Hello together!
First of all I want to tell you that my LDAP Authentication is working fine - expect for one char coding issue.
The point her is that when trying to log in with a new LDAP user where the givenName includes a “Umlaut e.g. ä” ERPNnext fails because of a classic python Encoding/Decoding Error.
Traceback (most recent call last):
File "/home/frappe/frappe-bench/apps/frappe/frappe/app.py", line 56, in application
response = frappe.handler.handle()
File "/home/frappe/frappe-bench/apps/frappe/frappe/handler.py", line 19, in handle
execute_cmd(cmd)
File "/home/frappe/frappe-bench/apps/frappe/frappe/handler.py", line 42, in execute_cmd
ret = frappe.call(method, **frappe.form_dict)
File "/home/frappe/frappe-bench/apps/frappe/frappe/__init__.py", line 907, in call
return fn(*args, **newargs)
File "/home/frappe/frappe-bench/apps/frappe/frappe/integrations/doctype/ldap_settings/ldap_settings.py", line 52, in login
user = authenticate_ldap_user(args.usr, args.pwd)
File "/home/frappe/frappe-bench/apps/frappe/frappe/integrations/doctype/ldap_settings/ldap_settings.py", line 96, in authenticate_ldap_user
conn.simple_bind_s(dn, password)
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 222, in simple_bind_s
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 216, in simple_bind
return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
UnicodeEncodeError: 'ascii' codec can't encode character u'\xe4' in position 14: ordinal not in range(128)
[ERROR] 2017-04-12 10:13:35,624 | /home/frappe/frappe-bench/apps/frappe/frappe/utils/error.py:
New Exception collected with id: 2017-04-12 10:13:35.617849-10.0.0.231-8a6
[ERROR] 2017-04-12 10:15:29,161 | /home/frappe/frappe-bench/apps/frappe/frappe/app.py:
Site: erpnext.vm
Form Dict: {
"cmd": "frappe.integrations.doctype.ldap_settings.ldap_settings.login",
"device": "desktop",
"pwd": "********",
"usr": "********"
}
Second I have got some information/requests regarding the LDAP authentication.
a) When authenticate against LDAP please follow the described rule here:
- do a anonymous search for the given username - if found go to next step
- try bind with the username and password given in the login dialog - if ok - login is granted
This way you don’t need a user/password pair of an LDAP user/admin at all - just the supplied credentials.
b) Is it really necessary to have 2 buttons on the login page so the user has to decide at which backend to authenticate?