subject:"Re\: \{Disarmed\} Re\: \[web2py\] problem with ldap authentication"

Re: {Disarmed} Re: [web2py] problem with ldap authentication

2017-03-09 Thread Richard Vézina

port=636,
secure=True,
self_signed_certificate=True,

You should look at auth_ldap code if they all apply depends of your LDAP
server... Things is I don't recall if I contribute all the change I made
over my own auth_ldap, but the code is your source of truth...

:)

Richard

On Thu, Mar 9, 2017 at 1:35 PM, Richard Vézina 
wrote:

> Associate parameters :
>
>
> On Thu, Mar 9, 2017 at 1:32 PM, Richard Vézina <
> ml.richard.vez...@gmail.com> wrote:
>
>> You may try the SSL port 636 (http://www.openldap.org/faq/d
>> ata/cache/185.html)
>>
>>
>> You may realise that it actually available...
>>
>> Richard
>>
>> On Thu, Mar 9, 2017 at 12:53 PM, Carlos Cesar Caballero Díaz <
>> carlos.caball...@cfg.jovenclub.cu> wrote:
>>
>>> I completely agree, and I have warned to the sysadmin, but is not my
>>> network, so...
>>>
>>> Greetings.
>>>
>>> El 09/03/17 a las 12:26, Richard Vézina escribió:
>>>
>>> Hello Carlos,
>>>
>>> auth_ldap is difficult to put in place because as you mention it doesn't
>>> provide proper feedback when something goes wrong...
>>>
>>> Note: If you access localhost instance of LDAP it may be ok to not use
>>> SSL protected service, but other than that you want to use 636 port (if I
>>> recall) and SSL protected connection, or the username and password can be
>>> access in clear text by sniffing the network...
>>>
>>> Richard
>>>
>>> On Thu, Mar 9, 2017 at 12:02 PM, Carlos Cesar Caballero Díaz <
>>> carlos.caball...@cfg.jovenclub.cu> wrote:
>>>
 Hi Richard,

 I am connecting against an OpenLDAP server, and here is a lot of
 services running against it (proxy, email, nextcloud, dolibarr, a few dozen
 of Ubuntu PCs and others).

 After a more accurate debugging I release that simple_bind_s() was
 throwing an invalid credentials error (will be good to add a a warning or
 something in logs).

 I start trying with different options and this works (it seems that the
 ldap server was not using a standard OpenLdap structure, but i don't known
 too much about that):

 auth.settings.login_methods.append(ldap_auth(
 mode='custom', server='10.6.xx.xx',
 base_dn='dc=comp',
 username_attrib='uid',
 custom_scope='subtree',
 ))

 So, the problem is solved and is working without problems. Many thanks.


 Greetings.

 El 07/03/17 a las 13:40, Richard Vézina escribió:

 Hello Carlos,

 You can try to make simple bind with python ldap lib first, make sure
 user, base_dn is good, you will get more feedback then with ldap_auth

 Depending of the ldap server implementation that you try to reach you
 may fall on ldap_auth issue as not all part of the ldap_auth is well
 testing I guess, there is comment in the code saying that, so...

 Do you connect to Active Directory? open_ldap... Is the LDAP server
 properly configure if you use to put open_ldap in place by yourself for
 instance, are you able to use LDAP for authentication with other software
 solution??

 Richard

 On Tue, Mar 7, 2017 at 11:50 AM, Carlos Cesar Caballero Díaz <
 carlos.caball...@cfg.jovenclub.cu> wrote:

> No, the ldap server is not protected by ssl.
>
> Greetings.
>
>
> El 07/03/17 a las 11:42, Richard Vézina escribió:
>
> Is your ldap server protected by ssl? If so you have to think to
> change port...
>
> Richard
>
> On Tue, Mar 7, 2017 at 10:32 AM, Carlos Cesar Caballero Díaz <
> carlos.caball...@cfg.jovenclub.cu> wrote:
>
>> Hi, I am trying to include ldap authentication to my app, and for
>> this, i am using this code:
>>
>> auth.settings.login_methods.append(ldap_auth(
>> mode='uid',
>> server='10.6.xx.xx',
>> base_dn='dc=comp',
>> filterstr='&(objectClass=inetOrgPerson)',
>> logging_level='debug'))
>>
>> (note: The Original server and base_dn values are changed in this
>> example. I also have tried with and without the filterstr option)
>>
>> But I can't login with any ldap user, and the logs only say:
>>
>> DEBUG:web2py.auth.ldap_auth:mode: [uid] manage_user: [False]
>> custom_scope: [subtree] manage_groups: [False]
>> INFO:web2py.auth.ldap_auth:[10.6.28.93] Initialize ldap connection
>>
>> I Debug the ladp_auth module, and for some reason it hangs on the
>> line 314 ( con.simple_bind_s(dn, password)) without throw any error.
>>
>> If it helps, I also have tried this code and works as expected
>> returning the ldap user data:
>>
>> import ldap
>> ldap_server="10.6.xx.xx"
>> username = "auser"
>> base_dn = "dc=comp"
>>
>> query = "(uid=%s)" % username
>> con = ldap.initialize('ldap://'+ldap_server)
>>
>> result = con.search_s(base_dn, ldap.SCOPE_SUBTREE, query)
>>

Re: {Disarmed} Re: [web2py] problem with ldap authentication

2017-03-09 Thread Richard Vézina

Associate parameters :


On Thu, Mar 9, 2017 at 1:32 PM, Richard Vézina 
wrote:

> You may try the SSL port 636 (http://www.openldap.org/faq/
> data/cache/185.html)
>
>
> You may realise that it actually available...
>
> Richard
>
> On Thu, Mar 9, 2017 at 12:53 PM, Carlos Cesar Caballero Díaz <
> carlos.caball...@cfg.jovenclub.cu> wrote:
>
>> I completely agree, and I have warned to the sysadmin, but is not my
>> network, so...
>>
>> Greetings.
>>
>> El 09/03/17 a las 12:26, Richard Vézina escribió:
>>
>> Hello Carlos,
>>
>> auth_ldap is difficult to put in place because as you mention it doesn't
>> provide proper feedback when something goes wrong...
>>
>> Note: If you access localhost instance of LDAP it may be ok to not use
>> SSL protected service, but other than that you want to use 636 port (if I
>> recall) and SSL protected connection, or the username and password can be
>> access in clear text by sniffing the network...
>>
>> Richard
>>
>> On Thu, Mar 9, 2017 at 12:02 PM, Carlos Cesar Caballero Díaz <
>> carlos.caball...@cfg.jovenclub.cu> wrote:
>>
>>> Hi Richard,
>>>
>>> I am connecting against an OpenLDAP server, and here is a lot of
>>> services running against it (proxy, email, nextcloud, dolibarr, a few dozen
>>> of Ubuntu PCs and others).
>>>
>>> After a more accurate debugging I release that simple_bind_s() was
>>> throwing an invalid credentials error (will be good to add a a warning or
>>> something in logs).
>>>
>>> I start trying with different options and this works (it seems that the
>>> ldap server was not using a standard OpenLdap structure, but i don't known
>>> too much about that):
>>>
>>> auth.settings.login_methods.append(ldap_auth(
>>> mode='custom', server='10.6.xx.xx',
>>> base_dn='dc=comp',
>>> username_attrib='uid',
>>> custom_scope='subtree',
>>> ))
>>>
>>> So, the problem is solved and is working without problems. Many thanks.
>>>
>>>
>>> Greetings.
>>>
>>> El 07/03/17 a las 13:40, Richard Vézina escribió:
>>>
>>> Hello Carlos,
>>>
>>> You can try to make simple bind with python ldap lib first, make sure
>>> user, base_dn is good, you will get more feedback then with ldap_auth
>>>
>>> Depending of the ldap server implementation that you try to reach you
>>> may fall on ldap_auth issue as not all part of the ldap_auth is well
>>> testing I guess, there is comment in the code saying that, so...
>>>
>>> Do you connect to Active Directory? open_ldap... Is the LDAP server
>>> properly configure if you use to put open_ldap in place by yourself for
>>> instance, are you able to use LDAP for authentication with other software
>>> solution??
>>>
>>> Richard
>>>
>>> On Tue, Mar 7, 2017 at 11:50 AM, Carlos Cesar Caballero Díaz <
>>> carlos.caball...@cfg.jovenclub.cu> wrote:
>>>
 No, the ldap server is not protected by ssl.

 Greetings.


 El 07/03/17 a las 11:42, Richard Vézina escribió:

 Is your ldap server protected by ssl? If so you have to think to change
 port...

 Richard

 On Tue, Mar 7, 2017 at 10:32 AM, Carlos Cesar Caballero Díaz <
 carlos.caball...@cfg.jovenclub.cu> wrote:

> Hi, I am trying to include ldap authentication to my app, and for
> this, i am using this code:
>
> auth.settings.login_methods.append(ldap_auth(
> mode='uid',
> server='10.6.xx.xx',
> base_dn='dc=comp',
> filterstr='&(objectClass=inetOrgPerson)',
> logging_level='debug'))
>
> (note: The Original server and base_dn values are changed in this
> example. I also have tried with and without the filterstr option)
>
> But I can't login with any ldap user, and the logs only say:
>
> DEBUG:web2py.auth.ldap_auth:mode: [uid] manage_user: [False]
> custom_scope: [subtree] manage_groups: [False]
> INFO:web2py.auth.ldap_auth:[10.6.28.93] Initialize ldap connection
>
> I Debug the ladp_auth module, and for some reason it hangs on the line
> 314 ( con.simple_bind_s(dn, password)) without throw any error.
>
> If it helps, I also have tried this code and works as expected
> returning the ldap user data:
>
> import ldap
> ldap_server="10.6.xx.xx"
> username = "auser"
> base_dn = "dc=comp"
>
> query = "(uid=%s)" % username
> con = ldap.initialize('ldap://'+ldap_server)
>
> result = con.search_s(base_dn, ldap.SCOPE_SUBTREE, query)
> print result
>
>
> Any help or idea?
>
> Greetings.
>
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google
> Groups "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send

Re: {Disarmed} Re: [web2py] problem with ldap authentication

2017-03-09 Thread Richard Vézina

You may try the SSL port 636 (
http://www.openldap.org/faq/data/cache/185.html)


You may realise that it actually available...

Richard

On Thu, Mar 9, 2017 at 12:53 PM, Carlos Cesar Caballero Díaz <
carlos.caball...@cfg.jovenclub.cu> wrote:

> I completely agree, and I have warned to the sysadmin, but is not my
> network, so...
>
> Greetings.
>
> El 09/03/17 a las 12:26, Richard Vézina escribió:
>
> Hello Carlos,
>
> auth_ldap is difficult to put in place because as you mention it doesn't
> provide proper feedback when something goes wrong...
>
> Note: If you access localhost instance of LDAP it may be ok to not use SSL
> protected service, but other than that you want to use 636 port (if I
> recall) and SSL protected connection, or the username and password can be
> access in clear text by sniffing the network...
>
> Richard
>
> On Thu, Mar 9, 2017 at 12:02 PM, Carlos Cesar Caballero Díaz <
> carlos.caball...@cfg.jovenclub.cu> wrote:
>
>> Hi Richard,
>>
>> I am connecting against an OpenLDAP server, and here is a lot of services
>> running against it (proxy, email, nextcloud, dolibarr, a few dozen of
>> Ubuntu PCs and others).
>>
>> After a more accurate debugging I release that simple_bind_s() was
>> throwing an invalid credentials error (will be good to add a a warning or
>> something in logs).
>>
>> I start trying with different options and this works (it seems that the
>> ldap server was not using a standard OpenLdap structure, but i don't known
>> too much about that):
>>
>> auth.settings.login_methods.append(ldap_auth(
>> mode='custom', server='10.6.xx.xx',
>> base_dn='dc=comp',
>> username_attrib='uid',
>> custom_scope='subtree',
>> ))
>>
>> So, the problem is solved and is working without problems. Many thanks.
>>
>>
>> Greetings.
>>
>> El 07/03/17 a las 13:40, Richard Vézina escribió:
>>
>> Hello Carlos,
>>
>> You can try to make simple bind with python ldap lib first, make sure
>> user, base_dn is good, you will get more feedback then with ldap_auth
>>
>> Depending of the ldap server implementation that you try to reach you may
>> fall on ldap_auth issue as not all part of the ldap_auth is well testing I
>> guess, there is comment in the code saying that, so...
>>
>> Do you connect to Active Directory? open_ldap... Is the LDAP server
>> properly configure if you use to put open_ldap in place by yourself for
>> instance, are you able to use LDAP for authentication with other software
>> solution??
>>
>> Richard
>>
>> On Tue, Mar 7, 2017 at 11:50 AM, Carlos Cesar Caballero Díaz <
>> carlos.caball...@cfg.jovenclub.cu> wrote:
>>
>>> No, the ldap server is not protected by ssl.
>>>
>>> Greetings.
>>>
>>>
>>> El 07/03/17 a las 11:42, Richard Vézina escribió:
>>>
>>> Is your ldap server protected by ssl? If so you have to think to change
>>> port...
>>>
>>> Richard
>>>
>>> On Tue, Mar 7, 2017 at 10:32 AM, Carlos Cesar Caballero Díaz <
>>> carlos.caball...@cfg.jovenclub.cu> wrote:
>>>
 Hi, I am trying to include ldap authentication to my app, and for this,
 i am using this code:

 auth.settings.login_methods.append(ldap_auth(
 mode='uid',
 server='10.6.xx.xx',
 base_dn='dc=comp',
 filterstr='&(objectClass=inetOrgPerson)',
 logging_level='debug'))

 (note: The Original server and base_dn values are changed in this
 example. I also have tried with and without the filterstr option)

 But I can't login with any ldap user, and the logs only say:

 DEBUG:web2py.auth.ldap_auth:mode: [uid] manage_user: [False]
 custom_scope: [subtree] manage_groups: [False]
 INFO:web2py.auth.ldap_auth:[10.6.28.93] Initialize ldap connection

 I Debug the ladp_auth module, and for some reason it hangs on the line
 314 ( con.simple_bind_s(dn, password)) without throw any error.

 If it helps, I also have tried this code and works as expected
 returning the ldap user data:

 import ldap
 ldap_server="10.6.xx.xx"
 username = "auser"
 base_dn = "dc=comp"

 query = "(uid=%s)" % username
 con = ldap.initialize('ldap://'+ldap_server)

 result = con.search_s(base_dn, ldap.SCOPE_SUBTREE, query)
 print result


 Any help or idea?

 Greetings.


 --
 Resources:
 - http://web2py.com
 - http://web2py.com/book (Documentation)
 - http://github.com/web2py/web2py (Source code)
 - https://code.google.com/p/web2py/issues/list (Report Issues)
 ---
 You received this message because you are subscribed to the Google
 Groups "web2py-users" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to web2py+unsubscr...@googlegroups.com.
 For more options, visit *MailScanner ha detectado un intento de fraude
 en la siguiente página web "groups.google.com". No confíe en esta página
 web:* *MailScanner ha detectado un intento de fraude

Re: {Disarmed} Re: [web2py] problem with ldap authentication

2017-03-09 Thread Richard Vézina

Hello Carlos,

auth_ldap is difficult to put in place because as you mention it doesn't
provide proper feedback when something goes wrong...

Note: If you access localhost instance of LDAP it may be ok to not use SSL
protected service, but other than that you want to use 636 port (if I
recall) and SSL protected connection, or the username and password can be
access in clear text by sniffing the network...

Richard

On Thu, Mar 9, 2017 at 12:02 PM, Carlos Cesar Caballero Díaz <
carlos.caball...@cfg.jovenclub.cu> wrote:

> Hi Richard,
>
> I am connecting against an OpenLDAP server, and here is a lot of services
> running against it (proxy, email, nextcloud, dolibarr, a few dozen of
> Ubuntu PCs and others).
>
> After a more accurate debugging I release that simple_bind_s() was
> throwing an invalid credentials error (will be good to add a a warning or
> something in logs).
>
> I start trying with different options and this works (it seems that the
> ldap server was not using a standard OpenLdap structure, but i don't known
> too much about that):
>
> auth.settings.login_methods.append(ldap_auth(
> mode='custom', server='10.6.xx.xx',
> base_dn='dc=comp',
> username_attrib='uid',
> custom_scope='subtree',
> ))
>
> So, the problem is solved and is working without problems. Many thanks.
>
>
> Greetings.
>
> El 07/03/17 a las 13:40, Richard Vézina escribió:
>
> Hello Carlos,
>
> You can try to make simple bind with python ldap lib first, make sure
> user, base_dn is good, you will get more feedback then with ldap_auth
>
> Depending of the ldap server implementation that you try to reach you may
> fall on ldap_auth issue as not all part of the ldap_auth is well testing I
> guess, there is comment in the code saying that, so...
>
> Do you connect to Active Directory? open_ldap... Is the LDAP server
> properly configure if you use to put open_ldap in place by yourself for
> instance, are you able to use LDAP for authentication with other software
> solution??
>
> Richard
>
> On Tue, Mar 7, 2017 at 11:50 AM, Carlos Cesar Caballero Díaz <
> carlos.caball...@cfg.jovenclub.cu> wrote:
>
>> No, the ldap server is not protected by ssl.
>>
>> Greetings.
>>
>>
>> El 07/03/17 a las 11:42, Richard Vézina escribió:
>>
>> Is your ldap server protected by ssl? If so you have to think to change
>> port...
>>
>> Richard
>>
>> On Tue, Mar 7, 2017 at 10:32 AM, Carlos Cesar Caballero Díaz <
>> carlos.caball...@cfg.jovenclub.cu> wrote:
>>
>>> Hi, I am trying to include ldap authentication to my app, and for this,
>>> i am using this code:
>>>
>>> auth.settings.login_methods.append(ldap_auth(
>>> mode='uid',
>>> server='10.6.xx.xx',
>>> base_dn='dc=comp',
>>> filterstr='&(objectClass=inetOrgPerson)',
>>> logging_level='debug'))
>>>
>>> (note: The Original server and base_dn values are changed in this
>>> example. I also have tried with and without the filterstr option)
>>>
>>> But I can't login with any ldap user, and the logs only say:
>>>
>>> DEBUG:web2py.auth.ldap_auth:mode: [uid] manage_user: [False]
>>> custom_scope: [subtree] manage_groups: [False]
>>> INFO:web2py.auth.ldap_auth:[10.6.28.93] Initialize ldap connection
>>>
>>> I Debug the ladp_auth module, and for some reason it hangs on the line
>>> 314 ( con.simple_bind_s(dn, password)) without throw any error.
>>>
>>> If it helps, I also have tried this code and works as expected returning
>>> the ldap user data:
>>>
>>> import ldap
>>> ldap_server="10.6.xx.xx"
>>> username = "auser"
>>> base_dn = "dc=comp"
>>>
>>> query = "(uid=%s)" % username
>>> con = ldap.initialize('ldap://'+ldap_server)
>>>
>>> result = con.search_s(base_dn, ldap.SCOPE_SUBTREE, query)
>>> print result
>>>
>>>
>>> Any help or idea?
>>>
>>> Greetings.
>>>
>>>
>>> --
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to web2py+unsubscr...@googlegroups.com.
>>> For more options, visit *MailScanner ha detectado un intento de fraude
>>> en la siguiente página web "groups.google.com". No confíe en esta página
>>> web:* *MailScanner ha detectado un intento de fraude en la siguiente
>>> p�gina web "groups.google.com". No conf�e en esta p�gina web:* *MailScanner
>>> ha detectado un intento de fraude en la siguiente página web
>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha
>>> detectado un intento de fraude en la siguiente p�gina web
>>> "groups.google.com". No conf�e en esta p�gina web:*
>>> https://groups.google.com/d/optout .
>>>
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> -

Re: {Disarmed} Re: [web2py] problem with ldap authentication

Re: {Disarmed} Re: [web2py] problem with ldap authentication

Re: {Disarmed} Re: [web2py] problem with ldap authentication

Re: {Disarmed} Re: [web2py] problem with ldap authentication

4 matches

Site Navigation

Mail list logo

Footer information