Skip to first unread message
Jonathan R
Nov 18, 2015, 1:54:56 PM11/18/15
to web2py-users
Hi,
I'm still working on an app connecting on a ldap server using the credentials provided at login time by the user (in the webapp) and my objective is to bind once to the ldap server right after login and use this bind to make the different query requested by the user.
I bind using a custom function added to the list :
auth.settings.login_onaccept
I tried to use session to pass it to the app :
my code looks like :
def ldap_connect :
# create a simpleLDAPObject named con
# initialize this object
# use username and password provided to bind
# here comes the problem: make the con object available outside this function as long as the user is logged in
# I tried different flavor of : (session.con , session.vars.con, session.vars[con]) the issue is not on the syntax
session['con'] = con
This send an internal error while processing the functions: session.try_store_in ... [cookie_or_file, file] and return a Pikling Error Can't pikle <type 'thread.lock' >: attribute lookup thread.lock failed.
I suppose this is why there is a section called "Don't store user defined object in session' in the book, my question is then where should I store it ?
I'm still working on an app connecting on a ldap server using the credentials provided at login time by the user (in the webapp) and my objective is to bind once to the ldap server right after login and use this bind to make the different query requested by the user.
I bind using a custom function added to the list :
auth.settings.login_onaccept
I tried to use session to pass it to the app :
my code looks like :
def ldap_connect :
# create a simpleLDAPObject named con
# initialize this object
# use username and password provided to bind
# here comes the problem: make the con object available outside this function as long as the user is logged in
# I tried different flavor of : (session.con , session.vars.con, session.vars[con]) the issue is not on the syntax
session['con'] = con
This send an internal error while processing the functions: session.try_store_in ... [cookie_or_file, file] and return a Pikling Error Can't pikle <type 'thread.lock' >: attribute lookup thread.lock failed.
I suppose this is why there is a section called "Don't store user defined object in session' in the book, my question is then where should I store it ?
Niphlod
Nov 18, 2015, 3:09:08 PM11/18/15
to web2py-users
you can't really serialize a connection. you can serialize the plain password and then create a new one, using the credentials the user gave you.
Jonathan R
Nov 18, 2015, 3:20:34 PM11/18/15
to web2py-users
Hi Niphlod,
I used your method but the downside is that I have a plain text password stored in my application then, I'm not really aware how secure it is to do so, is there a way for an attacker to extract this info ?
I used your method but the downside is that I have a plain text password stored in my application then, I'm not really aware how secure it is to do so, is there a way for an attacker to extract this info ?
Niphlod
Nov 18, 2015, 3:45:52 PM11/18/15
to web2py-users
if you expose it to him, yes.
Unfortunately in your situation the only way to create an ldap connection is to save somewhere what you need to bind to the AD server, which at the very LEAST is username and password. Once again I urge to speak with AD administrators and require a dedicated set of credentials to let your app connect to AD servers.
I'm pretty sure that if you explain them what you're trying to do without it (really scary stuff), they'll be happy to comply.
On a totally different path, you can subclass or make your own login_method (mostly copy/pasting web2py's one) and append your queries to it.
Richard Vézina
Nov 18, 2015, 9:23:39 PM11/18/15
to web2py-users
Hello Jonathan,
What are you trying to do exactly? Are you trying to write an App that can manage an LDAP server? Something like PHPldapadmin for instance?--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jonathan R
Dec 1, 2015, 10:24:52 AM12/1/15
to web2py-users
Hey Richard,
Sorry for the very late answer I had personal issues that kept me out of this project.
Yes I try to create an app to "manage" parts of an ldap server such as display query results (predefined queries) and later, maybe, modify informations in this ldap server.
Sorry for the very late answer I had personal issues that kept me out of this project.
Yes I try to create an app to "manage" parts of an ldap server such as display query results (predefined queries) and later, maybe, modify informations in this ldap server.
Richard Vézina
Dec 1, 2015, 10:42:34 AM12/1/15
to web2py-users
So that is different... So I guess Simone miss understand your goal... I think he may had thought you want to tamper with LDAP...
You need the administrator credentials then you can start doing something... And you should have a look to this project : https://pypi.python.org/pypi/ldap3
Python LDAP is not python 3 compatible yet, but there is this fork if you prefer : https://github.com/pyldap/pyldap
Though ldap3 look promising...
Or you can stick with python-ldap it up to you...
Leave ldap_auth.py behind and start from scratch you will loose much less time.
Good luck
Richard
Reply all
Reply to author
Forward
0 new messages