Active Directory ldap with allowed_groups

After searching everywhere I could not find a solution. After finally going to the code I discoved that it needed to be fixed for Active directory.

~~I have submitted a pull request~~, but until then replace

gluon/contrib/login_methods/ldap_auth.py

with:

https://raw.github.com/web2py/web2py/master/gluon/contrib/login_methods/ldap_auth.py

(It is now in web2py upstream dev, and should be included in the next stable release)

Here is my authentication settings in my model.

Credit for most of it goes to the mentioned slice:

# Authentication - http://www.web2pyslices.com/slice/show/1468/how-to-set-up-web2py-ldap-with-windows-active-directory
from gluon.tools import Auth
auth = Auth(db, hmac_key=Auth.get_or_create_key())
auth.define_tables(username=True)
auth.settings.create_user_groups=False
# all we need is login
auth.settings.actions_disabled=['register','change_password','request_reset_password','retrieve_username','profile']
# you don't have to remember me
auth.settings.remember_me_form = False
# ldap authentication and not save password on web2py
from gluon.contrib.login_methods.ldap_auth import ldap_auth
auth.settings.login_methods = [ldap_auth(mode='ad',
    allowed_groups = ['Domain Group1','Domain Group2'],
    bind_dn = 'CN=Admin User,OU=baseou,DC=example,DC=com',
    bind_pw = 'pass',
    group_dn = 'OU=Domain Groups,OU=baseou,DC=example,DC=com',
    group_name_attrib = 'cn',
    group_member_attrib = 'member',
    group_filterstr = 'objectClass=Group',
    server='server.example.com,
    base_dn='OU=baseou,DC=example,DC=com')]

Note that the bind_dn and bind_pw are required unless your setup allows anonymous bind.

Good Luck!

Related slices

Comments (0)