891: LDAP enhancements
- Fixed
- Review Board
| schl****@gmai***** (Google Code) (Is this you? Claim this profile.) | |
 |
|
| May 1, 2009 |
1)
Look at the attached image. It's not clear, that one of this two fields
must be filled out. If both fields are empty, there is an error during logon.
-------------------------------
if settings.LDAP_EMAIL_DOMAIN:
email = u'%s@%s' % (username, settings.LDAP_EMAIL_DOMAIN)
elif settings.LDAP_EMAIL_ATTRIBUTE:
email = passwd[0][1][settings.LDAP_EMAIL_ATTRIBUTE][0]
user = User(username=username,
password='',
first_name=first_name,
last_name=last_name,
email=email)
-------------------------------
2)
Is there a good reason why the scope is fix ldap.SCOPE_ONELEVEL? It would
be great if there could be an additional setting. I have to search in the
scope ldap.SCOPE_SUBTREE
-------------------------------
class LDAPBackend:
def authenticate(self, username, password):
....
search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_ONELEVEL,
uid)
-------------------------------
3) The ldap username should be case insensitiv. If you login with username "Test" RB will create an new user. If you type "test" as username the next time, RB creates also an new user and doesn't query the user "Test". Both "Test" and "test" are identically in the ldap-tree.
-
- Type-Defect + Type-Enhancement
It also assumes that attributes `givenName` and `sn` are always present, which is not necessary true. ----- first_name = passwd[0][1]['givenName'][0] last_name = passwd[0][1]['sn'][0] ----- Maybe it's a good idea to have a fallback like this? ----- first_name = username last_name = '' -----
It would be helpful to break these into different bugs. I'm addressing the givenName/sn issue now, the SCOPE_SUBTREE was fixed in another change, and the e-mail still needs to be handled.
-
+ Confirmed -
+ Milestone-Release1.0 + Component-Accounts
Everything but the case-insensitive part is fixed.