search

alfonsodg / demo-web2py

Apache License 2.0
0 stars 0 forks source link

Login to AD fail if secure=True #93

Closed alfonsodg closed 10 years ago

alfonsodg commented 10 years ago

From yuri%iti...@gtempaccount.com on August 12, 2010 05:29:16

What steps will reproduce the problem? 1. Config login to AD

  1. Set secure=True 3. What is the expected output? What do you see instead? Login failed. What version of the product are you using? On what operating system? 1.82.1 Please provide any additional information below.

Original issue: http://code.google.com/p/web2py/issues/detail?id=94

alfonsodg commented 10 years ago

From massimod...@gmail.com on September 12, 2010 20:03:38

Can you tell us more?

alfonsodg commented 10 years ago

From yuri%iti...@gtempaccount.com on September 14, 2010 01:49:31

I have try to use ldaps to make encrypted connection to AD. auth.settings.login_methods.append(ldap_auth(mode='ad', secure=True, ....

It make ldaps connection to tcp 636, but authentication failed.

alfonsodg commented 10 years ago

From yuri%iti...@gtempaccount.com on September 27, 2010 06:20:35

I have some time to investigate the issue. Here the patch to gluon/contrib/login_methods/ldap_auth.py

--- ldap_auth.py.org 2010-09-27 15:05:24.820862953 +0200 +++ ldap_auth.py 2010-09-27 15:06:01.253863007 +0200 @@ -3,7 +3,7 @@

def ldap_auth(server='ldap', port=None, base_dn='ou=users,dc=domain,dc=com',

@@ -55,6 +55,8 @@ ldap_port = 636 con = ldap.initialize( "ldaps://" + ldap_server + ":" + str(ldap_port))

Usage example: copy Active Directory CA cert in PEM format to some dir (/etc/openldap/cacerts ?)

auth.settings.login_methods.append(ldap_auth(mode='ad', secure=True, server='ip.addr.of.AD_SRV', cacert_dir="/cacerts_dir", base_dn='OU=Users,OU=SomeOrgUnit,DC=subDomain,DC=domain,DC=com'))

alfonsodg commented 10 years ago

From massimo....@gmail.com on January 12, 2011 07:00:08

Your patch is in. I renamed cacert_dir as cert_path. Hope that is ok. Sorry it took forever.

Status: Fixed