[web2py] Re: LDAP Authentication never work
A few thoughts: Can you connect from the server where the ldap account is located? What does that connection string look like? Looking here: https://github.com/web2py/web2py/blob/master/gluon/contrib/login_methods/ldap_auth.py It boils down to the init_ldap method and ldap.initialize() You can somehow log output there to make sure the connection string is appropriate If you can connect to the ldap server, try to log the raw requests to console somehow as suggested below to see the query and url. On Friday, June 8, 2018 at 1:45:10 AM UTC-5, Suhas Jadhav wrote: > > Hi Gurus, > > My below code always authenticate against db and not ldap. Can you please > help. > > @auth.requires_login() > def test(): > from gluon.contrib.login_methods.ldap_auth import ldap_auth > > auth.settings.actions_disabled=['register','change_password','request_reset_password','retrieve_username','profile'] > auth.settings.remember_me_form = False > auth.settings.login_methods=[ldap_auth( > mode='ad', server='ldaps://server.com',base_dn='ou=Service > Accounts,dc=sea,dc=corp,dc=com') ] > > > return locals() > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
it depends what kind of software did you use as ldap server (openldap, 389ds, etc) and where it configure to store the log, usually it place under /var/log for fastest root cause analysis for ldap server side and connection between web2py app, pls run the ldap server no daemonize, so every single trial connection is send to directly to the terminal. as discussion in another thread (link provided above), from web2py configuration side that was written on the book is working smoothly in 2.16.1 (test from new web2py app) best regards, stifan -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
Hi Where can I get the logs? Is there any location where I can check? Thanks, suhas On Fri, Jun 29, 2018 at 3:05 PM 黄祥 wrote: > i've test it without change auth = Auth(db) in db.py > the logs is depend on your ldap server configuration (389-ds, openldap, > etc), that's why i in another thread, i start the ldap server directly (no > daemonize), so that every single hit (whatever try to reach the ldap > server, success or not will print on the terminal) > not sure what going on with your side, because no logs or error provided > (web2py or ldap server). > my suggestion is pls start from simple first, in your dev env : > - create your ldap server (apacheds not hurt, just download and run it, no > installation like 389-ds or openldap) > - run apacheds from terminal, create a ou (whatever you want in ldap > server, preferable using apache directory server or you can use slapd) > - create new web2py app > - copas about ldap auth from web2py book (link provide on prev message) > > then if still can not, pls come back with the error log shown in ldap > server (apacheds terminal) > > good luck n best regards, > stifan > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
i've test it without change auth = Auth(db) in db.py the logs is depend on your ldap server configuration (389-ds, openldap, etc), that's why i in another thread, i start the ldap server directly (no daemonize), so that every single hit (whatever try to reach the ldap server, success or not will print on the terminal) not sure what going on with your side, because no logs or error provided (web2py or ldap server). my suggestion is pls start from simple first, in your dev env : - create your ldap server (apacheds not hurt, just download and run it, no installation like 389-ds or openldap) - run apacheds from terminal, create a ou (whatever you want in ldap server, preferable using apache directory server or you can use slapd) - create new web2py app - copas about ldap auth from web2py book (link provide on prev message) then if still can not, pls come back with the error log shown in ldap server (apacheds terminal) good luck n best regards, stifan -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
In db.py i have auth = Auth(db) Do i need to change this for ldap_auth to work? Thanks, Suhas On Fri, Jun 29, 2018 at 1:35 PM Suhas Jadhav wrote: > It is still not working for me, > Is there a way to see the logs? I want to see if ldap_auth is not able to > contact my ldap server or any other reason > > > Thanks, > Suhas > > On Fri, Jun 15, 2018 at 6:46 PM 黄祥 wrote: > >> it should work (ignore configuration on previous message), pls follow >> this thread discussion for detail or read the book: >> ref: >> https://groups.google.com/forum/#!topic/web2py/tWa5BPDMglk >> >> http://web2py.com/books/default/chapter/29/09/access-control#Other-login-methods-and-login-forms >> >> best regards, >> stifan >> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
It is still not working for me, Is there a way to see the logs? I want to see if ldap_auth is not able to contact my ldap server or any other reason Thanks, Suhas On Fri, Jun 15, 2018 at 6:46 PM 黄祥 wrote: > it should work (ignore configuration on previous message), pls follow this > thread discussion for detail or read the book: > ref: > https://groups.google.com/forum/#!topic/web2py/tWa5BPDMglk > > http://web2py.com/books/default/chapter/29/09/access-control#Other-login-methods-and-login-forms > > best regards, > stifan > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
it should work (ignore configuration on previous message), pls follow this thread discussion for detail or read the book: ref: https://groups.google.com/forum/#!topic/web2py/tWa5BPDMglk http://web2py.com/books/default/chapter/29/09/access-control#Other-login-methods-and-login-forms best regards, stifan -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
yes, you are right, pardon, my bad, never tested for wrong username, email or password condition *e.g. ldap_auth have strange behaviour even the wrong username, email or password entered with wrong server configuration can let user to logged in* *models/db.**py* #auth.define_tables(username=True, signature=False) auth.define_tables(username=False, signature=False) from gluon.contrib.login_methods.ldap_auth import ldap_auth auth.settings.login_methods.append(ldap_auth(mode = '1', server = '1', port = 1, base_dn = 'ou=1,dc=1,dc=1') ) perhaps others can give a hint best regards, stifan -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
Hi stifan, Thaks for checking my issue. I uninstalled python 3 and install Python 2.7.15 Not the application is allowing me to log in. But even if I give incorrect username and password it shows successful login. What might be wrong? Thanks, Suhas On Wed, Jun 13, 2018 at 2:06 AM 黄祥 wrote: > not sure why not work in your place, pls check the log (ldap server or > web2py), i've tried from scratch work fine > *env i used:* > - web2py 2.16.1-stable > - Python 2.7.15 > - installed module python-ldap with pip install python-ldap > - apacheds from scratch (https://directory.apache.org/apacheds) > > *step i took:* > - create new web2py app: ldap > - modified: > *models/db.py* > auth.define_tables(username=True, signature=False) > from gluon.contrib.login_methods.ldap_auth import ldap_auth > auth.settings.login_methods.append(ldap_auth(mode = 'ad', > server = 'localhost', > port = 10389, > base_dn = > 'ou=system,dc=example,dc=com') ) > """ > # test with mode=cn work fine too > auth.settings.login_methods.append(ldap_auth(mode = 'cn', > server = 'localhost', > port = 10389, > base_dn = > 'ou=system,dc=example,dc=com') ) > """ > auth.settings.login_methods = [ldap_auth] > > *controllers/default.py* > @auth.requires_login() > def test(): > return locals() > > - open http://localhost:8000/ldap/default/test > enter (apacheds ldap default login) > username : admin > password : secret > > best regards, > stifan > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
not sure why not work in your place, pls check the log (ldap server or web2py), i've tried from scratch work fine *env i used:* - web2py 2.16.1-stable - Python 2.7.15 - installed module python-ldap with pip install python-ldap - apacheds from scratch (https://directory.apache.org/apacheds) *step i took:* - create new web2py app: ldap - modified: *models/db.py* auth.define_tables(username=True, signature=False) from gluon.contrib.login_methods.ldap_auth import ldap_auth auth.settings.login_methods.append(ldap_auth(mode = 'ad', server = 'localhost', port = 10389, base_dn = 'ou=system,dc=example,dc=com') ) """ # test with mode=cn work fine too auth.settings.login_methods.append(ldap_auth(mode = 'cn', server = 'localhost', port = 10389, base_dn = 'ou=system,dc=example,dc=com') ) """ auth.settings.login_methods = [ldap_auth] *controllers/default.py* @auth.requires_login() def test(): return locals() - open http://localhost:8000/ldap/default/test enter (apacheds ldap default login) username : admin password : secret best regards, stifan -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
perhaps you can check the log, to understand what exactly happens in the process best regards, stifan -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
Hi Stifan, Any solution for me? Thanks, Suhas On Sun, Jun 10, 2018 at 10:47 PM Suhas Jadhav wrote: > Hi stifan, > > Thanks for reply. But it is still validating against the DB and not LDAP > > Thanks, > Suhas > > On Friday, 8 June 2018 16:39:15 UTC-7, 黄祥 wrote: >> >> pls try (not tested) >> *models/db.py* >> from gluon.contrib.login_methods.ldap_auth import ldap_auth >> auth.settings.login_methods.append(ldap_auth( >> mode='ad', >> server='ldaps://chexadcexp001.expeso.com:636',base_dn='ou=Service >> Accounts,dc=sea,dc=corp,dc=com') ) >> auth.settings.login_methods = [ldap_auth] >> >> *controllers/default.py* >> @auth.requires_login() >> def test(): >> return locals() >> >> best regards, >> stifan >> > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
Hi stifan, Thanks for reply. But it is still validating against the DB and not LDAP Thanks, Suhas On Friday, 8 June 2018 16:39:15 UTC-7, 黄祥 wrote: > > pls try (not tested) > *models/db.py* > from gluon.contrib.login_methods.ldap_auth import ldap_auth > auth.settings.login_methods.append(ldap_auth( > mode='ad', > server='ldaps://chexadcexp001.expeso.com:636',base_dn='ou=Service > Accounts,dc=sea,dc=corp,dc=com') ) > auth.settings.login_methods = [ldap_auth] > > *controllers/default.py* > @auth.requires_login() > def test(): > return locals() > > best regards, > stifan > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
pls try (not tested) *models/db.py* from gluon.contrib.login_methods.ldap_auth import ldap_auth auth.settings.login_methods.append(ldap_auth( mode='ad', server='ldaps://chexadcexp001.expeso.com:636',base_dn='ou=Service Accounts,dc=sea,dc=corp,dc=com') ) auth.settings.login_methods = [ldap_auth] *controllers/default.py* @auth.requires_login() def test(): return locals() best regards, stifan -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: LDAP Authentication never work
Are you saying i should do as below? It did not work for me. from gluon.contrib.login_methods.ldap_auth import ldap_auth auth.settings.actions_disabled=['register','change_password','request_reset_password','retrieve_username','profile'] auth.settings.remember_me_form = False auth.settings.login_methods=[ldap_auth( mode='ad', server='ldaps://chexadcexp001.expeso.com:636',base_dn='ou=Service Accounts,dc=sea,dc=corp,dc=com') ] @auth.requires_login() def test(): return locals() On Fri, Jun 8, 2018 at 2:59 AM Leonel Câmara wrote: > Note that your function is decorated with > > @auth.requires_login() > > However you only change the authentication method to LDAP inside that same > function, so before the function runs it will only have the regular login > and will require it. You need to do that stuff before the controller > function runs in a model file. > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: LDAP Authentication never work
Note that your function is decorated with @auth.requires_login() However you only change the authentication method to LDAP inside that same function, so before the function runs it will only have the regular login and will require it. You need to do that stuff before the controller function runs in a model file. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.