Re: [web2py] ldap failed Version 1.99.4
Everytime a *new* stable version is out, I come to expect minor releases happening in the next several days and try to hold off my own upgrade for as long as possible. :P On Friday, December 16, 2011, Massimo Di Pierro wrote: > Looks like we need a 1.99.5 thanks Omi > > On Dec 15, 9:43 am, Omi Chiba > wrote: > > Nico, > > > > Yes, it works ! > > Actually the code is there for the error check reason so instead of > comment > > out, I moved the line 92 - 94 after line 105 where result variables is > > declared. > > > > The attached file is the modified "ldap_auth.py" and I will send the > patch > > to Massimo shortly. > > > > Looks like this: > > --- > > result = con.search_ext_s( > > ldap_basedn, ldap.SCOPE_SUBTREE, > > "(&(sAMAccountName=%s)(%s))" % (username_bare, > > filterstr), ["sAMAccountName"])[0][1] > > if not isinstance(result, dict): > > # result should be a dict in the form > > {'sAMAccountName': [username_bare]} > > return False > > > > ldap_auth.py > > 7KViewDownload >
Re: [web2py] ldap failed Version 1.99.4
that's great! On Thu, Dec 15, 2011 at 12:43 PM, Omi Chiba wrote: > Nico, > > Yes, it works ! > Actually the code is there for the error check reason so instead of comment > out, I moved the line 92 - 94 after line 105 where result variables is > declared. > > The attached file is the modified "ldap_auth.py" and I will send the patch > to Massimo shortly. > > Looks like this: > --- > result = con.search_ext_s( > ldap_basedn, ldap.SCOPE_SUBTREE, > "(&(sAMAccountName=%s)(%s))" % (username_bare, > filterstr), ["sAMAccountName"])[0][1] > if not isinstance(result, dict): > # result should be a dict in the form {'sAMAccountName': > [username_bare]} > return False >
Re: [web2py] ldap failed Version 1.99.4
Nico, Yes, it works ! Actually the code is there for the error check reason so instead of comment out, I moved the line 92 - 94 after line 105 where result variables is declared. The attached file is the modified "ldap_auth.py" and I will send the patch to Massimo shortly. Looks like this: --- result = con.search_ext_s( ldap_basedn, ldap.SCOPE_SUBTREE, "(&(sAMAccountName=%s)(%s))" % (username_bare, filterstr), ["sAMAccountName"])[0][1] if not isinstance(result, dict): # result should be a dict in the form {'sAMAccountName': [username_bare]} return False import sys import logging try: import ldap ldap.set_option(ldap.OPT_REFERRALS, 0) except Exception, e: logging.error('missing ldap, try "easy_install python-ldap"') raise e def ldap_auth(server='ldap', port=None, base_dn='ou=users,dc=domain,dc=com', mode='uid', secure=False, cert_path=None, bind_dn=None, bind_pw=None, filterstr='objectClass=*'): """ to use ldap login with MS Active Directory:: from gluon.contrib.login_methods.ldap_auth import ldap_auth auth.settings.login_methods.append(ldap_auth( mode='ad', server='my.domain.controller', base_dn='ou=Users,dc=domain,dc=com')) to use ldap login with Notes Domino:: auth.settings.login_methods.append(ldap_auth( mode='domino',server='my.domino.server')) to use ldap login with OpenLDAP:: auth.settings.login_methods.append(ldap_auth( server='my.ldap.server', base_dn='ou=Users,dc=domain,dc=com')) to use ldap login with OpenLDAP and subtree search and (optionally) multiple DNs: auth.settings.login_methods.append(ldap_auth( mode='uid_r', server='my.ldap.server', base_dn=['ou=Users,dc=domain,dc=com','ou=Staff,dc=domain,dc=com'])) or (if using CN):: auth.settings.login_methods.append(ldap_auth( mode='cn', server='my.ldap.server', base_dn='ou=Users,dc=domain,dc=com')) If using secure ldaps:// pass secure=True and cert_path="..." If you need to bind to the directory with an admin account in order to search it then specify bind_dn & bind_pw to use for this. - currently only implemented for Active Directory If you need to restrict the set of allowed users (e.g. to members of a department) then specify a rfc4515 search filter string. - currently only implemented for mode in ['ad', 'company', 'uid_r'] """ def ldap_auth_aux(username, password, ldap_server=server, ldap_port=port, ldap_basedn=base_dn, ldap_mode=mode, ldap_binddn=bind_dn, ldap_bindpw=bind_pw, secure=secure, cert_path=cert_path, filterstr=filterstr): try: if secure: if not ldap_port: ldap_port = 636 con = ldap.initialize( "ldaps://" + ldap_server + ":" + str(ldap_port)) if cert_path: con.set_option(ldap.OPT_X_TLS_CACERTDIR, cert_path) else: if not ldap_port: ldap_port = 389 con = ldap.initialize( "ldap://"; + ldap_server + ":" + str(ldap_port)) if ldap_mode == 'ad': # Microsoft Active Directory if '@' not in username: domain = [] for x in ldap_basedn.split(','): if "DC=" in x.upper(): domain.append(x.split('=')[-1]) username = "%s@%s" % (username, '.'.join(domain)) username_bare = username.split("@")[0] con.set_option(ldap.OPT_PROTOCOL_VERSION, 3) # In cases where ForestDnsZones and DomainDnsZones are found, # result will look like the following: # ['ldap://ForestDnsZones.domain.com/DC=ForestDnsZones,DC=domain,DC=com'] if ldap_binddn: # need to search directory with an admin account 1st con.simple_bind_s(ldap_binddn, ldap_bindpw) else: # credentials should be in the form of usern...@domain.tld con.simple_bind_s(username, password) # this will throw an index error if the account is not found # in the ldap_basedn result = con.search_ext_s( ldap_basedn, ldap.SCOPE_SUBTREE, "(&(sAMAccountName=%s)(%s))" % (username_bare, filterstr), ["sAMAccountName"])[0][1] if not isinstance(result, dict): # re
Re: [web2py] ldap failed Version 1.99.4
I experienced the same issue, the problem exists in line 92 of ldap_auth.py: Is checking the type of result without assigning a value previously. I commented out line 92: #if not isinstance(result, dict): and 94: #return False like this, just in case removed ldap_auth.pyc and restarted web2py. That fixed the issue for me. I hope it helps you. Cheers, Nico On Wed, Dec 14, 2011 at 6:35 PM, Omi Chiba wrote: > I installed Version 1.99.4 today and my apps which was working fine > with Version 1.99.2 shows the following error. I didn't have a chance > to test with Version 1.99.3. > > Set up for ldap: > http://www.web2pyslices.com/slices/take_slice/145 > > Error: > - > Traceback (most recent call last): > File "C:\web2py\gluon\restricted.py", line 204, in restricted > exec ccode in environment > File "C:/web2py/applications/pwd/controllers/default.py", line 32, > in > File "C:\web2py\gluon\globals.py", line 172, in > self._caller = lambda f: f() > File "C:/web2py/applications/pwd/controllers/default.py", line 17, > in user > return dict(form=auth()) > File "C:\web2py\gluon\tools.py", line 1141, in __call__ > return getattr(self,args[0])() > File "C:\web2py\gluon\tools.py", line 1724, in login > request.vars[passfield]): > File "C:\web2py\gluon\contrib\login_methods\ldap_auth.py", line 92, > in ldap_auth_aux > if not isinstance(result, dict): > UnboundLocalError: local variable 'result' referenced before > assignment >
[web2py] ldap failed Version 1.99.4
I installed Version 1.99.4 today and my apps which was working fine with Version 1.99.2 shows the following error. I didn't have a chance to test with Version 1.99.3. Set up for ldap: http://www.web2pyslices.com/slices/take_slice/145 Error: - Traceback (most recent call last): File "C:\web2py\gluon\restricted.py", line 204, in restricted exec ccode in environment File "C:/web2py/applications/pwd/controllers/default.py", line 32, in File "C:\web2py\gluon\globals.py", line 172, in self._caller = lambda f: f() File "C:/web2py/applications/pwd/controllers/default.py", line 17, in user return dict(form=auth()) File "C:\web2py\gluon\tools.py", line 1141, in __call__ return getattr(self,args[0])() File "C:\web2py\gluon\tools.py", line 1724, in login request.vars[passfield]): File "C:\web2py\gluon\contrib\login_methods\ldap_auth.py", line 92, in ldap_auth_aux if not isinstance(result, dict): UnboundLocalError: local variable 'result' referenced before assignment