Re: [web2py] ldap failed Version 1.99.4
Everytime a *new* stable version is out, I come to expect minor releases
happening in the next several days and try to hold off my own upgrade for
as long as possible. :P
On Friday, December 16, 2011, Massimo Di Pierro wrote:
> Looks like we need a 1.99.5 thanks Omi
>
> On Dec 15, 9:43 am, Omi Chiba > wrote:
> > Nico,
> >
> > Yes, it works !
> > Actually the code is there for the error check reason so instead of
> comment
> > out, I moved the line 92 - 94 after line 105 where result variables is
> > declared.
> >
> > The attached file is the modified "ldap_auth.py" and I will send the
> patch
> > to Massimo shortly.
> >
> > Looks like this:
> > ---
> > result = con.search_ext_s(
> > ldap_basedn, ldap.SCOPE_SUBTREE,
> > "(&(sAMAccountName=%s)(%s))" % (username_bare,
> > filterstr), ["sAMAccountName"])[0][1]
> > if not isinstance(result, dict):
> > # result should be a dict in the form
> > {'sAMAccountName': [username_bare]}
> > return False
> >
> > ldap_auth.py
> > 7KViewDownload
>
Re: [web2py] ldap failed Version 1.99.4
that's great!
On Thu, Dec 15, 2011 at 12:43 PM, Omi Chiba wrote:
> Nico,
>
> Yes, it works !
> Actually the code is there for the error check reason so instead of comment
> out, I moved the line 92 - 94 after line 105 where result variables is
> declared.
>
> The attached file is the modified "ldap_auth.py" and I will send the patch
> to Massimo shortly.
>
> Looks like this:
> ---
> result = con.search_ext_s(
> ldap_basedn, ldap.SCOPE_SUBTREE,
> "(&(sAMAccountName=%s)(%s))" % (username_bare,
> filterstr), ["sAMAccountName"])[0][1]
> if not isinstance(result, dict):
> # result should be a dict in the form {'sAMAccountName':
> [username_bare]}
> return False
>
Re: [web2py] ldap failed Version 1.99.4
Nico,
Yes, it works !
Actually the code is there for the error check reason so instead of comment
out, I moved the line 92 - 94 after line 105 where result variables is
declared.
The attached file is the modified "ldap_auth.py" and I will send the patch
to Massimo shortly.
Looks like this:
---
result = con.search_ext_s(
ldap_basedn, ldap.SCOPE_SUBTREE,
"(&(sAMAccountName=%s)(%s))" % (username_bare,
filterstr), ["sAMAccountName"])[0][1]
if not isinstance(result, dict):
# result should be a dict in the form
{'sAMAccountName': [username_bare]}
return False
import sys
import logging
try:
import ldap
ldap.set_option(ldap.OPT_REFERRALS, 0)
except Exception, e:
logging.error('missing ldap, try "easy_install python-ldap"')
raise e
def ldap_auth(server='ldap', port=None,
base_dn='ou=users,dc=domain,dc=com',
mode='uid', secure=False, cert_path=None, bind_dn=None, bind_pw=None, filterstr='objectClass=*'):
"""
to use ldap login with MS Active Directory::
from gluon.contrib.login_methods.ldap_auth import ldap_auth
auth.settings.login_methods.append(ldap_auth(
mode='ad', server='my.domain.controller',
base_dn='ou=Users,dc=domain,dc=com'))
to use ldap login with Notes Domino::
auth.settings.login_methods.append(ldap_auth(
mode='domino',server='my.domino.server'))
to use ldap login with OpenLDAP::
auth.settings.login_methods.append(ldap_auth(
server='my.ldap.server', base_dn='ou=Users,dc=domain,dc=com'))
to use ldap login with OpenLDAP and subtree search and (optionally) multiple DNs:
auth.settings.login_methods.append(ldap_auth(
mode='uid_r', server='my.ldap.server',
base_dn=['ou=Users,dc=domain,dc=com','ou=Staff,dc=domain,dc=com']))
or (if using CN)::
auth.settings.login_methods.append(ldap_auth(
mode='cn', server='my.ldap.server',
base_dn='ou=Users,dc=domain,dc=com'))
If using secure ldaps:// pass secure=True and cert_path="..."
If you need to bind to the directory with an admin account in order to search it then specify bind_dn & bind_pw to use for this.
- currently only implemented for Active Directory
If you need to restrict the set of allowed users (e.g. to members of a department) then specify
a rfc4515 search filter string.
- currently only implemented for mode in ['ad', 'company', 'uid_r']
"""
def ldap_auth_aux(username,
password,
ldap_server=server,
ldap_port=port,
ldap_basedn=base_dn,
ldap_mode=mode,
ldap_binddn=bind_dn,
ldap_bindpw=bind_pw,
secure=secure,
cert_path=cert_path,
filterstr=filterstr):
try:
if secure:
if not ldap_port:
ldap_port = 636
con = ldap.initialize(
"ldaps://" + ldap_server + ":" + str(ldap_port))
if cert_path:
con.set_option(ldap.OPT_X_TLS_CACERTDIR, cert_path)
else:
if not ldap_port:
ldap_port = 389
con = ldap.initialize(
"ldap://"; + ldap_server + ":" + str(ldap_port))
if ldap_mode == 'ad':
# Microsoft Active Directory
if '@' not in username:
domain = []
for x in ldap_basedn.split(','):
if "DC=" in x.upper():
domain.append(x.split('=')[-1])
username = "%s@%s" % (username, '.'.join(domain))
username_bare = username.split("@")[0]
con.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
# In cases where ForestDnsZones and DomainDnsZones are found,
# result will look like the following:
# ['ldap://ForestDnsZones.domain.com/DC=ForestDnsZones,DC=domain,DC=com']
if ldap_binddn:
# need to search directory with an admin account 1st
con.simple_bind_s(ldap_binddn, ldap_bindpw)
else:
# credentials should be in the form of usern...@domain.tld
con.simple_bind_s(username, password)
# this will throw an index error if the account is not found
# in the ldap_basedn
result = con.search_ext_s(
ldap_basedn, ldap.SCOPE_SUBTREE,
"(&(sAMAccountName=%s)(%s))" % (username_bare, filterstr), ["sAMAccountName"])[0][1]
if not isinstance(result, dict):
# re
Re: [web2py] ldap failed Version 1.99.4
I experienced the same issue, the problem exists in line 92 of ldap_auth.py: Is checking the type of result without assigning a value previously. I commented out line 92: #if not isinstance(result, dict): and 94: #return False like this, just in case removed ldap_auth.pyc and restarted web2py. That fixed the issue for me. I hope it helps you. Cheers, Nico On Wed, Dec 14, 2011 at 6:35 PM, Omi Chiba wrote: > I installed Version 1.99.4 today and my apps which was working fine > with Version 1.99.2 shows the following error. I didn't have a chance > to test with Version 1.99.3. > > Set up for ldap: > http://www.web2pyslices.com/slices/take_slice/145 > > Error: > - > Traceback (most recent call last): > File "C:\web2py\gluon\restricted.py", line 204, in restricted > exec ccode in environment > File "C:/web2py/applications/pwd/controllers/default.py", line 32, > in > File "C:\web2py\gluon\globals.py", line 172, in > self._caller = lambda f: f() > File "C:/web2py/applications/pwd/controllers/default.py", line 17, > in user > return dict(form=auth()) > File "C:\web2py\gluon\tools.py", line 1141, in __call__ > return getattr(self,args[0])() > File "C:\web2py\gluon\tools.py", line 1724, in login > request.vars[passfield]): > File "C:\web2py\gluon\contrib\login_methods\ldap_auth.py", line 92, > in ldap_auth_aux > if not isinstance(result, dict): > UnboundLocalError: local variable 'result' referenced before > assignment >
[web2py] ldap failed Version 1.99.4
I installed Version 1.99.4 today and my apps which was working fine with Version 1.99.2 shows the following error. I didn't have a chance to test with Version 1.99.3. Set up for ldap: http://www.web2pyslices.com/slices/take_slice/145 Error: - Traceback (most recent call last): File "C:\web2py\gluon\restricted.py", line 204, in restricted exec ccode in environment File "C:/web2py/applications/pwd/controllers/default.py", line 32, in File "C:\web2py\gluon\globals.py", line 172, in self._caller = lambda f: f() File "C:/web2py/applications/pwd/controllers/default.py", line 17, in user return dict(form=auth()) File "C:\web2py\gluon\tools.py", line 1141, in __call__ return getattr(self,args[0])() File "C:\web2py\gluon\tools.py", line 1724, in login request.vars[passfield]): File "C:\web2py\gluon\contrib\login_methods\ldap_auth.py", line 92, in ldap_auth_aux if not isinstance(result, dict): UnboundLocalError: local variable 'result' referenced before assignment
