ldap authentication stopped working: "enter a valid email address"
5 views
Skip to first unread message
Fred
Dec 14, 2009, 6:03:35 PM12/14/09
to web2py-users
LDAP authentication has been working fine for my apps up through
version 1.72.3. But when I use 1.73.1 I always get a validation error
on-screen for my username (a.k.a email) input field saying "enter a
valid email address".
I see that the Auth define_tables() function puts the IS_EMAIL
validator on the 'email' field and perhaps that's causing the
problem. But the same thing was done back in 1.72.3 and it worked
fine.
Possibly related: In the course of updating my development
environment to 1.73.1 I got the core web2py code from the new
mercurial repository and merged my apps into that. It's possible that
something in that process causes this LDAP problem but I can't see
how. I rsync'ed the application folders from my older development
system including all the databases/ folders.)
Anybody have a clue on this?
version 1.72.3. But when I use 1.73.1 I always get a validation error
on-screen for my username (a.k.a email) input field saying "enter a
valid email address".
I see that the Auth define_tables() function puts the IS_EMAIL
validator on the 'email' field and perhaps that's causing the
problem. But the same thing was done back in 1.72.3 and it worked
fine.
Possibly related: In the course of updating my development
environment to 1.73.1 I got the core web2py code from the new
mercurial repository and merged my apps into that. It's possible that
something in that process causes this LDAP problem but I can't see
how. I rsync'ed the application folders from my older development
system including all the databases/ folders.)
Anybody have a clue on this?
Fred
Dec 15, 2009, 12:20:31 PM12/15/09
to web2py-users
The Auth.login() method in tools.py is causing my grief. It's setting
a temporary IS_EMAIL() validator on the auth_user.email field during
login.
I've been using the standard Auth tables along with LDAP
authentication successfully, in production, for months. That scheme
stores the LDAP username in the auth_user.email field. But now it
seems that newer Auth code wants there to be a 'username' field in the
auth_user table to avoid the IS_EMAIL() check during login.
This is a pain. It's not backward compatible for one. I see in the
v2 manual the explanation of how to define auth_user from scratch and
add a 'username' field that way. I've got several apps in production
and don't want to update all their models with that mess. I'm
experimenting with patching tools.py to conditionally define a
auth_user.username field based on a new Auth.settings.username_field
parameter which I can set in the models. That's going OK except that
I'm seeing new rows added to auth_user as I login with usernames that
I've already logged in with before.
a temporary IS_EMAIL() validator on the auth_user.email field during
login.
I've been using the standard Auth tables along with LDAP
authentication successfully, in production, for months. That scheme
stores the LDAP username in the auth_user.email field. But now it
seems that newer Auth code wants there to be a 'username' field in the
auth_user table to avoid the IS_EMAIL() check during login.
This is a pain. It's not backward compatible for one. I see in the
v2 manual the explanation of how to define auth_user from scratch and
add a 'username' field that way. I've got several apps in production
and don't want to update all their models with that mess. I'm
experimenting with patching tools.py to conditionally define a
auth_user.username field based on a new Auth.settings.username_field
parameter which I can set in the models. That's going OK except that
I'm seeing new rows added to auth_user as I login with usernames that
I've already logged in with before.
mdipierro
Dec 15, 2009, 12:53:11 PM12/15/09
to web2py-users
I'd say it is a big that is stores username in the email field.
It should use a 'username' field.
I will look into this but for now my suggestion is edit tools and
change
if 'username' in table_user.fields:
username = 'username'
tmpvalidator = IS_NOT_EMPTY(self.messages.is_empty)
else:
username = 'email'
tmpvalidator = IS_EMAIL(self.messages.invalid_email)
into this
username = 'email'
tmpvalidator = IS_EMAIL(self.messages.invalid_email)
Sorry for this problem.
It should use a 'username' field.
I will look into this but for now my suggestion is edit tools and
change
if 'username' in table_user.fields:
username = 'username'
tmpvalidator = IS_NOT_EMPTY(self.messages.is_empty)
else:
username = 'email'
tmpvalidator = IS_EMAIL(self.messages.invalid_email)
into this
username = 'email'
tmpvalidator = IS_EMAIL(self.messages.invalid_email)
Sorry for this problem.
Fred
Dec 15, 2009, 2:44:35 PM12/15/09
to web2py-users
That IS_EMAIL() temporary validator is exactly what I *don't* want for
LDAP authentication.
LDAP authentication.
mdipierro
Dec 15, 2009, 9:41:07 PM12/15/09
to web2py-users
Please check out trunk and do
auth.settings.login_email_validate = False
does it solve your problem?
This is a temporary solution. ldap module needs to be changed to use
username and not email. The current use of email should be considered
a bug.
auth.settings.login_email_validate = False
does it solve your problem?
This is a temporary solution. ldap module needs to be changed to use
username and not email. The current use of email should be considered
a bug.
Fred
Dec 17, 2009, 10:32:04 AM12/17/09
to web2py-users
Setting the new auth.settings.login_email_validate parameter seems to
solve the problem. Thanks.
solve the problem. Thanks.
Reply all
Reply to author
Forward
0 new messages