determining if bind successful

Michael Engelhart mengelhart at katahdinsoftware.com
Thu May 1 18:15:25 CEST 2003


Hmm. OK - well below are the relevant snippets from LDAPWrapper class.  
When I pass in a valid dn for "user" and an incorrect password, it 
still binds.   It appears to bind as a user that has no privileges but 
it doesn't throw an exception.   I'm running openldap 2.1 on Mac OS X 
10.2.5 if that makes a difference.   Are the OpenLDAP settings that 
override this behavior that I can adjust.     It's very odd to me that 
it wouldn't "always" throw an exception or what's the point of the 
authentication step! :-)


Thanks
Mike


class LDAPWrapper:

	def __init__(self, user="", password=""):
		try:
			self.server = ldap.open("127.0.0.1")
			self.server.simple_bind(user, password)
		except ldap.LDAPError, e:
			print "general LDAP error ", e
		except ldap.INVALID_CREDENTIALS, e:
			print "Invalid Credentials", e
		except ldap.INAPPROPRIATE_AUTH, e:
			print "Inappropriate Auth", e
			
On Thursday, May 1, 2003, at 12:03  PM, Michael Ströder wrote:

> Michael Engelhart wrote:
>> Is there anything in the API that will let you determine whether a 
>> particular users login was successful or not?  I'm using simple_bind 
>> to bind a user but it appears that if you type in anything, it will 
>> accept but just not give access rights.  I want to be able to display 
>> a web page after a user tries to login that says "Username/Password 
>> were incorrect. please try again."
>
> Mainly if simple_bind_s(who,cred) was successful with a non-empty 
> password in cred the "login" was successful. Otherwise one of the 
> following exceptions is usually raised:
>
> ldap.INVALID_CREDENTIALS
>
> ldap.INAPPROPRIATE_AUTH
>
> Note the "usual" in the sentence above. Details depend very much on 
> your LDAP server (which one?). Many weird things out there...
>
> Ciao, Michael.
>
>
>
> 


More information about the python-ldap mailing list