Hello Everybody, I've seen a *possible* bug if I got things right in the authentication code, let me tell you about how to reproduce it first. * * *steps to reproduce:*
1. I use LDAP authentication (LDAP only, no local authentication wanted) so I set my auth.settings.login_methods = ldap_auth(server=ldapConfig.server, base_dn=ldapConfig.basedn, mode=ldapConfig.searchattr)] 1. When I try to login with LDAP account things go great and the user is created in the authentication database as caching, next time you login with that user you will be able to login with any password!, the LDAP authentication is not even checked! 2. When you try to login with any other unknown user in the database, the LDAP authentication is checked and fails as expected. I'm submitting the patch against the source version and the fix is really simple, please review and consider for merge. Note: I noticed 'self.settings.alternate_requires_registration' and I didn't understand its role, but it's set to False by default and setting it to True will cause the following 1- Initially you won't be able to authenticate to LDAP users that are not already in the cache, but if they are in the cache already things work fine and you can't see the bug, so it's confusing what it should 'actually' do. Thanks Ahmed Soliman Software Engineer B-Virtual Team. Thebe Technology. Egypt - Belgium 16 Nehro St. Heliopolis. Cairo Egypt. http://www.b-virtual.org http://www.thebetechnology.com GPG ID: 0xAEEE5042 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
auth.patch
Description: Binary data
