Hi, Ahmed, I should add that Your patch is for the file gluon/tools.py and, probably, the last line should be:
> elif self.settings.alternate_requires_registration: Works for me. My opinion is, that the present shape of ldap_auth.py should be rethinked. There are so many scenarios, that the "mode" parameter is not appropriate way for doing things in general. For example, in our institution, login name is used for login and DN for LDAP authorization. The search cannot be performed without special non-annonymous binding. 2009/8/30 Ahmed Soliman <[email protected]>: > Hello Everybody, > I've seen a *possible* bug if I got things right in the authentication code, > let me tell you about how to reproduce it first. > steps to reproduce: > > I use LDAP authentication (LDAP only, no local authentication wanted) so I > set my > > auth.settings.login_methods = ldap_auth(server=ldapConfig.server, > base_dn=ldapConfig.basedn, mode=ldapConfig.searchattr)] > > When I try to login with LDAP account things go great and the user is > created in the authentication database as caching, next time you login with > that user you will be able to login with any password!, the LDAP > authentication is not even checked! > When you try to login with any other unknown user in the database, the LDAP > authentication is checked and fails as expected. > > I'm submitting the patch against the source version and the fix is really > simple, please review and consider for merge. > Note: I noticed 'self.settings.alternate_requires_registration' and I didn't > understand its role, but it's set to False by default and setting it to True > will cause the following > 1- Initially you won't be able to authenticate to LDAP users that are not > already in the cache, but if they are in the cache already things work fine > and you can't see the bug, so it's confusing what it should 'actually' do. > Thanks > Ahmed Soliman > Software Engineer > B-Virtual Team. > > Thebe Technology. Egypt - Belgium > 16 Nehro St. Heliopolis. Cairo > Egypt. > > http://www.b-virtual.org > http://www.thebetechnology.com > > GPG ID: 0xAEEE5042 > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
