Hi,
Did you have the time to check it up ?
On Tuesday, November 6, 2012 1:40:39 PM UTC, Massimo Di Pierro wrote:
>
>
> This is not normal and it is scary. It could be a ldap issue of a
> ldap_login issue. I will check it asap today.
>
> Massimo
>
>
> On Tuesday, 6 November 2012 05:24:26 UTC-6, apinho wrote:
>>
>> Hi,
>>
>> I'm working on a site, for my company. I want to give only access to
>> accounts :
>> - listed in my ldap server
>> or
>> - listed in local Auth db().
>>
>> So, I don't want other people to be able to register.
>>
>> This is my Auth() config (Some values I replaced with '*' for
>> confidentiallity sake) :
>> ### AUTH
>> ######################################################################
>> # Create object
>> auth = Auth(globals(),db)
>> # Define settings
>> auth.settings.hmac_key = 'sha512:********'
>> auth.settings.mailer = None
>> auth.settings.remember_me_form = False
>> auth.settings.allow_basic_login = True
>> auth.settings.login_next = URL('index')
>> auth.settings.logout_next = URL('index')
>> auth.settings.on_failed_authorization = URL('user',args=
>> 'on_failed_authorization')
>> auth.settings.login_onvalidation = [] # func takes form
>> obj, can modify attribs of form obj before db IO
>> auth.settings.login_onaccept = [] # Func should be
>> executed after db IO and before redirection
>> auth.settings.expiration = 3600 # seconds
>> auth.settings.hideerror = False
>> auth.settings.formstyle = 'table3cols' # "table2cols",
>> "divs" and "ul"
>> auth.settings.long_expiration = 3600*24*30 # one month
>> auth.settings.remember_me_form = True
>> auth.settings.actions_disabled = ['register','change_password',
>> 'request_reset_password','retrieve_username',
>> 'profile']
>> # Define messages
>> auth.messages.access_denied = T('Não tem a necessária
>> permissão de acesso')
>> auth.messages.login_disabled = T('Login desactivado pelo Admin')
>> auth.messages.logged_in = T('Bem-vindo(a) !')
>> auth.messages.logged_out = T('Até breve !')
>> auth.messages.invalid_login = T('Acesso inválido')
>> auth.messages.label_username = T('Utilizador')
>> auth.messages.label_password = T('Senha')
>> auth.messages.label_remember_me = T('Conservar este acesso aberto
>> (Durante 30 dias)')
>> # LDAP method
>> auth.settings.login_methods.append(ldap_auth(mode='cn',server='****.*****
>> s.com',base_dn='ou=*******,o=*******'))
>> # Automigrate only if DEVELOPPMENT context
>> auth.define_tables(migrate=settings.migrate,username=True)
>> #------------------------------------------------------------------------------
>>
>>
>>
>> This works well for me, LDAP works fine too. But I have a problem :
>> If someone tries to connect to my site, with a username which contains @,
>> he is automatically logged in, without event having to give a valid
>> password.
>> You can just type 'blahblah@coocoo', and then Enter, and you're in. Auth
>> automatically creates a 'blahblah' user.
>>
>> Is this behavior normal, or am I missing something ?
>>
>>
>>
>>
--
