But, I've tried it, after insert this line. There is no IndexError exception when try to search invalid user name in AD.
On 6月7日, 下午4時05分, dlin <dlin...@gmail.com> wrote: > I've successful by patch the ldap_auth.py after search google. > > conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3) > conn.set_option(ldap.OPT_REFERRALS, 0) # this line is the KEY, but I > don't know why > > On 6月7日, 下午2時49分, dlin <dlin...@gmail.com> wrote: > > > > > I'm trying AD auth. But, failed. > > > After insert some debug print code in the ldap_auth.py. > > I found it got Except LDAPError after 'serach_ext_s()' called. > > > Is there any clue? > > > On 5月18日, 下午11時49分, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > > Can you please email this to me as an attachment? > > > > On May 18, 10:25 am, Nico de Groot <ndegr...@chello.nl> wrote: > > > > > I tried out theldaplogin using an Active Directory server using the > > > > directions fromhttp://web2py.com/book/default/section/8/1. I had to > > > > make some small changes to get it running when using 'username' for > > > > login. > > > > > change 1: if @ is missing (like in the case of using 'username') > > > > username_bare is undefined in 'con.search_ext_s(...)'. Proposed > > > > solution: add a else: to to repair this > > > > > change 2: con.simple_bind_s(username, password) fails when username is > > > > just a username without '@[domainname]'. As we are allready searching > > > > theAD, I added the attribute 'distinguishedName' in > > > > con.search_ext_s(') and used that to construct the DN. The DN can also > > > > be used in con.simple_bind_s() > > > > > This seems to work, can anyone confirm the problem and check the > > > > solutions? > > > > > In my test application I had to relax the FK constraints to get the > > > > inserts in auth_table, auth_membership and auth_events working and > > > > prevent FK constraint-errors. (I'm using MS-SQLServer 2005). Is it a > > > > solution to commit the insert in auth_user first? See, in tools.py, > > > > line 1078 > > > > > Nico de Groot > > > > > From gluon/contrib/login_methods/ldap_auth.py > > > > current----------- > > > > 64 if ldap_mode == 'ad': > > > > # Microsoft Active Directory > > > > con.set_option(ldap.OPT_PROTOCOL_VERSION, 3) > > > > if ldap_binddn: > > > > # need to search directory with an admin account > > > > 1st > > > > con.simple_bind_s(ldap_binddn, ldap_bindpw) > > > > else: > > > > # credentials should be in the form of > > > > usern...@domain.tld > > > > con.simple_bind_s(username, password) > > > > if "@" in username: > > > > username_bare = username.split("@")[0] > > > > # this will throw an index error if the account is not > > > > found > > > > # in the ldap_basedn > > > > result = con.search_ext_s( > > > > ldap_basedn,ldap.SCOPE_SUBTREE, > > > > "sAMAccountName=%s" % username_bare, > > > > ["sAMAccountName","distinguishedName"])[0][1] > > > > if ldap_binddn: > > > > # We know the user exists & is in the correct OU > > > > # so now we just check the password > > > > con.simple_bind_s(username, password) > > > > > proposed--------------- > > > > 64: if ldap_mode == 'ad': > > > > # Microsoft Active Directory > > > > con.set_option(ldap.OPT_PROTOCOL_VERSION, 3) > > > > if ldap_binddn: > > > > # need to search directory with an admin account > > > > 1st > > > > con.simple_bind_s(ldap_binddn, ldap_bindpw) > > > > else: > > > > # credentials should be in the form of > > > > usern...@domain.tld > > > > con.simple_bind_s(username, password) > > > > if "@" in username: > > > > username_bare = username.split("@")[0] > > > > #patch ncdg1 > > > > else: > > > > username_bare = username > > > > #/patch ncdg1 > > > > # this will throw an index error if the account is not > > > > found > > > > # in the ldap_basedn > > > > #patch ncdg2 > > > > result = con.search_ext_s( > > > > ldap_basedn,ldap.SCOPE_SUBTREE, > > > > "sAMAccountName=%s" % username_bare, > > > > ["sAMAccountName","distinguishedName"])[0][1] > > > > if ldap_binddn: > > > > # We know the user exists & is in the correct OU > > > > # so now we just check the password > > > > ldap_userdn=result["distinguishedName"][0] > > > > con.simple_bind_s(ldap_userdn, password) > > > > #/patch ncdg2
