repoze.who LDAP plugin

how to configure identifiers?

Asked by pipoun

Hello,

I have installed TG in a new virtualenv, then started the demo project.
I only have 404 errors. Here are the logs:
____

Starting server in PID 5129.
serving on http://******:8089
2010-07-22 18:33:39,917 -- repoze.who request started (/) --
2010-07-22 18:33:39,917 request classification: browser
2010-07-22 18:33:39,917 identifier plugins registered [<FormPlugin 150872044>, <AuthTktCookiePlugin 150871980>]
2010-07-22 18:33:39,917 identifier plugins matched for classification "browser": [<FormPlugin 150872044>, <AuthTktCookiePlugin 150871980>]
2010-07-22 18:33:39,917 no identity returned from <FormPlugin 150872044> (None)
2010-07-22 18:33:39,918 no identity returned from <AuthTktCookiePlugin 150871980> (None)
2010-07-22 18:33:39,918 identities found: []
2010-07-22 18:33:39,918 no identities found, not authenticating
18:33:39,923 INFO [tg.i18n] Language ['en-us', 'en']: not supported
18:33:39,923 INFO [tg.i18n] Language ['en-us', 'en']: not supported by FormEncode
18:33:39,926 INFO [tg.i18n] Language ['en-us', 'en']: not supported
18:33:39,926 INFO [tg.i18n] Language ['en-us', 'en']: not supported by FormEncode
2010-07-22 18:33:39,927 no challenge required
2010-07-22 18:33:39,927 -- repoze.who request ended (/) --
____

I've tried to understand why there is a problem. There are two identifiers FormPlugin and AuthTktCookiePlugin, and they don't give any identity to be checked for authentication.

One identifier concern cookies, so I assume the authentication has to be done once before to use it.
So, why FormPlugin "doesn't" work? What am I missing?

Any help would be very appreciated.

Thanks

Question information

Language:
English Edit question
Status:
Solved
For:
repoze.who LDAP plugin Edit question
Assignee:
No assignee Edit question
Solved by:
pipoun
Solved:
Last query:
Last reply:
Revision history for this message
Gustavo Narea (gnarea) said : 		#1

The behavior you describe seems to be the right one: Nothing should happen in "/" because there's no login. Check how you've configured FormPlugin and there you'd see where the login form is displayed (it could be "/login").

As for the 404 responses, they should come from TurboGears or another WGSI middleware. AFAIR, there's nothing in repoze.who that would return a 404.

I'd recommend you try the Repoze mailing list because this issue is not related to the repoze.who LDAP plugin:
http://lists.repoze.org/listinfo/repoze-dev

Revision history for this message
pipoun (pipoun) said : 		#2

Hello Gustavo,

Thanks for your answer. Actually, I should have not bothered you with such a question, but as I have already a running TurboGears server on the same machine, I have assumed that it could only come from this new package.

Fortunately, I've found out the problem. Actually there are two of them. I have created a new virtulaenv (with --no-site-packages) but after activation, the command paster is still linked to /usr/bin/paster. So the packages from the global python site-packages were imported. Unfortunately, my global packages are more recent than those in virtualenv, and the new Routes package is not compatible with turbogears. Always 404 errors.

The demo project is now running fine. Just two comments:
- when I enter no password, the authentication does not fail. (for info: I use bind_dn and bind_pass)
- I'm using active directory, for the record, here are one config sample:
[plugin:ldap_auth]
use = repoze.who.plugins.ldap:LDAPSearchAuthenticatorPlugin
ldap_connection = ldap://adserv.domain.local:3268
base_dn = dc=domain,dc=local
bind_dn = <email address hidden>
bind_pass = bindpass
naming_attribute = sAMAccountName
restrict = (objectClass=user)

Cheers

Revision history for this message
Gustavo Narea (gnarea) said : 		#3

I'll have a look at the problem you mention. Thank you! :)

Revision history for this message
Gustavo Narea (gnarea) said : 		#4

Sorry, I forgot to report back.

I had a look at the problem you mentioned later that week: It seems to be normal that authentication succeeds if you don't pass a password:
http://www.google.com/search?q=%2Bldap%20%2B%22no+password%22

HTH.