| Request | LDAP User Folder -- bug report -- by Adrian Rogers |
| Posted on | Jan 12, 2007 12:16 pm |
| Subscribe |
| Comment by Adrian Rogers on Jan 15, 2007 4:54 am | |
|
Well, as I said in my OP, the function at the point in the code that is marked is returning an Anonymous user practically every time (actually it does occasionally return an object that seems to be the correct user but does not do so in a manner that is reproducible, and even in these cases the object still appears to fall through to the not an LDAPUser object case). The situation that caused me to investigate this was when I was attempting to perform a member search within plone and was consistently getting no results back even when there should be some. Some background info: The plone site has no anonymous access allowed, all users must first log in and be authenticated against our LDAP server. The LDAP server has a manager account that may be used for read only access, anonymous connections are not permitted to do anything, authenticated users may write to their own attributes. Initially when the site was set up the 'Manager DN Usage' drop down set to 'Always' when doing this users were able to log in successfully and functions such as member search worked correctly. The only thing that didn't work however was the password change function as this required the connection to be bound on the user wishing to change the password. So the drop down was changed to 'For login data lookup only'. Users could now successfully log in still, but none of the other functions that worked before (such as the member search) would now work, and change password also failed. After a session of adding debug messages in various points of the code, I finally tracked down the point in the code marked in my OP as the reason things are failing. There are no error messages being produced as the code is simply falling through to its default option of trying to connect to the LDAP server anonymously. |
|
|
|
| Comment by Jens Vagelpohl on Jan 12, 2007 1:04 pm | |
|
What you are seeing is perfectly normal in some situations. Instead of describing one microscopic behavior and drawing premature conclusions it might be better to provide more details on what you are trying to do, what you expect to happen and what is happening instead. With full error tracebacks, if there are any. |
|
|
|
| Initial Request by Adrian Rogers on Jan 12, 2007 12:16 pm | |
|
I have an installation of LDAPUserFolder 2.7 on Zope 2.9.6 and Plone 2.5.1 I'm currently having trouble with the connect function in LDAPDelegate.py (I've marked the place below) it would appear that at this point in the code user always returns an object that is not of type LDAPUser and furthermore refers to an Anonymous user. def connect(self, bind_dn='', bind_pwd=''): """ initialize an ldap server connection """ conn = None if bind_dn != '': user_dn = bind_dn user_pwd = bind_pwd or '~' elif self.binduid_usage == 1: user_dn = self.bind_dn user_pwd = self.bind_pwd else: ### Following line returns Anonymous ### user = getSecurityManager().getUser() try: user_dn = user.getUserDN() user_pwd = user._getPassword() except AttributeError: # User object is not a LDAPUser user_dn = user_pwd = '' |
