Sometimes we would connect our Web2Py application with an Active Directory and we would use those users for accessing our content. We need to put some code in two different places :
db.py - here we need to setup the connection to the server. Obviously you have to check before if is ping-able and its LDAP tree is accessible.
from gluon.tools import Auth, Crud, Service, PluginManager, prettydate
auth = Auth(db, hmac_key = Auth.get_or_create_key())
# all we need is login
# you don't have to remember me
auth.settings.remember_me_form = False
from gluon.contrib.login_methods.ldap_auth import ldap_auth
auth.settings.login_methods = [ldap_auth(mode='ad',
db = db,
group_name_attrib = 'cn',
group_member_attrib = 'member',
group_filterstr = 'objectClass=Group',
base_dn='OU=<my org unit>,DC=<domain>,DC=<domain>')]
default.py - here we can put our decorator to restrict the access to the a Group.
@auth.requires_membership('<group name in AD>')
return 'you are member of a group!'
(T('My Login 2'), False, URL('default', 'function_restrictedgroup'))
db.auth_user, db.auth_group and db.auth_membership.