On Feb 22, 2010, at 3:13 PM, andreas schmid wrote: > Peter Herndon wrote: >> On Mon, Feb 22, 2010 at 9:40 AM, andreas schmid <a.schmi...@gmail.com> wrote: >> >> >>> im experiencing strange problems now. the user is able to authenticate >>> against ldap only if in the active directory the displayName == username >>> why this? i dont get any error or traceback, the user only isnt able to >>> get logged in >>> >>> >> >> If users were able to authenticate, and are now not able to >> authenticate, what changed? > i was thinkin the authentication over ldap group was working because i > testet it only whith a testuser which had sAMAccountName == displayName > but now im figuring that if thats not equal it desnt work as expected. > the app is still in development and i didnt work on it for a few days.
Hmm. When I get to work tomorrow, I'll take a look and see if the displayName is the same as the sAMAccountName in our AD. If they are consistently the same, that might be a sign that some part of this operation is looking at the displayName. It occurs to me, Andreas, I'd be very interested to know if someone who has a displayName *different* from the sAMAccountName can log in initially, but not a second time; or, can that person not log in at all? Is it consistent? If you change someone's displayName, do they instantly stop being able to log in? >> > i started to log a bit today and will go on tomorrow and post what i > will get or the solution if i will find it. Do let me know. I'm wondering if the problem is with the bind setting on line 81 of backends.py. Where I work, our AD is configured to accept "hernd...@example" for the bind, where the "@example" is your NT4_DOMAIN setting. If your AD is not configured to accept that kind of identifier, that might cause an issue. We may need to mix things up a bit, and try a search-for-user-and-then-bind approach similar to the one in the eDirectory backend starting at line 157. It also occurs to me that the "n...@domain" pattern might be looking at displayName -- I'm no expert on Active Directory. To that end, you may want to insert a logging statement of the exception that's caught at line 134, between 134 and 135. ---Peter -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
