Reading groups from LDAP
Michael Ströder
michael at stroeder.com
Wed Jun 18 19:17:06 CEST 2008
Michael Ströder wrote:
> The user enters some user name. During login you have to use a
> configurable search filter for searching the user's entry.
>
> Something like:
> user_search_filter_template = '(|(uid=%s)(sAMAccountName=%s))'
>
> An then replace %s with what the user entered as user name.
Furthermore:
1. You have to check whether exactly *one* entry is returned in the
search results. search_ext_s(..,sizelimit=2)
2. You MUST only accept non-empty passwords when checking the user's
password with a bind request. If you send a simple bind request with an
empty password the bind is ok because it's only treated as anonymous
bind by most LDAP servers.
Ciao, Michael.
More information about the python-ldap
mailing list