I found that I was unable to authenticate to an OpenLDAP server running TLS on port 389 (which is the recommended way apparently). The following patch to ldap_auth.py fixes things for me; YMMV.
Please add to upstream source if helpful. --- gluon/contrib/login_methods/ldap_auth.py.original 2015-07-31 23:22: 45.931751184 +0100 +++ gluon/contrib/login_methods/ldap_auth.py 2015-07-31 23:19: 14.116922831 +0100 @@ -33,6 +33,7 @@ group_name_attrib='cn', group_member_attrib='memberUid', group_filterstr='objectClass=*', + tls=False, logging_level='error'): """ @@ -80,6 +81,13 @@ If ldap is using GnuTLS then you need cert_file="..." instead cert_path because cert_path isn't implemented in GnuTLS :( + To enable TLS, set tls=True: + + auth.settings.login_methods.append(ldap_auth( + server='my.ldap.server', + base_dn='ou=Users,dc=domain,dc=com', + tls=True)) + If you need to bind to the directory with an admin account in order to search it then specify bind_dn & bind_pw to use for this. - currently only implemented for Active Directory @@ -610,6 +618,8 @@ ldap_port = 389 con = ldap.initialize( "ldap://" + ldap_server + ":" + str(ldap_port)) + if tls: + con.start_tls_s() return con def get_user_groups_from_ldap(username, -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.