I found that I was unable to authenticate to an OpenLDAP server running TLS
on port 389 (which is the recommended way apparently). The following patch
to ldap_auth.py fixes things for me; YMMV.
Please add to upstream source if helpful.
--- gluon/contrib/login_methods/ldap_auth.py.original 2015-07-31 23:22:
45.931751184 +0100
+++ gluon/contrib/login_methods/ldap_auth.py 2015-07-31 23:19:
14.116922831 +0100
@@ -33,6 +33,7 @@
group_name_attrib='cn',
group_member_attrib='memberUid',
group_filterstr='objectClass=*',
+ tls=False,
logging_level='error'):
"""
@@ -80,6 +81,13 @@
If ldap is using GnuTLS then you need cert_file="..." instead cert_path
because cert_path isn't implemented in GnuTLS :(
+ To enable TLS, set tls=True:
+
+ auth.settings.login_methods.append(ldap_auth(
+ server='my.ldap.server',
+ base_dn='ou=Users,dc=domain,dc=com',
+ tls=True))
+
If you need to bind to the directory with an admin account in order to
search it then specify bind_dn & bind_pw to use for this.
- currently only implemented for Active Directory
@@ -610,6 +618,8 @@
ldap_port = 389
con = ldap.initialize(
"ldap://"; + ldap_server + ":" + str(ldap_port))
+ if tls:
+ con.start_tls_s()
return con
def get_user_groups_from_ldap(username,
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
