Here my conf :
auth.settings.login_methods = \
[auth,
ldap_auth(mode='ad',
#
-----------------------------------------------------------------------
# To unlock LDAPS with self-signed certificate this line
should be
# present in ldap_auth.py :
# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER)
# This line should be inside : ldap_auth()
# Ref:
https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/
# Ref:
http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/
# Ref:
https://mail.python.org/pipermail/python-ldap/2015q4/003631.html
port=636,
secure=True,
self_signed_certificate=True,
#
-----------------------------------------------------------------------
bind_dn='DOMAIN\AD_USER_NAME',
bind_pw='PASSWORD',
manage_groups=False,
manage_user=True,
user_firstname_attrib='cn:1', # May use other attributes
you have to try
user_lastname_attrib='cn:2', # May use other attributes you
have to try
server='SERVER_DNS',
user_mail_attrib='mail',
# userPrincipalName #mail #proxyAddresses:1
# username_attrib='sAMAccountName',
base_dn='dc=DOMAIN,dc=COM/NET/ORG/ETC', # Depend of AD
config
logging_level='error',
db=db)]
I think your main issue is not having bind username and bind password...
You need a AD user that can accees the same base dn then the users to
authenticate...
Richard
On Mon, Jun 26, 2017 at 1:32 PM, Francisco García <[email protected]>
wrote:
> Hello all,
>
> I have the following configuration to validate users with windows Active
> directory:
>
>
> auth.define_tables(username=False, signature=False)
> auth.settings.create_user_groups = False
>
> auth.settings.actions_disabled=['register','change_
> password','request_reset_password','retrieve_username','profile']
> auth.settings.remember_me_form = False
>
> auth.settings.login_methods.append(ldap_auth(mode='ad',
> server= server_ldap,
> base_dn='OU=_delegat,DC=
> domain,DC=net'
> ))
>
> auth.settings.login_methods = [ldap_auth, auth]
>
>
> With this configuration, Active directory server doesn't validate users.
> And whatever email and password access, creates the new user, if it
> doesn't exist, and grant access to application.
>
> Do you know what could be the problem?.
> Any help is appreciated. Thank you.
>
> Best regards,
> Francisco.
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
