port=636, secure=True, self_signed_certificate=True, You should look at auth_ldap code if they all apply depends of your LDAP server... Things is I don't recall if I contribute all the change I made over my own auth_ldap, but the code is your source of truth...
:) Richard On Thu, Mar 9, 2017 at 1:35 PM, Richard Vézina <ml.richard.vez...@gmail.com> wrote: > Associate parameters : > > > On Thu, Mar 9, 2017 at 1:32 PM, Richard Vézina < > ml.richard.vez...@gmail.com> wrote: > >> You may try the SSL port 636 (http://www.openldap.org/faq/d >> ata/cache/185.html) >> >> >> You may realise that it actually available... >> >> Richard >> >> On Thu, Mar 9, 2017 at 12:53 PM, Carlos Cesar Caballero Díaz < >> carlos.caball...@cfg.jovenclub.cu> wrote: >> >>> I completely agree, and I have warned to the sysadmin, but is not my >>> network, so... >>> >>> Greetings. >>> >>> El 09/03/17 a las 12:26, Richard Vézina escribió: >>> >>> Hello Carlos, >>> >>> auth_ldap is difficult to put in place because as you mention it doesn't >>> provide proper feedback when something goes wrong... >>> >>> Note: If you access localhost instance of LDAP it may be ok to not use >>> SSL protected service, but other than that you want to use 636 port (if I >>> recall) and SSL protected connection, or the username and password can be >>> access in clear text by sniffing the network... >>> >>> Richard >>> >>> On Thu, Mar 9, 2017 at 12:02 PM, Carlos Cesar Caballero Díaz < >>> carlos.caball...@cfg.jovenclub.cu> wrote: >>> >>>> Hi Richard, >>>> >>>> I am connecting against an OpenLDAP server, and here is a lot of >>>> services running against it (proxy, email, nextcloud, dolibarr, a few dozen >>>> of Ubuntu PCs and others). >>>> >>>> After a more accurate debugging I release that simple_bind_s() was >>>> throwing an invalid credentials error (will be good to add a a warning or >>>> something in logs). >>>> >>>> I start trying with different options and this works (it seems that the >>>> ldap server was not using a standard OpenLdap structure, but i don't known >>>> too much about that): >>>> >>>> auth.settings.login_methods.append(ldap_auth( >>>> mode='custom', server='10.6.xx.xx', >>>> base_dn='dc=comp', >>>> username_attrib='uid', >>>> custom_scope='subtree', >>>> )) >>>> >>>> So, the problem is solved and is working without problems. Many thanks. >>>> >>>> >>>> Greetings. >>>> >>>> El 07/03/17 a las 13:40, Richard Vézina escribió: >>>> >>>> Hello Carlos, >>>> >>>> You can try to make simple bind with python ldap lib first, make sure >>>> user, base_dn is good, you will get more feedback then with ldap_auth >>>> >>>> Depending of the ldap server implementation that you try to reach you >>>> may fall on ldap_auth issue as not all part of the ldap_auth is well >>>> testing I guess, there is comment in the code saying that, so... >>>> >>>> Do you connect to Active Directory? open_ldap... Is the LDAP server >>>> properly configure if you use to put open_ldap in place by yourself for >>>> instance, are you able to use LDAP for authentication with other software >>>> solution?? >>>> >>>> Richard >>>> >>>> On Tue, Mar 7, 2017 at 11:50 AM, Carlos Cesar Caballero Díaz < >>>> carlos.caball...@cfg.jovenclub.cu> wrote: >>>> >>>>> No, the ldap server is not protected by ssl. >>>>> >>>>> Greetings. >>>>> >>>>> >>>>> El 07/03/17 a las 11:42, Richard Vézina escribió: >>>>> >>>>> Is your ldap server protected by ssl? If so you have to think to >>>>> change port... >>>>> >>>>> Richard >>>>> >>>>> On Tue, Mar 7, 2017 at 10:32 AM, Carlos Cesar Caballero Díaz < >>>>> carlos.caball...@cfg.jovenclub.cu> wrote: >>>>> >>>>>> Hi, I am trying to include ldap authentication to my app, and for >>>>>> this, i am using this code: >>>>>> >>>>>> auth.settings.login_methods.append(ldap_auth( >>>>>> mode='uid', >>>>>> server='10.6.xx.xx', >>>>>> base_dn='dc=comp', >>>>>> filterstr='&(objectClass=inetOrgPerson)', >>>>>> logging_level='debug')) >>>>>> >>>>>> (note: The Original server and base_dn values are changed in this >>>>>> example. I also have tried with and without the filterstr option) >>>>>> >>>>>> But I can't login with any ldap user, and the logs only say: >>>>>> >>>>>> DEBUG:web2py.auth.ldap_auth:mode: [uid] manage_user: [False] >>>>>> custom_scope: [subtree] manage_groups: [False] >>>>>> INFO:web2py.auth.ldap_auth:[10.6.28.93] Initialize ldap connection >>>>>> >>>>>> I Debug the ladp_auth module, and for some reason it hangs on the >>>>>> line 314 ( con.simple_bind_s(dn, password)) without throw any error. >>>>>> >>>>>> If it helps, I also have tried this code and works as expected >>>>>> returning the ldap user data: >>>>>> >>>>>> import ldap >>>>>> ldap_server="10.6.xx.xx" >>>>>> username = "auser" >>>>>> base_dn = "dc=comp" >>>>>> >>>>>> query = "(uid=%s)" % username >>>>>> con = ldap.initialize('ldap://'+ldap_server) >>>>>> >>>>>> result = con.search_s(base_dn, ldap.SCOPE_SUBTREE, query) >>>>>> print result >>>>>> >>>>>> >>>>>> Any help or idea? >>>>>> >>>>>> Greetings. >>>>>> >>>>>> >>>>>> -- >>>>>> Resources: >>>>>> - http://web2py.com >>>>>> - http://web2py.com/book (Documentation) >>>>>> - http://github.com/web2py/web2py (Source code) >>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "web2py-users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to web2py+unsubscr...@googlegroups.com. >>>>>> For more options, visit *MailScanner ha detectado un intento de >>>>>> fraude en la siguiente página web "groups.google.com". No confíe en esta >>>>>> página web:* *MailScanner ha detectado un intento de fraude en la >>>>>> siguiente p�gina web "groups.google.com". No conf�e en esta p�gina web:* >>>>>> *MailScanner >>>>>> ha detectado un intento de fraude en la siguiente página web >>>>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha >>>>>> detectado un intento de fraude en la siguiente p�gina web >>>>>> "groups.google.com". No conf�e en esta p�gina web:* *MailScanner ha >>>>>> detectado un intento de fraude en la siguiente página web >>>>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha >>>>>> detectado un intento de fraude en la siguiente p�gina web >>>>>> "groups.google.com". No conf�e en esta p�gina web:* >>>>>> https://groups.google.com/d/optout >>>>>> <https://groups.google.com/d/optout>. >>>>>> >>>>> >>>>> -- >>>>> Resources: >>>>> - http://web2py.com >>>>> - http://web2py.com/book (Documentation) >>>>> - http://github.com/web2py/web2py (Source code) >>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "web2py-users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to web2py+unsubscr...@googlegroups.com. >>>>> For more options, visit *MailScanner ha detectado un intento de >>>>> fraude en la siguiente página web "groups.google.com". No confíe en esta >>>>> página web:* *MailScanner ha detectado un intento de fraude en la >>>>> siguiente p�gina web "groups.google.com". No conf�e en esta p�gina web:* >>>>> *MailScanner >>>>> ha detectado un intento de fraude en la siguiente página web >>>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha >>>>> detectado un intento de fraude en la siguiente p�gina web >>>>> "groups.google.com". No conf�e en esta p�gina web:* *MailScanner ha >>>>> detectado un intento de fraude en la siguiente página web >>>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha >>>>> detectado un intento de fraude en la siguiente p�gina web >>>>> "groups.google.com". No conf�e en esta p�gina web:* >>>>> https://groups.google.com/d/optout >>>>> <https://groups.google.com/d/optout>. >>>>> >>>>> >>>>> -- >>>>> Resources: >>>>> - http://web2py.com >>>>> - http://web2py.com/book (Documentation) >>>>> - http://github.com/web2py/web2py (Source code) >>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "web2py-users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to web2py+unsubscr...@googlegroups.com. >>>>> For more options, visit *MailScanner ha detectado un intento de >>>>> fraude en la siguiente página web "groups.google.com". No confíe en esta >>>>> página web:* *MailScanner ha detectado un intento de fraude en la >>>>> siguiente p�gina web "groups.google.com". No conf�e en esta p�gina web:* >>>>> *MailScanner >>>>> ha detectado un intento de fraude en la siguiente página web >>>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha >>>>> detectado un intento de fraude en la siguiente p�gina web >>>>> "groups.google.com". No conf�e en esta p�gina web:* >>>>> https://groups.google.com/d/optout >>>>> <https://groups.google.com/d/optout>. >>>>> >>>> >>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to web2py+unsubscr...@googlegroups.com. >>>> For more options, visit *MailScanner ha detectado un intento de fraude >>>> en la siguiente página web "groups.google.com". No confíe en esta página >>>> web:* *MailScanner ha detectado un intento de fraude en la siguiente >>>> p�gina web "groups.google.com". No conf�e en esta p�gina web:* *MailScanner >>>> ha detectado un intento de fraude en la siguiente página web >>>> "groups.google.com". No confíe en esta página web:* *MailScanner ha >>>> detectado un intento de fraude en la siguiente p�gina web >>>> "groups.google.com". No conf�e en esta p�gina web:* >>>> https://groups.google.com/d/optout <https://groups.google.com/d/optout> >>>> . >>>> >>>> >>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to web2py+unsubscr...@googlegroups.com. >>>> For more options, visit *MailScanner ha detectado un intento de fraude >>>> en la siguiente página web "groups.google.com". No confíe en esta página >>>> web:* *MailScanner ha detectado un intento de fraude en la siguiente >>>> p�gina web "groups.google.com". No conf�e en esta p�gina web:* >>>> https://groups.google.com/d/optout <https://groups.google.com/d/optout> >>>> . >>>> >>> >>> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to web2py+unsubscr...@googlegroups.com. >>> For more options, visit *MailScanner ha detectado un intento de fraude >>> en la siguiente página web "groups.google.com". No confíe en esta página >>> web:* *MailScanner ha detectado un intento de fraude en la siguiente >>> p�gina web "groups.google.com". No conf�e en esta p�gina web:* >>> https://groups.google.com/d/optout <https://groups.google.com/d/optout>. >>> >>> >>> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to web2py+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.