I've finally found the time to make the necessary adjustments, the errors about ldap login and authentification are gone thanks to your advice. This should really be included in the file (external_auth_ldap.py) I've included CFG_LDAP_USER = "cn=Moodle,OU=foo,DC=bar,DC=ro" CFG_LDAP_CRED = "ultrasecret_stuff" right next below the ldap server address declaration
and the new code look like this def _ldap_try (self, command): > """ Try to run the specified command on the first LDAP server that > is not down.""" > for server in CFG_EXTERNAL_AUTH_LDAP_SERVERS: > try: > connection = ldap.initialize(server) > ##modificat > connection.simple_bind_s(CFG_LDAP_USER, CFG_LDAP_CRED), > # connection.simple_bind_s(user_dn, password) > return command(connection) > except ldap.SERVER_DOWN, error_message: > continue > raise InvenioWebAccessExternalAuthError and i thin k it does it's job. I hope that i don't have any other errors on the 2008 server. But, there is a but, i get a new message witch is treated in the access_control_config.py http://code.google.com/p/nusl-invenio/source/browse/trunk/invenio_LDAP/lib/python/invenio/access_control_config.py?spec=svn91&r=91 13: """Could not register '%s' account.""" In my case is "Could not register 'LDAP' account. login<http://polito.ubbcluj.ro/libtest/youraccount/login?ln=en&referer=http%3A%2F%2Fpolito.ubbcluj.ro%2Flibtest%2F%3F>" because i defined the method as *LDAP *. Does anyone have any thoughts? Thanks Samuele. On Tue, Jan 29, 2013 at 2:16 PM, Muresan Bogdan <[email protected]> wrote: > thank you Samuele for the reply, it's a lot of information to digest and > usefull tips to debug the problem. This tips are a new aproach to the > problem and i will dedicate this day to resolv the. > As soon as I have an output I will return with the feedback. It's very > possible that I'm not the only one stuck in this scenario. > Thank you. > > > ------------------------------ > *From: *Samuele Kaplun > *Posted: *29/01/2013 10:44 > *Subject: *ldap failure to login ldapobject.py:96:_ldap_call > > > Dear Muresan, > > In data venerdì 25 gennaio 2013 15:41:44, Muresan Bogdan ha scritto: > > Hello everyone, this is my first post to the maillingList of Invenio. > > I've battling with Invenio for some weeks, all well and fine until i > came > > across the LDAP authentication step. I've been following the guide of > > Miguel at > > > http://www.leccionespracticas.com/cds-invenio/cds-invenio-configuring-ldap- > > to-login-into-repository/ to configure the LDAP py. The connection with > the > > server is succesful but i receive a bind user error. 2013-01-25 07:46:04 > -> > > OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: > In > > order to perform this operation a successful bind must be completed on > the > > connection., data 0, v1db1', 'desc': 'Operations error'} > > (ldapobject.py:96:_ldap_call) Searching for answers was futile because > > there are now errors like this on Invenio only other platforms based on > > python. There is no error for accessing the LDAP server, the server is > > reachable by Invenio, no error of bad account or password, the accounts > > have no mail entry on the LDAP server and the same server is used to > > authenticate users on a Moodle site and it works. > > This is currently an issue for Invenio, as it expect email addresses to be > provided as identifier of users. (however this is not the reason for the > exception you are encountering). Since Invenio expects email addresses to > be > provided as part of the authentication process in the plugin it would be > nice > if you could at least make them up. E.g.: > > > > > The error log is quite > > long so i will attach it (if someone will be kind enough to rip some > > minutes from his/hers free time) as well as the python source for LDA > auth. > > Thank you in advance, hope someone has a clue to this strange error in > > Invenio. PS: i am almost sure that is a misconfiguration > > It looks like your LDAP server require the simple_bind_s to be called > before > the search_s operation. > "In order to perform this operation a successful bind must be completed on > the > connection". > > This step is not performed as part of the Invenio LDAP plugin you > customized. > > I guess you will need to add as part of: > > def _ldap_try (self, command): > """ Try to run the specified command on the first LDAP server that > is not down.""" > for server in CFG_EXTERNAL_AUTH_LDAP_SERVERS: > try: > connection = ldap.initialize(server) > connection.simple_bind_s(CFG_LDAP_USER, CFG_LDAP_CRED) > return command(connection) > except ldap.SERVER_DOWN, error_message: > continue > raise InvenioWebAccessExternalAuthError > > > As you see I have added a line: > > connection.simple_bind_s(CFG_LDAP_USER, CFG_LDAP_CRED) > > You will have to specify in your code the CFG_LDAP_USER and CFG_LDAP_CRED > which are necessary to authenticate to your service. > > See: > < > http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.simple_bind_s> > > > Alternatively you have to find a way to make up the user_dn from the > username > variable and try: > > connection.simple_bind_s(user_dn, password) > > as the body of auth_user. If the bind succeed you can return the user_dn > and > make up a fake email address based on it (in case you really can't > retrieve > the email address from LDAP). > > Hope this solves your issue. > > Best regards, > Samuele > > -- > Samuele Kaplun > Invenio Developer ** <http://invenio-software.org/> > > -- ------------------------- Mureşan Bogdan Inginer de sistem Facultatea de Ştiinţe Politice, Administrative şi ale Comunicării – Cluj Napoca (004) 0788 94 11 65 (004) 0737 25 88 33 -------------------------
