I made some progress on this issue. If ldap_mode is set to None, it always access and creates the user.
Then I set ldap_mode to 'uid' and the @ issue doesn't happen more. But there is a little bug in exception handling in the ldap login method, because if the user exists but the password is incorrect, it enters anyway. You need to set another exception: *except ldap.INVALID_CREDENTIALS, e:* * return False* except ldap.LDAPError, e: return False except IndexError, ex: # for AD membership test return False I have tested it with uid=ad...@host.ext,ou=People,dc=example,dc=com and with uid=admin,ou=People,dc=example,dc=com setting the auth.define_tables(username=True) and it works ok for me. I didn't try with the 'cn' mode El viernes, 23 de noviembre de 2012 00:30:28 UTC+1, Massimo Di Pierro escribió: > > I believe this is a bug in Python-ldap not a bug in web2py. This is a > serious bug. > 1) We have two options: block all usernames containing a @ (but what if > the username is legitimate?) > 2) Fix it in ldap. > > In case 2) it would help if somebody could reproduce the problem in a > simple python ldap script so we can submit a bug report without web2py. > > Massimo > > > > > On Thursday, 22 November 2012 11:26:58 UTC-6, demetrio wrote: >> >> I have the same issue using web2py 1.99.7. I'm trying to connecto to an >> OpenDS LDAP, and if I use any non-existing user with "@" enters >> automatically. >> >> Is this resolved in a newer release? If I can send some debug info just >> tell me. >> >> El jueves, 8 de noviembre de 2012 16:26:57 UTC+1, Massimo Di Pierro >> escribió: >>> >>> I emailed you privately abou this. Asking for for somd debug info. Did >>> you get my email? >> >> --