Ask Your Question
1

ldap connection authorized if the password not filled even for an unknown user

asked 2011-05-26 07:25:10 -0500

Samuel gravatar image Samuel flag of France
413 16 6 21

updated 2011-05-31 08:17:19 -0500

When the ldap is activated and well configured :

  1. if the username does not exist in the ldap database and the the password is not filled, the connection is allowed by askbot

  2. if the username exists and no password is filled, the connection is also allowed.

  3. if the username exists and the password is filled and wrong, then the connection is refused (ldap error : invalid credentials

  4. if the username exists and the password is well filled, the the connection is accepted.

It seems to be that ldap-python simple_bind_s method does not raised an exception included in ldap.LDAPError for the first two cases. I have just added a trace to confirm that in the fourth cases the method is called. The ldap-python doc does not give more details. I will try to investigate further next week. If you have any idea, let me know, I have a full test environment to investigate.

delete close flag offensive retag edit

Comments

The problem is that I do not have a real LDAP setup yet, tested on a mock object, which probably missed something, probably I should just install LDAP for myself. Evgeny ( 2011-05-26 18:32:45 -0500 )edit
I think the right direction to take is to integrate the module django-auth-ldap (http://packages.python.org/django-auth-ldap/). I will test it in the coming days. Samuel ( 2011-05-31 07:24:08 -0500 )edit
Ok, plan for this week - decouple the login system and fix the ldap issue in the builtin login system. Evgeny ( 2011-05-31 12:20:55 -0500 )edit
Regarding the empty password issue, I have temporary modified the file deps/django_authopenid/forms.py. Now the username and password are required in the form. It works fine for both local and ldap connections, but I guess there could be a side effect with other providers. Samuel ( 2011-06-01 10:45:21 -0500 )edit

Be the first one to answer this question!

Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Reliable Askbot Hosting

Create your Q&A site at askbot.com. Managed Askbot hosting at just $15/mo. Dedicated hosting, support contracts, consulting services.

create your Q&A site
30 days free trial

Question tools

Follow

subscribe to rss feed

Stats

Asked: 2011-05-26 07:25:10 -0500

Seen: 109 times

Last updated: May 31 '11

Related questions

Exception with ldap signin when the password includes accented characters

Internal Server Error when trying to edit personal pro

Where are the badges in a fresh install? [fixed]

HTML Tags in titles getting eaten <fixed/>

Unknown column 'auth_user.is_approved' in 'field list' [fixed]

need spaces between date, username, and karma on a user's profile overview page (in the "questions" section) [fixed]

email for comments: link missing a href [fixed]

Bug: Horizontal Rule in Comment breaks stylesheet [fixed]

"Related questions" section shows deleted questions?

error on upvote: "Sorry, something is not right here..." [fixed]

Copyright Askbot, 2010-2011. Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | give feedback
Powered by Askbot version 0.7.48