--- a/doc/book/en/admin/ldap.rst Fri Feb 14 14:39:55 2014 +0100
+++ b/doc/book/en/admin/ldap.rst Fri Feb 14 12:03:20 2014 +0100
@@ -85,7 +85,9 @@
If the LDAP server accepts anonymous binds, then it is possible to
leave data-cnx-dn and data-cnx-password empty. This is, however, quite
-unlikely in practice.
+unlikely in practice. Beware that the LDAP server might hide attributes
+such as "userPassword" while the rest of the attributes remain visible
+through an anonymous binding.
LDAP schema mapping options:
--- a/sobjects/ldapparser.py Fri Feb 14 14:39:55 2014 +0100
+++ b/sobjects/ldapparser.py Fri Feb 14 12:03:20 2014 +0100
@@ -142,9 +142,11 @@
try:
tdict[tattr] = sdict[sattr]
except KeyError:
- raise ConfigurationError('source attribute %s is not present '
- 'in the source, please check the '
- '%s-attrs-map field' %
+ raise ConfigurationError('source attribute %s has not '
+ 'been found in the source, '
+ 'please check the %s-attrs-map '
+ 'field and the permissions of '
+ 'the LDAP binding user' %
(sattr, etype[2:].lower()))
return tdict
@@ -168,7 +170,7 @@
etype = entity.cw_etype
if etype == 'EmailAddress':
return
- # all CWUsers must be treated before CWGroups to have to in_group relation
+ # all CWUsers must be treated before CWGroups to have the in_group relation
# set correctly in _associate_ldapusers
elif etype == 'CWUser':
groups = filter(None, [self._get_group(name)
@@ -196,7 +198,7 @@
if not isinstance(emailaddrs, list):
emailaddrs = [emailaddrs]
for emailaddr in emailaddrs:
- # search for existant email first, may be coming from another source
+ # search for existing email first, may be coming from another source
rset = self._cw.execute('EmailAddress X WHERE X address %(addr)s',
{'addr': emailaddr})
if not rset: