On Mon, Feb 22, 2010 at 9:40 AM, andreas schmid <a.schmi...@gmail.com> wrote:
> im experiencing strange problems now. the user is able to authenticate > against ldap only if in the active directory the displayName == username > why this? i dont get any error or traceback, the user only isnt able to > get logged in > If users were able to authenticate, and are now not able to authenticate, what changed? At my place of work, I've learned to expect changes in Active Directory every so often -- my AD admins are not that great at notifying users of impending changes. These changes occasionally cause breakage elsewhere. If not in AD, did something else in your environment change? The normal way ldap-groups works is that sAMAccountName is the field used to identify a user in AD (line 106 in ldap-groups/accounts/backends.py), and is used as the source of their django.contrib.auth.models.User username. So, if you go changing someone's username via the admin, or otherwise edit the username data in your db, then the username won't match the sAMAccountName, and they won't be able to log in to that account. Similarly, if their sAMAccountName changes in AD, and they log in to your site with the new name, they will effectively have created a second account in your db. If you have resources tied to an account in Django (saved bookmarks, tags, uploads, etc.), the user won't have access to those resources any longer, as they're on a new account. I realize that sAMAccountName is not the same as displayName. I wonder if you were mistaking the occasional coincidence between displayName and sAMAccountName? Or did you edit the app to use displayName? Perhaps you could post more details about your issue, including code. Also, you may want to instrument the LDAP code. Either log the results from the LDAP calls to a file, or drop in some print statements and run via runserver, and see what messages your LDAP environment produces. Useful bits to log will be lines 82, 106, and 132 in ldap-groups/accounts/backends.py. ---Peter -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
