Hi all, I just ran into a sort of stupid issue. I setup ldap authentication for my web2py app some time ago, and just recently noticed this issue -- I cannot seem to authenticate when connecting to the web2py application using port forwarding (via SSH tunnel).
When logging in to the Production or Development versions of the application via the domain name, I am able to authenticate fine. But, we are reorganizing the applications, and I need to test on the test server (closed except to localhost connections). When connecting to the application on the test server from another machine on the network, I use port forwarding via an SSH tunnel: ssh test-server -L 10000/localhost/8180 This allows me to browse to http://localhost:10000/<application> The problem is that login no longer works when tunneling (possibly because I have LDAP?). I have the exact same setup on our development machine, and I get the same issue when trying to connect via localhost/ SSH tunnel, but NOT when browsing to http://dev.host.tld/<application> for the same app (make sense?) Sooooooo, I guess my question is does anyone know what's going on here? Here is the relevant section of my settings file in models (deployment_settings is just a gluon storage object defined elsewhere): <code> from gluon.tools import * mail = Mail() # mailer from gluon.contrib.login_methods.ldap_auth import ldap_auth auth = Auth(globals(),db) l = deployment_settings.ldap auth.settings.login_methods=[ldap_auth(mode=l.mode,server=l.server,base_dn=l.dn,secure=False,port=l.port)] crud = Crud(globals(),db) # for CRUD helpers using auth service = Service(globals()) # for json, xml, jsonrpc, xmlrpc, amfrpc plugins = PluginManager() mail.settings.server = deployment_settings.mail.server mail.settings.sender = deployment_settings.mail.sender mail.settings.login = deployment_settings.mail.login auth.settings.hmac_key = 'sha512:XXXXXXXXXXXXXXXXXXXXXXX' # before define_tables() auth.settings.table_user_name = 'auth_user' auth.settings.mailer = mail # for user email verification auth.settings.registration_requires_verification = False auth.settings.registration_requires_approval = False auth.messages.verify_email = 'Click on the link http://'+request.env.http_host+URL(r=request,c='default',f='user',args=['verify_email'])+'/%(key)s to verify your email' auth.settings.reset_password_requires_verification = True auth.messages.reset_password = 'Click on the link http://'+request.env.http_host+URL(r=request,c='default',f='user',args=['reset_password'])+'/%(key)s to reset your password' ### Custom table_user auth table for LDAP (todo: populate on initial login?) auth.settings.table_user = db.define_table( auth.settings.table_user_name, Field('first_name', length=128, default='',requires = IS_NOT_EMPTY(error_message=auth.messages.is_empty)), Field('last_name', length=128, default='',requires = IS_NOT_EMPTY(error_message=auth.messages.is_empty)), Field('email', length=128, default='', requires = [ IS_EMAIL(error_message=auth.messages.invalid_email), IS_NOT_IN_DB(db, auth.settings.table_user_name+".email")]), Field('username', readable = False, writable = False), Field('password', 'password', length=256, readable=False, writable=False, label='Password',requires = [IS_NOT_EMPTY(),CRYPT()]), Field('registration_key', length=128, default= '', writable=False, readable=False), Field('tel', requires = IS_EMPTY_OR(IS_MATCH('^\+\d{2} \d+ \d+$', error_message='telephone number format: +XX XX* XXXXXX*'))), Field('priv_tel', requires = IS_EMPTY_OR(IS_MATCH('^\+\d{2} \d+ \d+ $', error_message='telephone number format: +XX XX* XXXXXX*')), label='Priv. Tel'), Field('fax', requires = IS_EMPTY_OR(IS_MATCH('^\+\d{2} \d+ \d+$', error_message='faxnumber number format: +XX XX* XXXXXX*'))), format = "%(first_name)s %(last_name)s", migrate=migrate ) auth.define_tables(migrate=False) </code> PS: I realize I could simply just open up port 8180 on the test machine to not have to use an SSH tunnel... and I'm fairly confident that would work -- but I need explicit permission from our IT department ... and they will ask a lot of questions and complain a lot before letting me do it.... which is fine. Just want to see if I overlooked anything or made a mistake which is causing this. Thanks guys.
