jedp at ilm.com
Thu Mar 30 22:11:47 CEST 2006
> Which LDAP server are you using? You can switch off this behaviour
> with OpenLDAP. See man 5 slapd.conf, allow <features>.
I don't have anything other than user access. Good to know about this
You've been very helpful - I really appreciate it.
Can you recommend any favorite books or sites where I can learn more
Michael Ströder wrote:
> Jed Parsons wrote:
>> As an addendum, I discovered one little gotcha, namely that this:
>> l.bind_s(username, password, ldap.AUTH_SIMPLE)
>> throws an ldap.INVALID_CREDENTIALS error if the password contains the
>> wrong text, but works if the password is empty. I guess this is
>> tantamount to binding as ("", ""), but I wasn't expecting it; I figured
>> if a username was specified, the password would have to agree.
> Yes, this is by design. Empty cred means just switching to anon
> bind. LDAP was not intended to be used for password checking at that time.
> Which LDAP server are you using? You can switch off this behaviour with
> OpenLDAP. See man 5 slapd.conf, allow <features>.
>> So my
>> little authentication example also needs to test for empty passwords.
> Ciao, Michael.
Jed Parsons Industrial Light + Magic (415) 746-2974
More information about the Python-list