From ee7db631ee34f8b64452db94b29515126dfeef9d Mon Sep 17 00:00:00 2001
From: mdipierro <massimo.dipierro@gmail.com>
Date: Fri, 23 Nov 2012 08:02:01 -0600
Subject: [PATCH] fixed ldap security issue, thanks demetrio

---
 VERSION                                  | 2 +-
 gluon/contrib/login_methods/ldap_auth.py | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index aed2c348..8877677f 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.2.1 (2012-11-17 22:28:15) stable
+Version 2.2.1 (2012-11-23 08:01:16) stable
diff --git a/gluon/contrib/login_methods/ldap_auth.py b/gluon/contrib/login_methods/ldap_auth.py
index 1d6446a5..06054df9 100644
--- a/gluon/contrib/login_methods/ldap_auth.py
+++ b/gluon/contrib/login_methods/ldap_auth.py
@@ -432,6 +432,8 @@ def ldap_auth(server='ldap', port=None,
                 if not do_manage_groups(username, password):
                     return False
             return True
+        except ldap.INVALID_CREDENTIALS, e:
+            return False
         except ldap.LDAPError, e:
             import traceback
             logger.warning('[%s] Error in ldap processing' % str(username))