Dear Muresan,
In data venerdì 25 gennaio 2013 15:41:44, Muresan Bogdan ha scritto:
> Hello everyone, this is my first post to the maillingList of Invenio.
> I've battling with Invenio for some weeks, all well and fine until i came
> across the LDAP authentication step. I've been following the guide of
> Miguel at
> http://www.leccionespracticas.com/cds-invenio/cds-invenio-configuring-ldap-
> to-login-into-repository/ to configure the LDAP py. The connection with the
> server is succesful but i receive a bind user error. 2013-01-25 07:46:04 ->
> OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In
> order to perform this operation a successful bind must be completed on the
> connection., data 0, v1db1', 'desc': 'Operations error'}
> (ldapobject.py:96:_ldap_call) Searching for answers was futile because
> there are now errors like this on Invenio only other platforms based on
> python. There is no error for accessing the LDAP server, the server is
> reachable by Invenio, no error of bad account or password, the accounts
> have no mail entry on the LDAP server and the same server is used to
> authenticate users on a Moodle site and it works.
This is currently an issue for Invenio, as it expect email addresses to be
provided as identifier of users. (however this is not the reason for the
exception you are encountering). Since Invenio expects email addresses to be
provided as part of the authentication process in the plugin it would be nice
if you could at least make them up. E.g.:
> The error log is quite
> long so i will attach it (if someone will be kind enough to rip some
> minutes from his/hers free time) as well as the python source for LDA auth.
> Thank you in advance, hope someone has a clue to this strange error in
> Invenio. PS: i am almost sure that is a misconfiguration
It looks like your LDAP server require the simple_bind_s to be called before
the search_s operation.
"In order to perform this operation a successful bind must be completed on the
connection".
This step is not performed as part of the Invenio LDAP plugin you customized.
I guess you will need to add as part of:
def _ldap_try (self, command):
""" Try to run the specified command on the first LDAP server that
is not down."""
for server in CFG_EXTERNAL_AUTH_LDAP_SERVERS:
try:
connection = ldap.initialize(server)
connection.simple_bind_s(CFG_LDAP_USER, CFG_LDAP_CRED)
return command(connection)
except ldap.SERVER_DOWN, error_message:
continue
raise InvenioWebAccessExternalAuthError
As you see I have added a line:
connection.simple_bind_s(CFG_LDAP_USER, CFG_LDAP_CRED)
You will have to specify in your code the CFG_LDAP_USER and CFG_LDAP_CRED
which are necessary to authenticate to your service.
See:
<http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.simple_bind_s>
Alternatively you have to find a way to make up the user_dn from the username
variable and try:
connection.simple_bind_s(user_dn, password)
as the body of auth_user. If the bind succeed you can return the user_dn and
make up a fake email address based on it (in case you really can't retrieve
the email address from LDAP).
Hope this solves your issue.
Best regards,
Samuele
--
Samuele Kaplun
Invenio Developer ** <http://invenio-software.org/>
