[Product-Developers] LDAPMultiPlugins developers: please read this - possible localization problem

Alberto Lopes alberto at alopes.com
Sat Aug 23 07:17:34 UTC 2008 

Dear Wichert,

Thank you for your quick response. I really appreciate it.


Wichert Akkerman wrote:
> 
> memberOf is a list of DN strings. This line builds a list of the first
> rDN part of each entry in that list. Hence the variable name "cns": it
> is a list of canonical names partst of the memberOf values.
> 

So the x.split(',') part would split the DN of each group, and not the
memberOf value - because it is a list of strings, right?


Wichert Akkerman wrote:
> 
> That may be true in how it displays LDAP entries on your screen, but the
> actual format used on the wire is defined by the RFC and not
> locale-dependent.
> 

By "format used on the wire" you mean the format of the LDAP messages,
right? But I assume LDAPMultiPlugins use some python library (python-ldap, I
suppose, because I had to install that in order to make the Plone product to
work) that already parsed those messages to get the group list for the
user... Also, I remember installing some DLLs in Windows in order to make
plone-ldap to work. So I understand that the Plone product calls python-ldap
which calls the OpenLDAP dll which parses the LDAP message. I wonder if in
that sequence there could be any "string-to-list" conversion which would
(conf)use commas and semicolons.


Wichert Akkerman wrote:
> 
> It is more likely that you broke group handling and never saw the real
> problem due to that change.
> 

What puzzles me more is that the change I mentioned before (replacing the
comma with the semicolon) made the site work again. I am sure of that,
because I made two confirmation tests (undoing the change and making sure
that I got the UnicodeDecodeError, then redoing the change and confirming
that the site was working again) twice.

Another puzzling fact is that the occurrence of UnicodeDecodeError, in every
page of the site, was confirmed to be related to the logged user: anonymous
never got the error, and authenticated got the error in every page, but only
when they had a group with accented character in the CN of the group.

But you pointed an important hypothesis: I might have broken group handling:
the only test I made after putting the site to work again, relating to
groups, was searching a group on the Plone sharing page. I haven't check
whether Plone is correctly determining that a user is a member of a specific
group. That will be my first thing on Monday morning.

Thank you again,

Alberto

-- 
View this message in context: http://n2.nabble.com/LDAPMultiPlugins-developers%3A-please-read-this---possible-localization-problem-tp777592p777678.html
Sent from the Product Developers mailing list archive at Nabble.com.

More information about the Product-Developers mailing list