Thanks. In trunk
On Oct 28, 5:26 pm, Carlos Hanson <car...@clanhanson.com> wrote: > Greetings, > > We use DNS in our Active Directory domain, so we get some extra results in > a search: > > [(None, > ['ldap://ForestDnsZones.domain.com/DC=ForestDnsZones,DC=domain,DC=com']), > (None, > ['ldap://DomainDnsZones.domain.com/DC=DomainDnsZones,DC=ttsd,DC=ttsd,DC=k12 > ,DC=or,DC=us']), > (None, ['ldap://domain.com/CN=Configuration,DC=domain,DC=com'])] > > When a search is made at login for the account, the value of result ends up > being a list rather than a dictionary with the value of sAMAccountName. > > The following patch does a simple test of the type and returns False if it > is not a dict. I tried to attach the patch file to this message, but got a > communication error. > > --- gluon/contrib/login_methods/ldap_auth.py.org 2011-10-28 > 12:26:01.000000000 -0700 > +++ gluon/contrib/login_methods/ldap_auth.py 2011-10-28 > 14:42:34.000000000 -0700 > @@ -97,6 +97,12 @@ > result = con.search_ext_s( > ldap_basedn, ldap.SCOPE_SUBTREE, > "(&(sAMAccountName=%s)(%s))" % (username_bare, > filterstr), ["sAMAccountName"])[0][1] > + # In cases where ForestDnsZones and DomainDnsZones are > found, > + # result will look like the following: > + # > ['ldap://ForestDnsZones.domain.com/DC=ForestDnsZones,DC=domain,DC=com'] > + if not isinstance(result, dict): > + # result should be a dict in the form > {'sAMAccountName': [username_bare]} > + return False > if ldap_binddn: > # We know the user exists & is in the correct OU > # so now we just check the password > > As an aside, I am really enjoying web2py. > > Carlos Hanson