<br><br><div class="gmail_quote">On Wed, Jun 18, 2008 at 7:17 PM, Michael Ströder <<a href="mailto:michael@stroeder.com">michael@stroeder.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Michael Ströder wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
The user enters some user name. During login you have to use a configurable search filter for searching the user's entry.<br>
<br>
Something like:<br>
user_search_filter_template = '(|(uid=%s)(sAMAccountName=%s))'<br>
<br>
An then replace %s with what the user entered as user name.<br>
</blockquote>
<br></div>
Furthermore:<br>
<br>
1. You have to check whether exactly *one* entry is returned in the search results. search_ext_s(..,sizelimit=2)<br>
2. You MUST only accept non-empty passwords when checking the user's password with a bind request. If you send a simple bind request with an empty password the bind is ok because it's only treated as anonymous bind by most LDAP servers.<br>
<br>
Ciao, Michael.</blockquote><div><br>Ok, <br>Probably we didn't understand.I will use uid=userid_name ( %s = userid_name).<br>I have a test that I want to succeed:<br><br><br><br></div></div><br> def testMemberOfGroup(self):<br>
"""Authenticate to LDAP and read all groups that user with uid usera<br> is a member of.<br> """<br> server_uri = self.ldap_env.slapd.url<br> base_dn = self.ldap_env.basedn<br>
lo = ldap.initialize(server_uri)<br> ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)<br> lo.simple_bind_s('', '')<br> search_filter='(|(&(objectClass=*)(member=uid=usera,ou=Unit A,ou=Users,ou=testing,dc=example,dc=org)))'' # ths one was just for checking if this works<br>
search_groups = lo.search_st(base_dn, ldap.SCOPE_SUBTREE, search_filter)<br><br>(yes this works but I don't want to need to know all those stuff after the uid=usera)<br><br>I know you said it's a bad thing to search for substring nut this is the only way how I can say something is a grop -> for me in ma definition, something is a group if has a member (or a type containing word member- there is wher it will be grat to use substrings) and in the member part of the record it has uid, the rest of the groups I don't want to know about them.<br>
<br>And I have a part of record record:<br>'member': ['cn=dummy', 'uid=usera,ou=Unit A,ou=Users,ou=testing,dc=example,dc=org']<br><br>And I only want to search for uid=usera, not the rest of the record. This is only for test and for the real search I will use it more configurable.<br>
<br><br clear="all"><br>-- <br>Melita MIhaljevic|melita.mihaljevic at <a href="http://gmail.com">gmail.com</a>| melita.mihaljevic at <a href="http://fer.hr">fer.hr</a><br>ICQ: 201278527 | Gtalk: melita.mihaljevic | <a href="http://mihaljevicmelita.blogspot.com/">http://mihaljevicmelita.blogspot.com/</a><br>
PGP: 0xDB17A80C | <a href="http://fly.srk.fer.hr/~gizmo">http://fly.srk.fer.hr/~gizmo</a><br><a href="http://www.last.fm/user/maligizmo/">http://www.last.fm/user/maligizmo/</a> | <a href="http://www.linkedin.com/in/mmihaljevic">http://www.linkedin.com/in/mmihaljevic</a>
<div style="border: 1px solid gray; position: absolute; left: 0px; top: 0px; width: 16px; height: 16px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAABnRSTlMA+QD7AP7IFnaXAAAACXBIWXMAAA7EAAAOxAGVKw4bAAACfUlEQVR4nD2Sy0uUYRTGn/N+71wcnaYxL0gpNSm56WZEKCkRRJv6F4qIIqxNq7AoKmgTbbrRxlpEuamgAqmVRpQUFDVdnLLMSsX7jM7Fb77vvZwWoz0cOAee5/esDjxlPWV9becLpverYmZme+/N4siM1tqWXE/Z4vKB0lLaLiyapnMzz764zLz2zAwze8oWmT1mj1kxe8xFZgkAgGWUB2noQlXsyGDyUuO+Rh+AkOR8n1dPU6Zv1LxL65CNvD9AnrIlhgEpyQFo+5Obl3d36vuZuQGuO1++o4HC0v04jq23vZqyJYABIchPPYyEC+13NzWEx3q6EnB/5yfKg4ldMCAH5k4ye/iBwLKYDQUFrT/48mi6p2u/P5ZEoErmP5U8BjgWMk3Vy4CkYMFRqR8AOFJX/PU4uLoFRgs7yv8br72v6N4vALCkUFbNPfoc2rYOgBOvDydaoV0YT8ZWUW6SJYmCzhVzZR0JwQTHIHtjYMWhjSK8WWfeAHkgA3JhPFFRi9k+AnKnnsffHrOGBRyyp1/Ioy3MoFUbkHkN+PrztE7nES2gWkgxRGmUXdkLCzCEM1HwB6dlVRQEC1BNBMjpkyOmNjVNQ4M0ln2XokqIQACWAUjzatz5mpXXP/iJmExlVH9c9w8U3Fwa5KIqfvHvyg5ZnPomqpvBACBNkGhk3j07QIY1yOTVKHyKxoOVlbGDX+q7ivjpGO+FqG2GBQBSzAudvf6tDxY2F3G8LWsq236qZAMaJxJXFzC8ADtdGDeBPb3QDICKygpJAGh57Gz3ZPfHNSdc/JnzpsaVV4FoR3DnhSXg/y8tSZCZHcbQcQ612WhroL6dysMASmkA/wALgWlRuJztiwAAAABJRU5ErkJggg==); background-repeat: no-repeat; background-color: rgb(238, 238, 238); cursor: pointer; z-index: 65535; display: none;">
</div>