This is not normal and it is scary. It could be a ldap issue of a
ldap_login issue. I will check it asap today.
Massimo
On Tuesday, 6 November 2012 05:24:26 UTC-6, apinho wrote:
>
> Hi,
>
> I'm working on a site, for my company. I want to give only access to
> accounts :
> - listed in my ldap server
> or
> - listed in local Auth db().
>
> So, I don't want other people to be able to register.
>
> This is my Auth() config (Some values I replaced with '*' for
> confidentiallity sake) :
> ### AUTH
> ######################################################################
> # Create object
> auth = Auth(globals(),db)
> # Define settings
> auth.settings.hmac_key = 'sha512:********'
> auth.settings.mailer = None
> auth.settings.remember_me_form = False
> auth.settings.allow_basic_login = True
> auth.settings.login_next = URL('index')
> auth.settings.logout_next = URL('index')
> auth.settings.on_failed_authorization = URL('user',args=
> 'on_failed_authorization')
> auth.settings.login_onvalidation = [] # func takes form
> obj, can modify attribs of form obj before db IO
> auth.settings.login_onaccept = [] # Func should be
> executed after db IO and before redirection
> auth.settings.expiration = 3600 # seconds
> auth.settings.hideerror = False
> auth.settings.formstyle = 'table3cols' # "table2cols",
> "divs" and "ul"
> auth.settings.long_expiration = 3600*24*30 # one month
> auth.settings.remember_me_form = True
> auth.settings.actions_disabled = ['register','change_password',
> 'request_reset_password','retrieve_username',
> 'profile']
> # Define messages
> auth.messages.access_denied = T('Não tem a necessária permissão
> de acesso')
> auth.messages.login_disabled = T('Login desactivado pelo Admin')
> auth.messages.logged_in = T('Bem-vindo(a) !')
> auth.messages.logged_out = T('Até breve !')
> auth.messages.invalid_login = T('Acesso inválido')
> auth.messages.label_username = T('Utilizador')
> auth.messages.label_password = T('Senha')
> auth.messages.label_remember_me = T('Conservar este acesso aberto
> (Durante 30 dias)')
> # LDAP method
> auth.settings.login_methods.append(ldap_auth(mode='cn',server='****.*****
> s.com',base_dn='ou=*******,o=*******'))
> # Automigrate only if DEVELOPPMENT context
> auth.define_tables(migrate=settings.migrate,username=True)
> #------------------------------------------------------------------------------
>
>
>
> This works well for me, LDAP works fine too. But I have a problem :
> If someone tries to connect to my site, with a username which contains @,
> he is automatically logged in, without event having to give a valid
> password.
> You can just type 'blahblah@coocoo', and then Enter, and you're in. Auth
> automatically creates a 'blahblah' user.
>
> Is this behavior normal, or am I missing something ?
>
>
>
>
--
