LDAP on ERPNext 8

Hello together!

First of all I want to tell you that my LDAP Authentication is working fine - expect for one char coding issue.
The point her is that when trying to log in with a new LDAP user where the givenName includes a “Umlaut e.g. ä” ERPNnext fails because of a classic python Encoding/Decoding Error.

Traceback (most recent call last):
  File "/home/frappe/frappe-bench/apps/frappe/frappe/app.py", line 56, in application
    response = frappe.handler.handle()
  File "/home/frappe/frappe-bench/apps/frappe/frappe/handler.py", line 19, in handle
  File "/home/frappe/frappe-bench/apps/frappe/frappe/handler.py", line 42, in execute_cmd
    ret = frappe.call(method, **frappe.form_dict)
  File "/home/frappe/frappe-bench/apps/frappe/frappe/__init__.py", line 907, in call
    return fn(*args, **newargs)
  File "/home/frappe/frappe-bench/apps/frappe/frappe/integrations/doctype/ldap_settings/ldap_settings.py", line 52, in login
    user = authenticate_ldap_user(args.usr, args.pwd)
  File "/home/frappe/frappe-bench/apps/frappe/frappe/integrations/doctype/ldap_settings/ldap_settings.py", line 96, in authenticate_ldap_user
    conn.simple_bind_s(dn, password)
  File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 222, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 216, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
UnicodeEncodeError: 'ascii' codec can't encode character u'\xe4' in position 14: ordinal not in range(128)
[ERROR] 2017-04-12 10:13:35,624 | /home/frappe/frappe-bench/apps/frappe/frappe/utils/error.py:
New Exception collected with id: 2017-04-12 10:13:35.617849-
[ERROR] 2017-04-12 10:15:29,161 | /home/frappe/frappe-bench/apps/frappe/frappe/app.py:
Site: erpnext.vm
Form Dict: {
 "cmd": "frappe.integrations.doctype.ldap_settings.ldap_settings.login", 
 "device": "desktop", 
 "pwd": "********", 
 "usr": "********"

Second I have got some information/requests regarding the LDAP authentication.
a) When authenticate against LDAP please follow the described rule here:

  • do a anonymous search for the given username - if found go to next step
  1. try bind with the username and password given in the login dialog - if ok - login is granted

This way you don’t need a user/password pair of an LDAP user/admin at all - just the supplied credentials.

b) Is it really necessary to have 2 buttons on the login page so the user has to decide at which backend to authenticate?

Can you raise this issue at Issues · frappe/erpnext · GitHub ?

Seems like a urgent v8 fix

CC @saurabh6790

Will do it - thank’s for the reply.
Link to Github Issue 8423
Best regards from Austria