Good catch. I added your patch to trunk. On Friday, 23 November 2012 05:31:17 UTC-6, demetrio wrote: > > I made some progress on this issue. > > If ldap_mode is set to None, it always access and creates the user. > > Then I set ldap_mode to 'uid' and the @ issue doesn't happen more. But > there is a little bug in exception handling in the ldap login method, > because if the user exists but the password is incorrect, it enters anyway. > You need to set another exception: > > *except ldap.INVALID_CREDENTIALS, e:* > * return False* > except ldap.LDAPError, e: > return False > except IndexError, ex: # for AD membership test > return False > > I have tested it with > > uid=ad...@host.ext,ou=People,dc=example,dc=com > > and with > > uid=admin,ou=People,dc=example,dc=com > > setting the auth.define_tables(username=True) > > and it works ok for me. I didn't try with the 'cn' mode > > > El viernes, 23 de noviembre de 2012 00:30:28 UTC+1, Massimo Di Pierro > escribió: >> >> I believe this is a bug in Python-ldap not a bug in web2py. This is a >> serious bug. >> 1) We have two options: block all usernames containing a @ (but what if >> the username is legitimate?) >> 2) Fix it in ldap. >> >> In case 2) it would help if somebody could reproduce the problem in a >> simple python ldap script so we can submit a bug report without web2py. >> >> Massimo >> >> >> >> >> On Thursday, 22 November 2012 11:26:58 UTC-6, demetrio wrote: >>> >>> I have the same issue using web2py 1.99.7. I'm trying to connecto to an >>> OpenDS LDAP, and if I use any non-existing user with "@" enters >>> automatically. >>> >>> Is this resolved in a newer release? If I can send some debug info just >>> tell me. >>> >>> El jueves, 8 de noviembre de 2012 16:26:57 UTC+1, Massimo Di Pierro >>> escribió: >>>> >>>> I emailed you privately abou this. Asking for for somd debug info. Did >>>> you get my email? >>> >>>
--