I am using ldap_auth. The following example shows an error I received after
adding manage_user=True. It is unclear to me why this is a problem.
>>> ldap_auth_aux = ldap_auth(mode='ad',
... server='my.domain.controller',
... base_dn='ou=Users,dc=domain,dc=com',
... filterstr='objectClass=*',
... manage_user=True,
... user_firstname_attrib='givenName',
... user_lastname_attrib='sn',
... user_mail_attrib='mail')
>>> import logging
>>> logger = logging.getLogger('web2py.auth.ldap_auth')
>>> logger.setLevel(logging.DEBUG)
>>> ldap_auth_aux('chanson', '********')
DEBUG:web2py.auth.ldap_auth:mode: [ad] manage_user: [True] custom_scope: [
subtree] manage_groups: [False]
INFO:web2py.auth.ldap_auth:[my.domain.controller] Initialize ldap connection
INFO:web2py.auth.ldap_auth:[chanson] Manage user data
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/srv/www/web2py/gluon/contrib/login_methods/ldap_auth.py", line 421,
in ldap_auth_aux
user_in_db = db(db.auth_user.email == username)
AttributeError: 'NoneType' object has no attribute 'auth_user'
>>> ldap_auth_aux('chanson', '********', db=db)
DEBUG:web2py.auth.ldap_auth:mode: [ad] manage_user: [True] custom_scope: [
subtree] manage_groups: [False]
INFO:web2py.auth.ldap_auth:[my.domain.controller] Initialize ldap connection
INFO:web2py.auth.ldap_auth:[chanson] Manage user data
True
>>> db.commit()
The Traceback in the error ticket showed one of the following prior to the
error on line 421 in ldap_auth_aux:
- File "/srv/www/web2py/gluon/tools.py", line 2123, in login
- File "/srv/www/web2py/gluon/tools.py", line 2144, in login
The interesting code is the following:
login_method(request.vars[username],
request.vars[passfield]):
db is not passed to the function. The function definition of ldap_auth_aux
has db=db, but the function is defined in ldap_auth which defaults to
db=None. I am not sure how it worked before. My solution is to add db=db to
my login_methods definition:
auth.settings.login_methods = [
ldap_auth(...as usual...,
manage_user=True,
user_firstname_attrib='givenName',
user_lastname_attrib='sn',
user_mail_attrib='mail',
db=db
)
]
I also noticed that the user_xxx_attrib values are case sensitive. For
example, I use givenName for the user_firstname_attrib. Searching ldap is
case insensitive, so I think the results should not be, but the results
create a dictionary which has case sensitive keys. In my case, if I use
givenname, which is the norm for me when I interact with ldap, line 665 of
ldap_auth.py throws an exception and my first_name in the auth_user table
gets created or updated to None, depending on whether the user exists or
not.
I don't know if this needs to be changed necessarily. I think it would be
better to be case insensitive, since searches are that way, but if not, at
a minimum the documentation should say it that the case of the attribute
should match the schema definition.
I'm not sure how to resolve the db=db issue above other than the way I did,
since I am unclear why it worked before I added manage_user=True.
Carlos Hanson
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
