First time here? Check out the FAQ!
1

Exception with ldap signin when the password includes accented characters

When the password of the user contains an accented character like "à" or "ç" for instance, the following exception is raised :

/data/local/virtualenv/askbot/lib/python2.6/site-packages/askbot/middleware/pagesize.py TIME: 2011-06-27 01:57:29,526 MSG: pagesize.py:process_exception:43   File "/data/local/virtualenv/askbot/lib/python2.6/site-packages/django/core/handlers/base.py", line 99, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "/data/local/virtualenv/askbot/lib/python2.6/site-packages/django/utils/decorators.py", line 48, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/data/local/virtualenv/askbot/lib/python2.6/site-packages/askbot/deps/django_authopenid/views.py", line 317, in signin
    login_form.cleaned_data['password']
  File "/data/local/virtualenv/askbot/lib/python2.6/site-packages/askbot/deps/django_authopenid/util.py", line 643, in ldap_check_password
    ldap_session.simple_bind_s(username, password)
  File "/data/local/virtualenv/askbot/lib/python2.6/site-packages/ldap/ldapobject.py", line 206, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/data/local/virtualenv/askbot/lib/python2.6/site-packages/ldap/ldapobject.py", line 200, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls))
  File "/data/local/virtualenv/askbot/lib/python2.6/site-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)

/data/local/virtualenv/askbot/lib/python2.6/site-packages/askbot/middleware/pagesize.py TIME: 2011-06-27 01:57:29,527 MSG: pagesize.py:process_exception:44 <type 'exceptions.UnicodeEncodeError'>
/data/local/virtualenv/askbot/lib/python2.6/site-packages/askbot/middleware/pagesize.py TIME: 2011-06-27 01:57:29,527 MSG: pagesize.py:process_exception:45 'ascii' codec can't encode character u'\xe7' in position 0: ordinal not in range(128)
/data/local/virtualenv/askbot/lib/python2.6/site-packages/askbot/middleware/pagesize.py TIME: 2011-06-27 01:57:29,527 MSG: pagesize.py:process_exception:54 path: /account/signin/
method: POST
data: <QueryDict: {u'username': [u'user'], u'openid_login_token': [u''], u'password_action': [u'login'], u'next': [u'/'], u'login_provider_name': [u'local'], u'login_with_password': [u'Sign in'], u'csrfmiddlewaretoken': [u'e630f38ee4a67878c8e28d1cd6411ac0'], u'password': [u'XXXXXX']}>
host: ask
user: AnonymousUser

My askbot server is running on a redhat distribution.

Samuel's avatar
425
Samuel
updated 2011-06-27 02:27:29 -0500, asked 2011-06-27 02:26:41 -0500
edit flag offensive 0 remove flag close merge delete

Comments

I will redo LDAP to use django-auth-ldap, looking at it now.
Evgeny's avatar Evgeny (2011-06-27 18:06:30 -0500) edit
Actually, looks like we'll still need to hack around, because that app works differently - I will borrow some code from django-auth-ldap though.
Evgeny's avatar Evgeny (2011-06-27 18:42:57 -0500) edit
Samuel, can you try using password.encode('utf-8') inside the "simple_bind_s" call in the end of askbot/deps/django_authopenid/util.py ? Does that help?
Evgeny's avatar Evgeny (2011-06-27 21:56:37 -0500) edit
I have already tried to encode the password in utf-8 but it changes nothing.
Samuel's avatar Samuel (2011-06-28 03:02:37 -0500) edit
Could you explain briefly the difficulties to integrate django-auth-ldap? In my opinion the main reasons to use it are : - bind with a robot, then verification of the user's credentials by queries. This method is the right one. I have done ugly patches in askbot to make the simple bind working with an active directory using multiple domains. I can give further details if you want. - fill last name, first name, email and others fields automatically - set automatically permissions - limit the connection to certain ldap groups
Samuel's avatar Samuel (2011-06-28 03:28:25 -0500) edit
add a comment see more comments

1 Answer

0

This one is not easy, I need to istall LDAP and test here. Looks like simple_bind_s() does not like the unicode password. Maybe it needs to be encoded somehow before sending over.

Does your LDAP work with the unicode passwords otherwise?

Evgeny's avatar
13.2k
Evgeny
answered 2011-06-27 16:10:16 -0500
edit flag offensive 0 remove flag delete link

Comments

Yes our LDAP works with unicode passwords.
Samuel's avatar Samuel (2011-06-28 03:03:57 -0500) edit
add a comment see more comments