diff -r 74f68d6549c0 -r db59080f1c8d server/sources/ldapuser.py --- a/server/sources/ldapuser.py Fri Jul 02 00:39:46 2010 +0200 +++ b/server/sources/ldapuser.py Fri Jul 02 09:05:56 2010 +0200 @@ -278,7 +278,10 @@ to fetch the salt first """ self.info('ldap authenticate %s', login) - if password is None: + if not password: + # On Windows + ADAM this would have succeeded (!!!) + # You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'. + # we really really don't want that raise AuthenticationError() searchfilter = [filter_format('(%s=%s)', (self.user_login_attr, login))] searchfilter.extend([filter_format('(%s=%s)', ('objectClass', o)) @@ -293,15 +296,10 @@ raise AuthenticationError() # check password by establishing a (unused) connection try: - if password: - self._connect(user, password) - else: - # On Windows + ADAM this would have succeeded (!!!) - # You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'. - # we really really don't want that - raise Exception('No password provided') - except Exception, ex: - self.info('while trying to authenticate %s: %s', user, ex) + self._connect(user, password) + except Exception: + self.error('while trying to authenticate %s: %s', user, + exc_info=True) # Something went wrong, most likely bad credentials raise AuthenticationError() return self.extid2eid(user['dn'], 'CWUser', session)