You may try the SSL port 636 (
http://www.openldap.org/faq/data/cache/185.html)
You may realise that it actually available...
Richard
On Thu, Mar 9, 2017 at 12:53 PM, Carlos Cesar Caballero Díaz <
carlos.caball...@cfg.jovenclub.cu> wrote:
> I completely agree, and I have warned to the sysadmin, but is not my
> network, so...
>
> Greetings.
>
> El 09/03/17 a las 12:26, Richard Vézina escribió:
>
> Hello Carlos,
>
> auth_ldap is difficult to put in place because as you mention it doesn't
> provide proper feedback when something goes wrong...
>
> Note: If you access localhost instance of LDAP it may be ok to not use SSL
> protected service, but other than that you want to use 636 port (if I
> recall) and SSL protected connection, or the username and password can be
> access in clear text by sniffing the network...
>
> Richard
>
> On Thu, Mar 9, 2017 at 12:02 PM, Carlos Cesar Caballero Díaz <
> carlos.caball...@cfg.jovenclub.cu> wrote:
>
>> Hi Richard,
>>
>> I am connecting against an OpenLDAP server, and here is a lot of services
>> running against it (proxy, email, nextcloud, dolibarr, a few dozen of
>> Ubuntu PCs and others).
>>
>> After a more accurate debugging I release that simple_bind_s() was
>> throwing an invalid credentials error (will be good to add a a warning or
>> something in logs).
>>
>> I start trying with different options and this works (it seems that the
>> ldap server was not using a standard OpenLdap structure, but i don't known
>> too much about that):
>>
>> auth.settings.login_methods.append(ldap_auth(
>> mode='custom', server='10.6.xx.xx',
>> base_dn='dc=comp',
>> username_attrib='uid',
>> custom_scope='subtree',
>> ))
>>
>> So, the problem is solved and is working without problems. Many thanks.
>>
>>
>> Greetings.
>>
>> El 07/03/17 a las 13:40, Richard Vézina escribió:
>>
>> Hello Carlos,
>>
>> You can try to make simple bind with python ldap lib first, make sure
>> user, base_dn is good, you will get more feedback then with ldap_auth
>>
>> Depending of the ldap server implementation that you try to reach you may
>> fall on ldap_auth issue as not all part of the ldap_auth is well testing I
>> guess, there is comment in the code saying that, so...
>>
>> Do you connect to Active Directory? open_ldap... Is the LDAP server
>> properly configure if you use to put open_ldap in place by yourself for
>> instance, are you able to use LDAP for authentication with other software
>> solution??
>>
>> Richard
>>
>> On Tue, Mar 7, 2017 at 11:50 AM, Carlos Cesar Caballero Díaz <
>> carlos.caball...@cfg.jovenclub.cu> wrote:
>>
>>> No, the ldap server is not protected by ssl.
>>>
>>> Greetings.
>>>
>>>
>>> El 07/03/17 a las 11:42, Richard Vézina escribió:
>>>
>>> Is your ldap server protected by ssl? If so you have to think to change
>>> port...
>>>
>>> Richard
>>>
>>> On Tue, Mar 7, 2017 at 10:32 AM, Carlos Cesar Caballero Díaz <
>>> carlos.caball...@cfg.jovenclub.cu> wrote:
>>>
>>>> Hi, I am trying to include ldap authentication to my app, and for this,
>>>> i am using this code:
>>>>
>>>> auth.settings.login_methods.append(ldap_auth(
>>>> mode='uid',
>>>> server='10.6.xx.xx',
>>>> base_dn='dc=comp',
>>>> filterstr='&(objectClass=inetOrgPerson)',
>>>> logging_level='debug'))
>>>>
>>>> (note: The Original server and base_dn values are changed in this
>>>> example. I also have tried with and without the filterstr option)
>>>>
>>>> But I can't login with any ldap user, and the logs only say:
>>>>
>>>> DEBUG:web2py.auth.ldap_auth:mode: [uid] manage_user: [False]
>>>> custom_scope: [subtree] manage_groups: [False]
>>>> INFO:web2py.auth.ldap_auth:[10.6.28.93] Initialize ldap connection
>>>>
>>>> I Debug the ladp_auth module, and for some reason it hangs on the line
>>>> 314 ( con.simple_bind_s(dn, password)) without throw any error.
>>>>
>>>> If it helps, I also have tried this code and works as expected
>>>> returning the ldap user data:
>>>>
>>>> import ldap
>>>> ldap_server="10.6.xx.xx"
>>>> username = "auser"
>>>> base_dn = "dc=comp"
>>>>
>>>> query = "(uid=%s)" % username
>>>> con = ldap.initialize('ldap://'+ldap_server)
>>>>
>>>> result = con.search_s(base_dn, ldap.SCOPE_SUBTREE, query)
>>>> print result
>>>>
>>>>
>>>> Any help or idea?
>>>>
>>>> Greetings.
>>>>
>>>>
>>>> --
>>>> Resources:
>>>> - http://web2py.com
>>>> - http://web2py.com/book (Documentation)
>>>> - http://github.com/web2py/web2py (Source code)
>>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "web2py-users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to web2py+unsubscr...@googlegroups.com.
>>>> For more options, visit *MailScanner ha detectado un intento de fraude
>>>> en la siguiente página web "groups.google.com". No confíe en esta página
>>>> web:* *MailScanner ha detectado un intento de fraude en la siguiente
>>>> p�gina web "groups.google.com". No conf�e en esta p�gina web:* *MailScanner
>>>> ha detectado un intento de fraude en la siguiente página web
>>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha
>>>> detectado un intento de fraude en la siguiente p�gina web
>>>> "groups.google.com". No conf�e en esta p�gina web:* *MailScanner ha
>>>> detectado un intento de fraude en la siguiente página web
>>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha
>>>> detectado un intento de fraude en la siguiente p�gina web
>>>> "groups.google.com". No conf�e en esta p�gina web:*
>>>> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
>>>> .
>>>>
>>>
>>> --
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to web2py+unsubscr...@googlegroups.com.
>>> For more options, visit *MailScanner ha detectado un intento de fraude
>>> en la siguiente página web "groups.google.com". No confíe en esta página
>>> web:* *MailScanner ha detectado un intento de fraude en la siguiente
>>> p�gina web "groups.google.com". No conf�e en esta p�gina web:* *MailScanner
>>> ha detectado un intento de fraude en la siguiente página web
>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha
>>> detectado un intento de fraude en la siguiente p�gina web
>>> "groups.google.com". No conf�e en esta p�gina web:* *MailScanner ha
>>> detectado un intento de fraude en la siguiente página web
>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha
>>> detectado un intento de fraude en la siguiente p�gina web
>>> "groups.google.com". No conf�e en esta p�gina web:*
>>> https://groups.google.com/d/optout <https://groups.google.com/d/optout>.
>>>
>>>
>>> --
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to web2py+unsubscr...@googlegroups.com.
>>> For more options, visit *MailScanner ha detectado un intento de fraude
>>> en la siguiente página web "groups.google.com". No confíe en esta página
>>> web:* *MailScanner ha detectado un intento de fraude en la siguiente
>>> p�gina web "groups.google.com". No conf�e en esta p�gina web:* *MailScanner
>>> ha detectado un intento de fraude en la siguiente página web
>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha
>>> detectado un intento de fraude en la siguiente p�gina web
>>> "groups.google.com". No conf�e en esta p�gina web:*
>>> https://groups.google.com/d/optout <https://groups.google.com/d/optout>.
>>>
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>> For more options, visit *MailScanner ha detectado un intento de fraude
>> en la siguiente página web "groups.google.com". No confíe en esta página
>> web:* *MailScanner ha detectado un intento de fraude en la siguiente
>> p�gina web "groups.google.com". No conf�e en esta p�gina web:* *MailScanner
>> ha detectado un intento de fraude en la siguiente página web
>> "groups.google.com". No confíe en esta página web:* *MailScanner ha
>> detectado un intento de fraude en la siguiente p�gina web
>> "groups.google.com". No conf�e en esta p�gina web:*
>> https://groups.google.com/d/optout <https://groups.google.com/d/optout>.
>>
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>> For more options, visit *MailScanner ha detectado un intento de fraude
>> en la siguiente página web "groups.google.com". No confíe en esta página
>> web:* *MailScanner ha detectado un intento de fraude en la siguiente
>> p�gina web "groups.google.com". No conf�e en esta p�gina web:*
>> https://groups.google.com/d/optout <https://groups.google.com/d/optout>.
>>
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit *MailScanner ha detectado un intento de fraude en
> la siguiente página web "groups.google.com". No confíe en esta página web:*
> *MailScanner
> ha detectado un intento de fraude en la siguiente p�gina web
> "groups.google.com". No conf�e en esta p�gina web:*
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>.
>
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
