted text -
>
> > > > > > > > - Show quoted text -- Hide quoted text -
>
> > > > > > - Show quoted text -- Hide quoted text -
>
> > > > - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
