Hi Scott,
for sure I understand now why you need a second search on update_user() and
with the defaults for mk_pre_auth_bind those two searches should be the same.
A security question about get_ldap_user()
def get_ldap_user(l, username):
"""
Helper method, makes a user object and call update_user to populate
"""
user = User(username=username, password='Made by LDAP')
LDAPBackend.update_user(l, user)
return user
Is setting password to 'Made by LDAP' opening a backdoor ?
If somebody accidently remove the LDAP-Support or uses both DB and LDAP, can
this open a security hole ?
I would prever to use a random choose password.
Regards,
Dirk
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers
-~----------~----~----~----~------~----~------~--~---
