I made some progress on this issue.
If ldap_mode is set to None, it always access and creates the user.
Then I set ldap_mode to 'uid' and the @ issue doesn't happen more. But
there is a little bug in exception handling in the ldap login method,
because if the user exists but the password is incorrect, it enters anyway.
You need to set another exception:
*except ldap.INVALID_CREDENTIALS, e:*
* return False*
except ldap.LDAPError, e:
return False
except IndexError, ex: # for AD membership test
return False
I have tested it with
uid=ad...@host.ext,ou=People,dc=example,dc=com
and with
uid=admin,ou=People,dc=example,dc=com
setting the auth.define_tables(username=True)
and it works ok for me. I didn't try with the 'cn' mode
El viernes, 23 de noviembre de 2012 00:30:28 UTC+1, Massimo Di Pierro
escribió:
>
> I believe this is a bug in Python-ldap not a bug in web2py. This is a
> serious bug.
> 1) We have two options: block all usernames containing a @ (but what if
> the username is legitimate?)
> 2) Fix it in ldap.
>
> In case 2) it would help if somebody could reproduce the problem in a
> simple python ldap script so we can submit a bug report without web2py.
>
> Massimo
>
>
>
>
> On Thursday, 22 November 2012 11:26:58 UTC-6, demetrio wrote:
>>
>> I have the same issue using web2py 1.99.7. I'm trying to connecto to an
>> OpenDS LDAP, and if I use any non-existing user with "@" enters
>> automatically.
>>
>> Is this resolved in a newer release? If I can send some debug info just
>> tell me.
>>
>> El jueves, 8 de noviembre de 2012 16:26:57 UTC+1, Massimo Di Pierro
>> escribió:
>>>
>>> I emailed you privately abou this. Asking for for somd debug info. Did
>>> you get my email?
>>
>>
--
