From bc7ca56f41194a33cc82b261238a224b6a634aa2 Mon Sep 17 00:00:00 2001 From: Martin Wilck Date: Fri, 25 May 2012 16:03:07 +0200 Subject: [PATCH 1/2] PATCH: [LDAPAuth] allow authentication to continue This patch removes use of CancelLogin when bad LDAP credentials were encountered, allowing other auth methods to continue after LDAP failure. Furthermore, in the case of LDAP bind failure, the cases with and with out bind_dn are more cleanly distinguished. --- auth/ldap_login.py | 10 ++++++++-- 1 files changed, 8 insertions(+), 2 deletions(-) diff --git a/auth/ldap_login.py b/auth/ldap_login.py index 29dba6e..ba93098 100644 --- a/auth/ldap_login.py +++ b/auth/ldap_login.py @@ -27,7 +27,7 @@ except ImportError, err: raise from MoinMoin import user -from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin +from MoinMoin.auth import BaseAuth, ContinueLogin class LDAPAuth(BaseAuth): @@ -242,8 +242,14 @@ class LDAPAuth(BaseAuth): logging.debug("creating user object with name %r email %r alias %r" % (username, email, aliasname)) except ldap.INVALID_CREDENTIALS, err: + if self.bind_once: + if self.report_invalid_credentials: + return ContinueLogin(user_obj, + message=_("Invalid username or password.")) + else: + return ContinueLogin(user_obj) logging.debug("invalid credentials (wrong password?) for dn %r (username: %r)" % (dn, username)) - return CancelLogin(_("Invalid username or password.")) + return ContinueLogin(user_obj, _("Bind to LDAP server %(server)s failed." % {'server': server})) if u and self.autocreate: logging.debug("calling create_or_update to autocreate user %r" % u.name) -- 1.7.7.6