ldap connection authorized if the password not filled even for an unknown user

When the ldap is activated and well configured :

  1. if the username does not exist in the ldap database and the the password is not filled, the connection is allowed by askbot

  2. if the username exists and no password is filled, the connection is also allowed.

  3. if the username exists and the password is filled and wrong, then the connection is refused (ldap error : invalid credentials

  4. if the username exists and the password is well filled, the the connection is accepted.

It seems to be that ldap-python simple_bind_s method does not raised an exception included in ldap.LDAPError for the first two cases. I have just added a trace to confirm that in the fourth cases the method is called. The ldap-python doc does not give more details. I will try to investigate further next week. If you have any idea, let me know, I have a full test environment to investigate.

Samuel's avatar
425
Samuel
updated 2011-05-31 08:17:19 -0500, asked 2011-05-26 07:25:10 -0500
edit flag offensive 0 remove flag close merge delete

Comments

The problem is that I do not have a real LDAP setup yet, tested on a mock object, which probably missed something, probably I should just install LDAP for myself.
Evgeny's avatar Evgeny (2011-05-26 18:32:45 -0500) edit
more
  • delete
I think the right direction to take is to integrate the module django-auth-ldap (http://packages.python.org/django-auth-ldap/). I will test it in the coming days.
Samuel's avatar Samuel (2011-05-31 07:24:08 -0500) edit
more
  • delete
Ok, plan for this week - decouple the login system and fix the ldap issue in the builtin login system.
Evgeny's avatar Evgeny (2011-05-31 12:20:55 -0500) edit
more
  • delete
Regarding the empty password issue, I have temporary modified the file deps/django_authopenid/forms.py. Now the username and password are required in the form. It works fine for both local and ldap connections, but I guess there could be a side effect with other providers.
Samuel's avatar Samuel (2011-06-01 10:45:21 -0500) edit
more
  • delete
add a comment see more comments