I think I've solved my authentication problem with these settings. (Using the same server structure I posted earlier)
ldap_url = 'ldap://127.0.0.1' ldap_base_dn = 'dc=test,dc=com' ldap_bind_dn = 'cn=admin,dc=test,dc=com' ldap_bind_pass = 'adminpass' ldap_auth = LDAPSearchAuthenticatorPlugin( url=ldap_url, base_dn=ldap_base_dn, bind_dn=ldap_bind_dn, bind_pass=ldap_bind_pass, returned_id='login', naming_attribute='uid', ) In this example ldap_bind_dn is the auth username while ldap_base_dn is the domain. Sorry but I don't really know the LDAP infrastructure. Now I've set naming_attribute to "uid" instead of "sAMAccountName" to filter the domain's users. The error "12:54:58,023 ERROR [repoze.who] Cannot establish connection" doesn't tell me much, it's very generic. It could be an error in the connection settings, or it could mean I'm using wrong credentials. Now I need to create some kind of option to put in my .ini to toggle LDAP. Il giorno martedì 3 febbraio 2015 16:31:34 UTC+1, Christoph Zwerschke ha scritto: > > Am 03.02.2015 um 14:42 schrieb Luca Verardi: > > I tried authenticating via http://127.0.0.1:8080/login, but got this > error: > > 12:54:58,023 ERROR [repoze.who] Cannot establish connection > > This happens when who_ldap cannot bind to the LDAP server. Check using > an LDAP client whether your LDAP is really running on your local host, > whether it is accessible (port not blocked by a firewall), and whether > you can connect with the specified ldap_bind_dn and ldap_bind_pass. > > -- Christoph (no, I didn't write who_ldap) > -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears. For more options, visit https://groups.google.com/d/optout.
