Menu
▾
▴
Re: determining if bind successful
|
From: Michael E. <men...@ka...> - 2003-05-01 19:02:38
|
OK - did some testing. When I use this simple piece of test code (note that the password is=20 invalid) import ldap dn =3D "cn=3DDirectory Manager, o=3Dtestcompany.com" password =3D '1234567890' server =3D ldap.open("127.0.0.1") server.simple_bind(dn, password) print "got here" This binds to the server and no exception is thrown (even though the=20 password is invalid). When I do this from the command line: [StoneGroove:~/Desktop] mengelhart% ldapsearch -D "cn=3DDirectory=20 Manager,o=3Dtestcompany.com" -W -x "(ou=3DPeople)" Enter LDAP Password: 1234567890 ldap_bind: Invalid credentials (49) I am unable to bind because of the bogus password. Any other thoughts on what may be causing this problem under=20 python-ldap and not ldapsearch? Thanks Mike On Thursday, May 1, 2003, at 12:34 PM, Michael Str=F6der wrote: > Michael Engelhart wrote: >> Hmm. OK - well below are the relevant snippets from LDAPWrapper=20 >> class. When I pass in a valid dn for "user" and an incorrect=20 >> password, it still binds. It appears to bind as a user that has no=20= >> privileges but it doesn't throw an exception. > > Strange. Maybe some problems with ACLs (check=20 > http://www.openldap.org/faq/data/cache/189.html)? > > Below's a test I did with my local server. > 1. ldap.INVALID_CREDENTIALS is raised if the password provided does=20 > not match value of attribute 'userPassword'. > 2. ldap.INAPPROPRIATE_AUTH is raised if entry does not have attribute=20= > 'userPassword' at all. > 3. It only binds in the case the password matches. > > Best bet is trying to reproduce the same behaviour with OpenLDAP's=20 > ldapsearch and ask on the openldap-software mailing list. > > Ciao, Michael. > > ------------------------------- snip ------------------------------- > >>> import ldap > >>> l=3Dldap.initialize('ldap://localhost:1390') > >>> l.simple_bind_s('uid=3Danna,ou=3DTesting,dc=3Dstroeder,dc=3Dcom','wr= ong=20 > password') > Traceback (most recent call last): > File "<stdin>", line 1, in ? > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 435, in simple_bind_s > self.bind_s(who,passwd,_ldap.AUTH_SIMPLE) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 154, in bind_s > self.result(msgid,all=3D1,timeout=3Dself.timeout) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 334, in result > return self._ldap_call(self._l.result,msgid,all,timeout) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 90,=20= > in _ldap_call > result =3D func(*args,**kwargs) > ldap.INVALID_CREDENTIALS: {'info': '', 'desc': 'Invalid credentials'} > >>> l.simple_bind_s('cn=3DMichael=20 > Stroeder,ou=3DTesting,dc=3Dstroeder,dc=3Dcom','wrong password') > Traceback (most recent call last): > File "<stdin>", line 1, in ? > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 435, in simple_bind_s > self.bind_s(who,passwd,_ldap.AUTH_SIMPLE) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 154, in bind_s > self.result(msgid,all=3D1,timeout=3Dself.timeout) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 334, in result > return self._ldap_call(self._l.result,msgid,all,timeout) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 90,=20= > in _ldap_call > result =3D func(*args,**kwargs) > ldap.INAPPROPRIATE_AUTH: {'info': '', 'desc': 'Inappropriate=20 > authentication'} > >>> l.simple_bind_s('uid=3Danna,ou=3DTesting,dc=3Dstroeder,dc=3Dcom','an= na') > >>> > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Python-LDAP-dev mailing list > Pyt...@li... > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev > |
