Re: determining if bind successful

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hmm. OK - well below are the relevant snippets from LDAPWrapper class. =20=

When I pass in a valid dn for "user" and an incorrect password, it=20
still binds.   It appears to bind as a user that has no privileges but=20=

it doesn't throw an exception.   I'm running openldap 2.1 on Mac OS X=20
10.2.5 if that makes a difference.   Are the OpenLDAP settings that=20
override this behavior that I can adjust.     It's very odd to me that=20=

it wouldn't "always" throw an exception or what's the point of the=20
authentication step! :-)

Thanks
Mike

class LDAPWrapper:

	def __init__(self, user=3D"", password=3D""):
		try:
			self.server =3D ldap.open("127.0.0.1")
			self.server.simple_bind(user, password)
		except ldap.LDAPError, e:
			print "general LDAP error ", e
		except ldap.INVALID_CREDENTIALS, e:
			print "Invalid Credentials", e
		except ldap.INAPPROPRIATE_AUTH, e:
			print "Inappropriate Auth", e
		=09
On Thursday, May 1, 2003, at 12:03  PM, Michael Str=F6der wrote:

> Michael Engelhart wrote:
>> Is there anything in the API that will let you determine whether a=20
>> particular users login was successful or not?  I'm using simple_bind=20=

>> to bind a user but it appears that if you type in anything, it will=20=

>> accept but just not give access rights.  I want to be able to display=20=

>> a web page after a user tries to login that says "Username/Password=20=

>> were incorrect. please try again."
>
> Mainly if simple_bind_s(who,cred) was successful with a non-empty=20
> password in cred the "login" was successful. Otherwise one of the=20
> following exceptions is usually raised:
>
> ldap.INVALID_CREDENTIALS
>
> ldap.INAPPROPRIATE_AUTH
>
> Note the "usual" in the sentence above. Details depend very much on=20
> your LDAP server (which one?). Many weird things out there...
>
> Ciao, Michael.
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>