I think #3 should work -- see https://groups.google.com/d/msg/web2py/x0xCBAkLWzk/rtpysPZCcE0J.
On Thursday, March 21, 2019 at 9:50:54 AM UTC-4, zm wrote: > > I'm trying to determine the best approach to an issue, and would > appreciate feedback. > > In an enterprise environment with multiple web2py applications, we need a > way to manage users / groups. We utilize AD for authentication, and in > operating in Python2.7 we are able to use AD and retrieve AD groups. We > are running into issues with Python3 in the same setup, and would prefer to > have a single web2py instance handle authentication and group membership > for all web2py applications to avoid code / resource duplication. > > I am envisioning three potential solutions and all seem ugly, so I hope I > am just missing something obvious. > 1 - Create a single web2py app and use as a CAS provider. The issue is > that CAS doesn't share group membership, so we would need to develop a > mechanism to load an extra field in auth_user with groups the user is a > member of, then update those groups in the consumer, and after login, > populate the consumer's auth_group and auth_memberships. This is > cumbersome, and would result in auth tables spread across several > databases, which has a smell. > 2 - Have all web2py applications handle auth on their own. The issue is > that the code around auth (the login page view, settings, etc) will end up > being shared a bunch, and like the first solution, auth tables are spread > all over. > 3 - Use a shared auth database. This solves the issue of auth tables > spread across tons of databases from 1 and 2. If we use CAS to point to a > single web2py CAS provider, will we run into any issues with a shared > database? This might be the ideal solution, but it seems likley to have > small random bugs related to sharing an auth database. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
