determining if bind successful
Michael Engelhart
mengelhart at katahdinsoftware.com
Thu May 1 18:15:25 CEST 2003
Hmm. OK - well below are the relevant snippets from LDAPWrapper class.
When I pass in a valid dn for "user" and an incorrect password, it
still binds. It appears to bind as a user that has no privileges but
it doesn't throw an exception. I'm running openldap 2.1 on Mac OS X
10.2.5 if that makes a difference. Are the OpenLDAP settings that
override this behavior that I can adjust. It's very odd to me that
it wouldn't "always" throw an exception or what's the point of the
authentication step! :-)
Thanks
Mike
class LDAPWrapper:
def __init__(self, user="", password=""):
try:
self.server = ldap.open("127.0.0.1")
self.server.simple_bind(user, password)
except ldap.LDAPError, e:
print "general LDAP error ", e
except ldap.INVALID_CREDENTIALS, e:
print "Invalid Credentials", e
except ldap.INAPPROPRIATE_AUTH, e:
print "Inappropriate Auth", e
On Thursday, May 1, 2003, at 12:03 PM, Michael Ströder wrote:
> Michael Engelhart wrote:
>> Is there anything in the API that will let you determine whether a
>> particular users login was successful or not? I'm using simple_bind
>> to bind a user but it appears that if you type in anything, it will
>> accept but just not give access rights. I want to be able to display
>> a web page after a user tries to login that says "Username/Password
>> were incorrect. please try again."
>
> Mainly if simple_bind_s(who,cred) was successful with a non-empty
> password in cred the "login" was successful. Otherwise one of the
> following exceptions is usually raised:
>
> ldap.INVALID_CREDENTIALS
>
> ldap.INAPPROPRIATE_AUTH
>
> Note the "usual" in the sentence above. Details depend very much on
> your LDAP server (which one?). Many weird things out there...
>
> Ciao, Michael.
>
>
>
>
More information about the python-ldap
mailing list