Hi Massimo, The script is an example for our AD and it works for me to get all the data except the password hash.
I wanted to test if i am making mistakes when connecting to the server. But I had to give an adminstrator account and a password to do the search. Otherwise Ad doesn't allow the search. But in my ldap_auth.py, I couldn't succeed configuring it. 1. First problem was how do i give the admin user and password. (it is ok for me to have it hard coded in the dap_auth.py) 2. How can the web2py get authentication for a non-admin user ? (I actually don't need to have the hash in the local auth database table.) Thank youvery much! On 7 Sep., 17:04, mdipierro <mdipie...@cs.depaul.edu> wrote: > It is not clear from your message if this script works and you provide > it as an example or if not. > > Massimo > > On Sep 7, 9:26 am, max <dulip.withan...@gmail.com> wrote: > > > Hi Everybody, > > I wrote another script to access our ms active directory, > > If someone have idea t osolve the long overdue problem would be > > thankful. > > > import ldap > > > def main(): > > server = "ad.mydmoan.com" > > who = "user" > > cred = "password" > > keyword = "d...@mydomain.com" > > base_dn = "ou=users,ou=kjc,ou=institute,dc=ad,dc=mydomain,dc=com" > > mode='ad' > > secure='secure' > > try: > > l = ldap.open(server) > > l.simple_bind_s(who, cred) > > l.protocol_version = 3 > > l.set_option(ldap.OPT_REFERRALS, 0) > > print "Successfully bound to server.\n" > > print "Searching..\n" > > my_search(l, keyword) > > #ldap_auth_aux > > (who,cred,ldap_server=server,ldap_mode=mode,ldap_port=636,ldap_basedn=base_dn) > > except ldap.LDAPError, error_message: > > print "Couldn't Connect. %s " % error_message > > > def my_search(l, keyword): > > base_dn = "ou=users,ou=kjc,ou=institute,dc=ad,dc=domain,dc=com" > > scope = ldap.SCOPE_SUBTREE > > filter = "(&(objectClass=user)(mail="+ keyword+"))" > > retrieve_attributes = None > > count = 0 > > result_set = [] > > result_data=[] > > timeout = 0 > > try: > > result_id = l.search(base, scope, filter, retrieve_attributes) > > while 1: > > result_type, result_data = l.result(result_id, timeout) > > if (result_data == []): > > break > > else: > > if result_type == ldap.RES_SEARCH_ENTRY: > > result_set.append(result_data) > > if len(result_set) == 0: > > print "No Results." > > return > > #print result_set > > for i in range(len(result_set)): > > #print i > > for entry in result_set[i]: > > try: > > #print entry > > print entry[1]['mail'][0] > > #print entry[1]['unicodePwd'][0] > > print entry[1]['sAMAccountName'][0] > > #print entry[1]['memberOf'] > > #print entry[1]['proxyAddresses'][0] > > print entry[1]['uidNumber'][0] > > > count = count + 1 > > except: > > pass > > except ldap.LDAPError, error_message: > > print error_message > > > if __name__=='__main__': > > main() > > > On 5 Sep., 16:36, max <dulip.withan...@gmail.com> wrote: > > > > After lots of tests and research of ldap_auth , I have some questions > > > > 1. Does the mode="ad" identify the Active directory in ldap_ath_aux? > > > 2. In my active directory server to use "search_ext_s" i need a > > > administrator account, > > > What i think is general to all ad servers. > > > How can i define it in ldap_auth_aux > > > 3. And in a search result element i don't get the hash_value for the > > > password after successful bind . > > > Then the question is how web2py auth can authenticate when it doesn't > > > get the password from the ad? > > > > thanks for any idea! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
