changeset 5568:0ca159b745e8

auth.ldap_login: add report_invalid_credentials param to control wrong credentials error message (typically used when using multiple ldap authenticators)
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 21 Feb 2010 17:41:28 +0100
parents 4f938c4c5084
children 327e180af6d9
files MoinMoin/auth/ldap_login.py wiki/config/more_samples/ldap_wikiconfig_snippet
diffstat 2 files changed, 9 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/ldap_login.py	Thu Feb 18 09:42:25 2010 +0100
+++ b/MoinMoin/auth/ldap_login.py	Sun Feb 21 17:41:28 2010 +0100
@@ -84,6 +84,7 @@
         bind_once=False, # set to True to only do one bind - useful if configured to bind as the user on the first attempt
         autocreate=False, # set to True if you want to autocreate user profiles
         name='ldap', # use e.g. 'ldap_pdc' and 'ldap_bdc' (or 'ldap1' and 'ldap2') if you auth against 2 ldap servers
+        report_invalid_credentials=True, # whether to emit "invalid username or password" msg at login time or not
         ):
         self.server_uri = server_uri
         self.bind_dn = bind_dn
@@ -114,6 +115,8 @@
         self.autocreate = autocreate
         self.name = name
 
+        self.report_invalid_credentials = report_invalid_credentials
+
     def login(self, request, user_obj, **kw):
         username = kw.get('username')
         password = kw.get('password')
@@ -192,7 +195,10 @@
                         logging.warning("Search found more than one (%d) matches for %r." % (result_length, filterstr))
                     if result_length == 0:
                         logging.debug("Search found no matches for %r." % (filterstr, ))
-                    return ContinueLogin(user_obj, _("Invalid username or password."))
+                    if self.report_invalid_credentials:
+                        return ContinueLogin(user_obj, _("Invalid username or password."))
+                    else:
+                        return ContinueLogin(user_obj)
 
                 dn, ldap_dict = lusers[0]
                 if not self.bind_once:
--- a/wiki/config/more_samples/ldap_wikiconfig_snippet	Thu Feb 18 09:42:25 2010 +0100
+++ b/wiki/config/more_samples/ldap_wikiconfig_snippet	Sun Feb 21 17:41:28 2010 +0100
@@ -47,6 +47,8 @@
         tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for self-signed certs)
         bind_once=False, # set to True to only do one bind - useful if configured to bind as the user on the first attempt
         autocreate=True, # set to True to automatically create/update user profiles
+        name='ldap', # use e.g. 'ldap_pdc' and 'ldap_bdc' (or 'ldap1' and 'ldap2') if you auth against 2 ldap servers
+        report_invalid_credentials=True, # whether to emit "invalid username or password" msg at login time or not
     )
 
     auth = [ldap_authenticator1, ] # this is a list, you may have multiple ldap authenticators