On Tuesday 28 March 2006 06:23, Olivier Grisel wrote:
> You don't need the LDAPUserFolder product. LDAPDirectory and
> LDAPDirectoryVocabulary are provided for backward compataibility only. In
> CPSLDAPSetup we use LDAPBackingDirectory.
ok! removed LDAPUserFolder from Products.
>
> Please watch the log once you attempt to login with a failing uid that
> belongs to your LDAP.
here is what I got:
2006-03-28T09:48:43 TRACE searchLDAP Searching cache for {'filter':
'(&(objectClass=*)(uid=mariomenezes))', 'scope': 2, 'base':
'ou=people,dc=ipen,dc=br', 'attrs': ['cn', 'cpsGroups', 'cpsRoles', 'dn',
'givenName', 'mail', 'o', 'ou', 'postalAddress', 'sn', 'telephoneNumber',
'title', 'uid', 'userPassword']}
------
2006-03-28T09:48:43 TRACE searchLDAP search_s base=ou=people,dc=ipen,dc=br
scope=2 filter=(&(objectClass=*)(uid=mariomenezes)) attrs=['cn', 'cpsGroups',
'cpsRoles', 'dn', 'givenName', 'mail', 'o', 'ou', 'postalAddress', 'sn',
'telephoneNumber', 'title', 'uid', 'userPassword']
------
2006-03-28T09:48:44 TRACE searchLDAP
->results=[('uid=mariomenezes,ou=People,dc=ipen,dc=br', {'mail':
['mario at ipen.br'], 'givenName': ['Mario Olimpio de Menezes'], 'cn': ['Mario
Olimpio de Menezes'], 'sn': ['9175'], 'uid': ['mariomenezes']})]
------
2006-03-28T09:48:44 TRACE searchLDAP Putting in cache
------
2006-03-28T09:48:44 TRACE ZODBDirectory._searchEntries Searching cache for
{'return_fields': None, 'members': ['mariomenezes']}
------
2006-03-28T09:48:44 TRACE ZODBDirectory._searchEntries -> results=[]
------
2006-03-28T09:48:44 TRACE ZODBDirectory._searchEntries Searching cache for
{'return_fields': None, 'members': ['mariomenezes']}
------
2006-03-28T09:48:44 TRACE ZODBDirectory._searchEntries -> results=[]
------
2006-03-28T09:48:44 DEBUG getUserWithAuthentication KeyError
('uid=mariomenezes,ou=People,dc=ipen,dc=br') for user mariomenezes
--------------------------------------------
I can connect to this ldap server using for example LUMA ou phpldapadmin.
One thing I noticed is that the server uses crypt to store passwords; when I
do a bind with a valid user and a search with this same user, I can retrieve
the userPassword field and it starts with {crypt}.
I only can retrieve the password field if I do a valid user bind; using
anonymous bind, I can't retrieve the userPassword field. At least using
phpldapadmin utility.
Could this be a problem? Does LDAPUserFolder use a different approach for
this? This portal used to work with LDAPUserFolder with the same ldap server.
I confirmed with the ldap admin person and there was no modification at the
server side.
Thanks for all the help!
--
Mario O.de Menezes, Ph.D. "Many are the plans in a man's heart, but
LinuxUser: #24626 is the Lord's purpose that prevails" Pv 19.21
http://www.ipen.br/~mario
Hosting: Nuxeo: Zope service provider