I finally have this working!!!!!! I just had to read a lot of code and the
manual as well. For my companies special LDAP server setup, I had to modify
ldap_auth.py and add the following section of code:
==============================================================================
if ldap_mode == 'company':
# no DNs or password needed to search directory
dn=""
pw=""
# bind anonymously
con.simple_bind_s(dn, pw)
# search by e-mail address
filter = '(mail='+username+')'
# find the uid
attrs = ['uid']
# perform the actual search
company_search_result=con.search_s(ldap_basedn,
ldap.SCOPE_SUBTREE, filter, attrs)
dn=company_search_result[0][0]
# perform the real authentication test
con.simple_bind_s(dn, password)
==============================================================================
I put the code before:
==============================================================================
if ldap_mode == 'uid_r':
==============================================================================
I then changed my model so that instead of appending a new authentication
method, I replaced the local method
==============================================================================
auth.settings.login_methods=[ldap_auth(mode='company',
server='yp.company.com',
base_dn='ou=yp,o=company.com')]
==============================================================================
** I will add a try to catch eventual errors and set it up so that the admin
will have to approve the users.
On Tue, Aug 25, 2009 at 6:54 PM, Don Lee <sam...@gmail.com> wrote:
> I thought the following code would work, but I am not getting any response.
>
> =======================================================
> if mode == 'company':
> # search company ldap database via the e-mail address to figure out the
> dn
> con.simple_bind_s("", "")
> filter = '(mail='+username+')'
> attrs = ['uid']
> company_search_result=con.search_s(ldap_basedn, ldap.SCOPE_SUBTREE,
> filter, attrs)
> dn=company_search_result[0][0]
> =======================================================
>
> I added the code before:
>
> gluon/contrib/login_methods/ldap_auth.py
> =======================================================
> elif mode == 'uid':
> =======================================================
>
> then I changed the model to read:
>
> =======================================================
> auth.settings.login_methods.append(ldap_auth(mode='company',
> server='yp.company.com',
> base_dn='ou=bluepages,o=ibm.com'))
> =======================================================
>
> It didn't work.
>
>
> On Tue, Aug 25, 2009 at 5:02 PM, Don <sam...@gmail.com> wrote:
>
>>
>> I made a mistake. ldapsearch does in fact return a uid. I do not
>> manage the ldap server, so I did not know how it was setup. I think
>> when we authenticate against postgress, it takes our e-mai addresses,
>> finds the uid/dn (which in our case is a cryptic serial number) and
>> then attempts to authenticate against the ldap server. I do not think
>> web2py needs to be patched. I just need to somehow, when the user
>> registers with their e-mail address, find their their uid and store
>> that as the user name. While still allowing them to login with their
>> e-mail address. I will think about it and see what I can do. Thanks
>> for the help.
>>
>> On Aug 25, 3:57 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
>> > Please send me a patch to allow this.
>> >
>> > Massimo
>> >
>> > On Aug 25, 2:47 pm, Don <sam...@gmail.com> wrote:
>> >
>> > > I took a look at the source code and I see that the "mode" option has
>> > > a specific set of accepted values. our user names are based on the
>> > > "mail" field in the ldap record. not uid. So this would not work at
>> > > all. unless I change the source.
>> >
>> > > On Aug 25, 3:24 pm, Don <sam...@gmail.com> wrote:
>> >
>> > > > I am also trying to authenticate against a LDAP server (not
>> working).
>> > > > I cannot get the ldapwhoami command to work, but ldap search does
>> work
>> > > > for me. I do not think the server can respond to the command.
>> > > > ldapsearch does work:
>> >
>> > > > ldapsearch -b 'ou=yp,o=company.com' -H ldaps://yp.company.com -x
>> > > > 'mail=testu...@us.company.com'
>> >
>> > > > I tried the ldap module directly, and that worked as well.
>> > > > =================================>>> import ldap
>> > > > >>> dap = ldap.initialize('ldap://yp.company.com')
>> > > > >>> dn=""
>> > > > >>> pw=""
>> > > > >>> dap.simple_bind_s(dn, pw)
>> > > > (97, [])
>> > > > >>> dap.search_s('ou=yp,o=company.com', ldap.SCOPE_SUBTREE,'(mail=
>> testu...@us.company.com)',['emailaddress','cn'])
>> >
>> > > > [('uid=testUser,c=us,ou=yp,o=company.com', {'emailaddress':
>> > > > ['testu...@us.company.com'], 'cn': ['Test User']})]
>> >
>> > > > ==================================
>> >
>> > > > my auth congids are as follows:
>> >
>> > > > ==================================
>> > > > authDB = SQLDB('sqlite://auth_database.sqlite')
>> >
>> > > > from gluon.tools import Auth, Mail
>> > > > from gluon.contrib.login_methods.ldap_auth import ldap_auth
>> >
>> > > > mail=Mail()
>> > > > mail.settings.server='localhost:25'
>> > > > mail.settings.sender='testu...@us.company.com'
>> >
>> > > > auth=Auth(globals(),authDB)
>> > > > auth.settings.login_methods.append(ldap_auth(mode='mail',
>> > > > server='yp.company.com',
>> > > > base_dn='ou=yp,o=company.com'
>> > > > ))
>> > > > auth.define_tables()
>> > > > auth.settings.mailer = mail
>> > > > ================================
>> >
>> > > > I have PostgreSQL authenticating via pam_ldap using the same
>> settings
>> > > > that i have applied to the auth module. What am I missing? Is
>> there
>> > > > some other option that i need to pass to ldap_auth to get it to use
>> > > > simple binding?
>> >
>> > > > On Aug 4, 5:25 am, Johann Spies <johann.sp...@gmail.com> wrote:
>> >
>> > > > > Apologies. I was testing from two different computers. On the one
>> > > > > (where the web2py server was running) it was working and I did not
>> see
>> > > > > that the one from which I pasted the entries was failing. The
>> > > > > following worked (same string with a 'TLS_REQCERT allow' added to
>> > > > > /etc/ldap/ldap.conf):
>> >
>> > > > > $ ldapwhoami -H ldaps://stbldap01.sun.ac.za -D
>> > > > > 'cn=jspies,ou=users,O=SU' -x -v -W -n
>> > > > > EnterLDAPPassword:
>> > > > > ldap_initialize( ldaps://stbldap01.sun.ac.za:636/??base )
>> > > > > Result: Success (0)
>> >
>> > > > > Regards
>> > > > > Johann
>> > > > > 2009/8/4 Fran <francisb...@googlemail.com>:
>> >
>> > > > > > We need a working string in order to know how to code that
>> within
>> > > > > > Web2Py.
>> > > > > > All of these have failed...
>> >
>> > > > > > F
>> >>
>>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
