Comments (6)
Hi,
The ldap authentication was only tested against openldap. https://msdn.microsoft.com/fr-fr/library/ms680851(v=vs.85).aspx seems to say that the password attribute is write only in Active Directory, so only the bind method should work (like in the Vauxia's fork, introduce in version 0.8.0).
I don't really known the differences between openldap and AD, I'll try to setup a AD server to test shortly
from django-cas-server.
EDITED
Hi,
I've tested the "bind" option for CAS_LDAP_PASSWORD_CHECK and it looks very promising, but I have two issues with it.
- If I put non-existing username I'm always getting exception:
'NoneType' object has no attribute 'getitem'
Exception Location: ...venv/local/lib/python2.7/site-packages/cas_server/auth.py in test_password, line 328
For existing username and incorrect password everything works as expected
("The credentials you provided cannot be determined to be authentic." is being returned)
- If I put correct credentials I'm getting error:
'utf8' codec can't decode byte 0x82 in position 1: invalid start byte
For this issue I found workaround. If this line:
https://github.com/nitmir/django-cas-server/blob/master/cas_server/models.py#L60
is changed to:
self._attributs = utils.json_encode(str( value ))
user authenticates.
Greetings!
from django-cas-server.
Can you provide full traceback ?
Doing str(value) is a no go as, instead of storing a json object, you will then only store a json string.
If you could provide a dump of some kind of the value causing the exception it would also be usefull.
Are you using python2 or python3 ?
from django-cas-server.
The exception raised then putting non existing usernames is fixed in 443c87f (dev branch)
The second one is odd. From a openldap server, ldap3 only return unicode objects and utils.json_encode works on unicode. It looks like objecst return from your active directory server are not unicode:
In [1]: import ldap3
In [2]: from django.conf import settings
In [3]: from cas_server import auth
In [4]: conn = auth.LdapAuthUser.get_conn()
In [5]: conn.search(settings.CAS_LDAP_BASE_DN, "(uid=passoir)", attributes=ldap3.ALL_ATTRIBUTES)
Out[5]: True
In [6]: e = conn.entries[0]
In [7]: e.entry_attributes_as_dict
Out[7]:
{u'gecos': [u'Toto Passoir,,,'],
u'gidNumber': [100],
u'homeDirectory': [u'/home/p/passoir'],
u'objectClass': [u'adherent',
u'cransAccount',
u'posixAccount',
u'shadowAccount'],
u'uid': [u'passoir'],
u'uidNumber': [4539]}
Here you can see all keys and returned string values are unicodes
In [15]: utils.json_encode(u"é")
Out[15]: '"\\u00e9"'
In [16]: In [14]: utils.json_encode(u"é".encode("utf-8"))
Out[16]: '"\\u00e9"'
In [17]: In [14]: utils.json_encode(u"é".encode("latin9"))
---------------------------------------------------------------------------
UnicodeDecodeError Traceback (most recent call last)
<ipython-input-17-ed2eed8c9008> in <module>()
----> 1 utils.json_encode(u"é".encode("latin9"))
/home/s/samir/Programme/django-cas-server/test_venv/cas/cas_server/utils.pyc in json_encode(obj)
48 """Encode a python object to json"""
49 try:
---> 50 return json_encode.encoder.encode(obj)
51 except AttributeError:
52 json_encode.encoder = DjangoJSONEncoder(default=six.text_type)
/usr/lib/python2.7/json/encoder.pyc in encode(self, o)
199 o = o.decode(_encoding)
200 if self.ensure_ascii:
--> 201 return encode_basestring_ascii(o)
202 else:
203 return encode_basestring(o)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xe9 in position 0: unexpected end of data
utf-8 works as it is assumed as the default encoding by some backends but we shouldn't be passing non unicode (byte strings) to utils.json_encode in the first place.
From the ldap3 doc:
The LDAP protocol stores strings in a Directory String type that should always be in utf-8. So when the ldap3 library communicate with the server it always encodes/decodes Directory strings with the utf-8 encoding.
from django-cas-server.
Hi,
first of all thank you for your help and support.
About my second issue:
I usually use Python 2.7 and using this version when recreating your shell code gives UnicodeDecodeError
However, when I changed Python version to 3.5 there was no error in shell and also Django CAS Server started properly authorizing existing users.
By the way - I use ldap3 version 1.4.0 (due to 2.x family stores custom exceptions in other place - I had conflicts in cas-server/auth.py). Is this correct approach and compatible version? I'm asking, because when I was testing code in shell, I had exception: ldap3.core.exceptions.LDAPAttributeError: attribute 'entry_attributes_as_dict' not found.
By the way #2 - maybe can be helpful - in version 2.2.2 of ldap3 was added RESPONSE_DN_ENCODING in config for flaky servers that return non utf-8 (more info at http://ldap3.readthedocs.io/encoding.html)
About my first issue:
The exception raised then putting non existing usernames is fixed in 443c87f (dev branch)
When (more or less) this fix is expected to be put in prod branch?
Greetings!
from django-cas-server.
Normally, ldap3 2.x branche support is fixed in 1dba4fe
from django-cas-server.
Related Issues (20)
- QUESTION: Any idea how to integrate Duo 2FA? HOT 1
- Password hashes with LDAP + {CRYPT} fail on DES encoding HOT 1
- Documentation edits HOT 1
- Encoding an URL in service parameter throws INVALID_SERVICE HOT 1
- Tips when using a custom Django User HOT 2
- Use custom USERNAME_FIELD
- ImportError: The crypt module is not supported on Windows HOT 1
- Password Check
- Application's user sessions are independent from CAS Server sessions? HOT 2
- One-time access HOT 1
- Django 3.2 compatibility HOT 1
- setup.py has wrong versions of Django in install_requires HOT 3
- Can django-cas-server work as a SAML 2.0 SSO? HOT 1
- CAS SSO using CASTGC
- [Feature]Clear cookies after logout HOT 1
- Update to be compatible with Django 4.0
- cas_server.utils.update_url throws UnicodeEncodeError when updating a service URL with not purely ascii GET parameters HOT 2
- Please add support for django4.2 HOT 1
- Password change/reset feature HOT 2
- Customisable Django Forms HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-cas-server.