From ad877b23050b3778575959df9eefdb3d3227ace0 Mon Sep 17 00:00:00 2001
From: Magnun Leno <magnun@codecommunity.org>
Date: Mon, 11 Nov 2013 15:53:38 -0200
Subject: [PATCH] Adds bind capability to OpenLDAP

Adds to OpenLDAP (mode=uid and mode=cn) the capability to bind to the directory with an admin account in order to search it.
---
 gluon/contrib/login_methods/ldap_auth.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/gluon/contrib/login_methods/ldap_auth.py b/gluon/contrib/login_methods/ldap_auth.py
index c374209e..30c57a8d 100644
--- a/gluon/contrib/login_methods/ldap_auth.py
+++ b/gluon/contrib/login_methods/ldap_auth.py
@@ -267,6 +267,8 @@ def ldap_auth(server='ldap', port=None,
 
             if ldap_mode == 'cn':
                 # OpenLDAP (CN)
+                if ldap_binddn and ldap_bindpw:
+                    con.simple_bind_s(ldap_binddn, ldap_bindpw)
                 dn = "cn=" + username + "," + ldap_basedn
                 con.simple_bind_s(dn, password)
                 if manage_user:
@@ -278,7 +280,12 @@ def ldap_auth(server='ldap', port=None,
 
             if ldap_mode == 'uid':
                 # OpenLDAP (UID)
-                dn = "uid=" + username + "," + ldap_basedn
+                if ldap_binddn and ldap_bindpw:
+                    con.simple_bind_s(ldap_binddn, ldap_bindpw)
+                    dn = "uid=" + username + "," + ldap_basedn
+                    dn = con.search_s(ldap_basedn, ldap.SCOPE_SUBTREE, "(uid=%s)"%username, [''])[0][0]
+                else:
+                    dn = "uid=" + username + "," + ldap_basedn
                 con.simple_bind_s(dn, password)
                 if manage_user:
                     result = con.search_s(dn, ldap.SCOPE_BASE,