Christoph Zwerschke wrote:
Am 20.07.2011 15:41, schrieb jo:
Thanks for your tip, Christoph. In this way I avoid the error.
Now I get: No such LDAP user: steve
You did not show your validate_password code. Did you make the changes
mentioned in the update to the recipe? Because the original code used
sAMAccountName instead of uid.
Here is the code:
class SaLdapIdentityProvider(saprovider.SqlAlchemyIdentityProvider):
def __init__(self):
saprovider.SqlAlchemyIdentityProvider.__init__(self)
self.host = config.get("identity.saldapprovider.host")
self.port = config.get("identity.saldapprovider.port")
self.basedn = config.get("identity.saldapprovider.basedn")
self.autocreate = config.get("identity.saldapprovider.autocreate")
self.filter_id = config.get("identity.saldapprovider.filter_id")
log.default.info("host :: %s" % self.host)
log.default.info("port :: %d" % self.port)
log.default.info("basedn :: %s" % self.basedn)
log.default.info("autocreate :: %s" % self.autocreate)
def validate_identity( self, user_name, password, visit_key ):
if not self.autocreate:
return
saprovider.SqlAlchemyIdentityProvider.validate_identity(user_name,
password, visit_key )
user=None
user=saprovider.user_class.query.filter_by(user_name=user_name).first()
if not self.validate_password(user, user_name, password):
log.default.info( "user '%s' or password invalid",user_name )
return None
if not user:
try:
user=saprovider.user_class(user_name=user_name,email_address=user_name,
display_name=user_name, password=u'ldap')
except:
log.default.error( "Creating user: %s", user_name )
return None
else:
log.default.info( "user created: %s", user_name )
link=saprovider.visit_class.query.filter_by(visit_key =
visit_key).first()
if link:
link.user_id = user.user_id
else: #crea visit...
link =
saprovider.visit_class(visit_key=visit_key,user_id=user.user_id )
saprovider.session.flush()
return saprovider.SqlAlchemyIdentity( visit_key, user )
def validate_password( self, user, user_name, password ):
ldapcon = ldap.initialize('ldap://%s'%self.host)
filter = "(%s=%s)" % (self.filter_id,user_name)
rc = ldapcon.search(self.basedn, ldap.SCOPE_SUBTREE, filter)
try:
objects = ldapcon.result(rc)[1]
except ldap.NO_SUCH_OBJECT:
objects = []
if(len(objects) == 0):
log.default.warning("No such LDAP user: %s" % user_name)
return False
elif(len(objects) > 1):
log.default.error("Too many users: %s" % user_name)
return False
dn = objects[0][0]
try:
rc = ldapcon.simple_bind(dn, password)
ldapcon.result(rc)
except ldap.INVALID_CREDENTIALS:
log.default.error("Invalid password supplied for %s" %
user_name)
return False
return True
------------
and this is my dev.cfg:
identity.provider = 'ldap'
identity.saldapprovider.host = 'myhost'
identity.saldapprovider.port = 389
identity.saldapprovider.basedn = 'ou=pippoauth,dc=host,dc=com'
identity.saldapprovider.filter_id = 'uid'
identity.saldapprovider.autocreate = True
--------
this is my entry_point.txt:
ldap = sicer.lib.identity:SaLdapIdentityProvider
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en.
