I am trying out ldap authentication after I have last used it in 2006.
My ldap knowledge is minimal.
After reading the documentation in the book and in ldap_auth.py I
have a few questions about authentication and ldap.
Background: Only a few users (probably not more than 5 or 6) will use
this app as logged in users.
All of them (or maybe except one or two) will not be staff members of
our university. Staff members and students can be authenticated
against the Active Directory (AD) of the university. The others not.
We will only allow specific people to authenticate. Registration of
users will not be available through the user webinterface.
As I understand the documentation web2py will work through the list
(auth.settings.login_methods) trying the next method if the previous
authentication method fails.
I do not have any admin-function as far as the AD is concerned. So
I can do nothing there that have an effect on our authentication
except query the AD through LDAP.
In the model:
from gluon.contrib.login_methods.ldap_auth import ldap_auth
auth.settings.login_methods.append(ldap_auth(
mode='ad', server='ouradserver',
base_dn='ou=Users,dc=stb,dc=sun,dc=ac,dc=za,O=SU',
manage_user=True,
user_firstname_attrib='cn:1',
user_lastname_attrib='cn:2',
user_mail_attrib='mail'))
My auth.settings.login_methods:
[<gluon.tools.Auth at 0x7f3ca5e470b8>,
<function
gluon.contrib.login_methods.ldap_auth.ldap_auth.<locals>.ldap_auth_aux>]
Now my questions:
1. Is it possible to combine the normal auth and ldap methods in such
a way that staff members authenticate against AD and the others
against the local auth-table?
2. How do I manage the user registration if the answer on 1 is "Yes".
3. I have tested the system with myself as user on both the local and
the AD. If my local password is different from that on the AD, I can
login with the local password. That should not be. How do I get it
that if the username is local and on the AD the last will override the
first?
Regards
Johann
--
Because experiencing your loyal love is better than life itself,
my lips will praise you. (Psalm 63:3)
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
