determining if bind successful
Michael Ströder
michael at stroeder.com
Thu May 1 18:34:42 CEST 2003
Michael Engelhart wrote:
> Hmm. OK - well below are the relevant snippets from LDAPWrapper class.
> When I pass in a valid dn for "user" and an incorrect password, it still
> binds. It appears to bind as a user that has no privileges but it
> doesn't throw an exception.
Strange. Maybe some problems with ACLs (check
http://www.openldap.org/faq/data/cache/189.html)?
Below's a test I did with my local server.
1. ldap.INVALID_CREDENTIALS is raised if the password provided does not
match value of attribute 'userPassword'.
2. ldap.INAPPROPRIATE_AUTH is raised if entry does not have attribute
'userPassword' at all.
3. It only binds in the case the password matches.
Best bet is trying to reproduce the same behaviour with OpenLDAP's
ldapsearch and ask on the openldap-software mailing list.
Ciao, Michael.
------------------------------- snip -------------------------------
>>> import ldap
>>> l=ldap.initialize('ldap://localhost:1390')
>>> l.simple_bind_s('uid=anna,ou=Testing,dc=stroeder,dc=com','wrong password')
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 435, in
simple_bind_s
self.bind_s(who,passwd,_ldap.AUTH_SIMPLE)
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 154, in
bind_s
self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 334, in
result
return self._ldap_call(self._l.result,msgid,all,timeout)
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 90, in
_ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'info': '', 'desc': 'Invalid credentials'}
>>> l.simple_bind_s('cn=Michael
Stroeder,ou=Testing,dc=stroeder,dc=com','wrong password')
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 435, in
simple_bind_s
self.bind_s(who,passwd,_ldap.AUTH_SIMPLE)
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 154, in
bind_s
self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 334, in
result
return self._ldap_call(self._l.result,msgid,all,timeout)
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 90, in
_ldap_call
result = func(*args,**kwargs)
ldap.INAPPROPRIATE_AUTH: {'info': '', 'desc': 'Inappropriate authentication'}
>>> l.simple_bind_s('uid=anna,ou=Testing,dc=stroeder,dc=com','anna')
>>>
More information about the python-ldap
mailing list