Greetings, We use DNS in our Active Directory domain, so we get some extra results in a search:
[(None, ['ldap://ForestDnsZones.domain.com/DC=ForestDnsZones,DC=domain,DC=com']), (None, ['ldap://DomainDnsZones.domain.com/DC=DomainDnsZones,DC=ttsd,DC=ttsd,DC=k12,DC=or,DC=us']), (None, ['ldap://domain.com/CN=Configuration,DC=domain,DC=com'])] When a search is made at login for the account, the value of result ends up being a list rather than a dictionary with the value of sAMAccountName. The following patch does a simple test of the type and returns False if it is not a dict. I tried to attach the patch file to this message, but got a communication error. --- gluon/contrib/login_methods/ldap_auth.py.org 2011-10-28 12:26:01.000000000 -0700 +++ gluon/contrib/login_methods/ldap_auth.py 2011-10-28 14:42:34.000000000 -0700 @@ -97,6 +97,12 @@ result = con.search_ext_s( ldap_basedn, ldap.SCOPE_SUBTREE, "(&(sAMAccountName=%s)(%s))" % (username_bare, filterstr), ["sAMAccountName"])[0][1] + # In cases where ForestDnsZones and DomainDnsZones are found, + # result will look like the following: + # ['ldap://ForestDnsZones.domain.com/DC=ForestDnsZones,DC=domain,DC=com'] + if not isinstance(result, dict): + # result should be a dict in the form {'sAMAccountName': [username_bare]} + return False if ldap_binddn: # We know the user exists & is in the correct OU # so now we just check the password As an aside, I am really enjoying web2py. Carlos Hanson
