Contents
- HTTP Basic authentication with IIS
- Problems with http authentication
- How do I implement LDAP authentication through Apache
- How do I implement LDAP authentication
- How do I integrate LDAP authentication with moin moin? (1)
- LDAP or Active Directory?
- http + ldap authentication (NTLM + Active Directory)
- How do I integrate LDAP authentication with moin moin? (2)
- How do I integrate LDAP authentication with moin moin? (3)
- Notes for ldaps
- Ubuntu 9.04, MoinMoin 1.8.2 and OpenLDAP server
- LDAP Groups
- How to require SSL+httpd auth for specific operations
- SSL Login
- Embedding MoinMoin -- Automatic User Login?
- How can I implement single login for a farm
- How do I integrate LDAP authentication with moin moin? (4)
- Authentication drops on IE8
HTTP Basic authentication with IIS
Is it possible to use HTTP Basic authentication with IIS? In IIS config GUI, in the properties of my website -> Directory Security Tab -> Authentication and access control Edit.. button, I removed everything except Basic authentication. I'm using MoinMoin 1.5, Python 2.4.2 and IIS 6 on Windows 2003. -- RemyRoy 2006-01-24 21:56:24
- Try like this:
from MoinMoin.auth import http
class Config(DefaultConfig):
user_autocreate = True
auth = [http]
#...Thanks, it works! -- RemyRoy 2006-01-25 16:21:06
Problems with http authentication
The docs for enabling authentication via http auth specify adding the following to wikiconfig.py
from MoinMoin.auth import http auth = [http]
This is misleading. To make http auth work, at the *top* of the file add:
from MoinMoin.auth import http
And *inside* the Config class, add
auth = [http]
It doesnt matter where you do this as long as you indent it correctly (to indent, use spaces (say 4 spaces), not tab/s).
Note that it appears that the http authentication mechanism is broken in moinmoin 1.5.7-3. I had to use the method defined at http://moinmoin.wikiwikiweb.de/MoinMoinQuestions/Administration (search for Can apache REMOTE_USER replace moinmoin login?) on that page.
Also, the main authentication help page at http://moinmaster.wikiwikiweb.de/HelpOnAuthentication cites wrong code:
from MoinMoin.auth.http import http from MoinMoin.auth import moin_session auth = [http, moin_session]
should be replaced with:
from MoinMoin.auth import http auth = [http]
This has already been done (corrected?) at http://moinmoin.wikiwikiweb.de/HelpOnAuthentication
Hmm, is it wrong on the new site http://moinmo.in/HelpOnAuthentication ? -- PascalR 2008-01-29 10:49:03
This don't work on MoinMoin 1.7, I get the error 'module' object has no attribute 'name' -- fho
you can look into the http_auth_wikiconfig_snippet for a sample configuration or read HelpOnAuthentication. -- ReimarBauer 2008-08-20 10:44:11
This works thx Reimar 
-- fho
How to set .htaccess file for HTTP Basic auth with Apache
I'm running MoinMoin 1.6 on Apache and Python 2.4.4. My ISP is allowing only FTP access to my /htdocs and /cgi-bin directory, there is only HTTP Basic Authentication and the only way to configure Apache are the .htaccess files in my directorys.
I have the moin.py file in the /cgi-bin directory and the rest of MoinMoin is in /htdocs/moin160. In the /cgi-bin directory the Apache configuration trough the .htaccess file does not work. Does the Authentication with HTTP Basic works with .htaccess settings in the /htdocs/moin160 directory? In case it is possible, how should my .htaccess file look like? -- PascalR 2008-01-29 10:49:03
How do I implement LDAP authentication through Apache
One way to achieve this is to use basic authentication in Apache and http auth in moinmoin (better if you configure ssl in Apache so that password in basic authentication is not in cleartext)
I put the configuration produced below inside a VirtualHost directive in apache site-configuration (e.g., /etc/apache2/sites-available/default on Ubuntu; of course, I had first made sure LDAP server was up and running fine and the LDAP module was loaded properly in Apache; also note that in Ubuntu, in the simplest default setup, speaking of version 7.10, the LDAP search query below should have cn instead of uid though that is a bad strategy and you should instead configure LDAP properly and use uid attribute instead of cn; also in case you do not have a domain, Ubuntu will setup the initial LDAP entries under the domain named nodomain instead of somedomain):
<IfModule !mod_fastcgi.c>
ScriptAlias /MyWiki "/usr/share/moin/mywiki/moin.cgi"
Alias /wiki/ "/usr/share/moin/htdocs/"
</IfModule>
<IfModule mod_fastcgi.c>
AddHandler fastcgi-script .fcgi .fcg
ScriptAlias /MyWiki "/usr/share/moin/mywiki/moin.fcg"
Alias /wiki/ "/usr/share/moin/htdocs/"
</IfModule>
<Directory "/usr/share/moin/mywiki">
Order allow,deny
allow from all
AuthType Basic
AuthBasicProvider ldap
AuthName "Wiki"
# tweak this ldap query to return a unique user name
AuthLDAPURL "ldap://localhost:389/dc=somedomain?uid"
Require ldap-user AnLDAPUser
</Directory>
<Directory "/usr/share/moin/htdocs">
Order allow,deny
allow from all
AuthType Basic
AuthBasicProvider ldap
AuthName "Wiki"
# tweak this ldap query to return a unique user name
AuthLDAPURL "ldap://localhost:389/dc=somedomain?uid"
Require ldap-user AnLDAPUser
</Directory>For basic authentication, I also disabled the login/logout link (was no point having it there): see http://moinmoin.wikiwikiweb.de/HelpOnConfiguration to learn how to do it.
How do I implement LDAP authentication
I have MoinMoin setup and running fine...I would like to use our Active Directory server via LDAP to authenticate and create users. I have read a few pages in this Wiki about it but they don't seem to work. Can someone give me some step by step instructions as in which files to edit/download? Thanks in advance.
- ldap/ad support is in 1.5.3 including some sample config.
How do I integrate LDAP authentication with moin moin? (1)
I read several pages on this site that MoinMoin can be integrated with LDAP but none of them seem to be explanatory on what needs to be changed, One page lists the wikiconfig other pages just list python code but dont say what file the code needs to be placed in. Can someone please help me with some instructions.
Thanks
Chris
For information on authentication in general see HelpOnAuthentication. Unfortunately it looks like it hasn't been updated to document the LDAP authentication support. Basically in your wiki configuration you need to add/edit an auth parameter to be a list of authentication methods. This normally defaults to just [moin_cookie]. You need to add in the ldap authentication before that, as import MoinMoin ; auth = [MoinMoin.auth.ldap_login, MoinMoin.auth.moin_cookie]. You'll also need to add quite a few LDAP-specific configuration parameters to tell it how to query/bind to your particular LDAP server. The best thing to do until documentation is written is to read through the MoinMoin source code file MoinMoin/auth.py and look for the ldap_login() function. I haven't used it, but it looks like it wants these configuration parameters: ldap_coding, ldap_uri, ldap_binddn, ldap_bindpw, ldap_base, ldap_scope, ldap_timeout, ldap_name_attribute, ldap_email_attribute. From reading the code it looks like ldap_enconding is the character set used to communicate with your server, such as 'ascii'. ldap_binddn and ldap_bindpw is a user/pass binding for LDAP used for the initial query for the user (once the user is located in your tree, a second bind is performed with the user's DN and the pass-in password). ldap_base, ldap_scope, ldap_name_attribute, and ldap_timeout are used for the initial query for the user--the query filter is something like (UNAM=johndoe) if ldap_name_attribute is UNAM and johndoe is the entered username, and is limited to the tree rooted at ldap_base and within ldap_scope. The ldap_email_attribute names the field which contains the user's email address. -- DeronMeranda
When authenticating against Microsoft AD with LDAP username is not casesensitive but MM is. It can cause some trouble like users login some time with lower and some time with uppercase. MM creates two profiles with different settings, so when a User edits a page he might get a diff-email when the other profile has an abonnement on that page. To change all usernames to lowercase add following entries to auth.py
These changes are for 1.5.x only, newer versions authenticate another way
about line 131 add
- if username: username = username.lower()
should look like this
def moin_cookie(request, **kw):
""" authenticate via the MOIN_ID cookie """
username = kw.get('name')
if username: username = username.lower()about line 331 (ldap_login) add
- if username: username = username.lower()
should look like this
username = kw.get('name')
if username: username = username.lower()after this names in all profiles (data/user) must be lowercase, uppercase should be changed to lowercase.
LDAP or Active Directory?
Is a Userauthentification over LDAP and/or Active Directory possible? Thanks -- Pablo
http + ldap authentication (NTLM + Active Directory)
Autologin with auth.http is working on IIS6 with NTLM (Integrated Windows Authentication). Manual login with auth.ldap_login + auth.moin_cookie works, too. Is it possible to combine these methods to autologin with NTLM/http and get aliasname and email from LDAP?
- Yes, you just have to write some code using the existing username (user_obj.name or similar) to make an ldap lookup and update the user object (and save it to disk). If you hack auth stuff, try to use latest moin version.
First try: MoinMoin in Windows intranet - AndreSomplatzki
How do I integrate LDAP authentication with moin moin? (2)
I have seen DeronMeranda post but need more infomation.
I understand I have to add the following line in my wikiconfig.py for LDAP authentication
from MoinMoin.auth import ldap_login, moin_cookie
auth = [ldap_login, moin_cookie]Looking at MoinMoin/auth.py in MoinMoin were do I place the following parameters: ldap_coding, ldap_uri, ldap_binddn, ldap_bindpw, ldap_base, ldap_scope, ldap_timeout, ldap_name_attribute, ldap_email_attribute.
Into your wikiconfig.py
How do I debug this? By setting ldap_verbose in the same place as the above parameters ?
Yes.
Were do the debug messages appear ?.
Look into apache error.log (if you use apache).
Is there any other place I can be pointed to for LDAP authentication in MoinMoin.
There is a sample config in wiki/config/more_samples/ called ldap_smb_farmconfig.py . Be sure to read the comments, as some of the ldap_* variables are required.
Help will be greatly appreciated.-- Jehan
Why bother with banging your head to get MoinMoin to talk to your Active Directory LDAP server?
Use Apache's LDAP authentication module instead, and pass it to MoinMoin's HTTP authentication method!
My .htaccess:
AuthName "My Wiki" AuthBasicProvider ldap AuthLDAPBindDN " user@doamin.tld " AuthLDAPBindPassword "mypassword" AuthType Basic AuthLDAPURL "ldap://mydc.domain.tld:389/DC=Domain,DC=tld?sAMAccountName?sub?(objectClass=user)" NONE Require ldap-attribute objectClass=user
How do I integrate LDAP authentication with moin moin? (3)
Looking at MoinMoin/auth.py in MoinMoin were do I place the following parameters: ldap_coding, ldap_uri, ldap_binddn, ldap_bindpw, ldap_base, ldap_scope, ldap_timeout, ldap_name_attribute, ldap_email_attribute.
You say Into your wikiconfig.py
Can you give me an example of what I need to put in wikiconfig.py for one of the variables lets say ldap_binddn Unfortunately the sample config in wiki/config/more_samples/ is not great at all.
Well, we can't know your ldap setup, but the config you see in ldap_smb_farmconfig.py is a real world example for Active Directory (with the real company name replaced by example.org). You don't need the smb_* stuff btw. If you can read python (it's easy), maybe look at MoinMoin/auth.py -> def ldap_login(... - as you see there, the following happens:
- it initializes an ldap connection to ldap_uri
- it expands ldap_binddn and ldap_bindpw with some variable content like username and password etc. (this is optional, you also can use some fixed value)
- it binds to the directory using this (as that stuff is a encoded string, it uses ldap_coding to encode name and password - this is interesting for non-ASCII characters)
- now it makes up a ldap filter string "(%s=%s)" with ldap_name_attribute (where is the username stored?) and the current username and uses this filter to search for that username in that attribute, using ldap_base as base DN and ldap_scope for the scope.
- depending on how much hits this search returns, the following will happen:
- none: we didn't find the user, auth will fail (as far as ldap_login is concerned)
- more than 1: we have multiple users of that name, this is no good (auth will fail ...)
- one: great, we found that (unique) username in the directory and can continue
- now it will bind again to the directory, using the DN we found in the search and the password given at login
- if this fails, it'll break out with an exception like ldap.INVALID_CREDENTIALS (auth will fail ...)
- if it succeeds, the password was obviously correct for this username, so we construct a user object now:
- we fetch the email address for the user profile from ldap (from ldap_email_attribute) and decode it using ldap_coding
- we fetch surname and givenname from sn and givenName attributes and make up the aliasname for the profile using them (this is nice if the login username is cryptic)
- the wiki username will be the one given for login
- we make sure the cookie_lifetime is honoured, thus the cookie will expire, forcing the user to re-login after expiry
- the end, auth succeeded!
Thank you Jehan
Notes for ldaps
- Use an ldap_uri like 'ldaps://some.ldap.host', then don't worry about ldap_start_tls (it is ignored w/ldaps URI)
- * Be sure that if ldap_tls_cacert{dir,file} are set, they only have the necessary certs
- python-ldap seems to move _really_ slowly if you have a lot of CA certificates (at least on Debian
Ubuntu 9.04, MoinMoin 1.8.2 and OpenLDAP server
After following the Ubuntu Documentation on installing MoinMoin (https://help.ubuntu.com/8.04/serverguide/C/moinmoin.html with some minor changes to the Alias entry in the Apache2 config), here's how I got LDAP authentication working on Ubuntu 9.04 which uses MoinMoin 1.8.2 against an OpenLDAP server after installing the python-ldap package (via sudo apt-get install python-ldap).
LDAP (without SSL or TLS)
LDAP with an unencrypted connection was straightforward. I added the following configuration to the end of my wiki config file (/etc/moin/mywiki.py). I've removed all the comments that appeared in the sample LDAP authentication snippet file /usr/share/moin/config/more_samples/ldap_wikiconfig_snippet for brevity. You will definitely need to change the server_uri setting and may need to change other settings such as bind_dn to match your OpenLDAP setup.
from MoinMoin.auth.ldap_login import LDAPAuth
ldap_authenticator1 = LDAPAuth(
server_uri='ldap://ldap.domainname.com/',
bind_dn='uid=%(username)s,ou=people,dc=domainname,dc=com',
bind_pw='%(password)s',
scope=2,
referrals=0,
search_filter='(uid=%(username)s)',
givenname_attribute='givenName',
surname_attribute='sn',
aliasname_attribute='displayName',
email_attribute='mailRoutingAddress',
email_callback=None,
coding='utf-8',
timeout=10,
start_tls=0,
tls_cacertdir=None,
tls_cacertfile=None,
tls_certfile=None,
tls_keyfile=None,
tls_require_cert=0,
bind_once=True,
autocreate=True,
)
auth = [ldap_authenticator1, ]
cookie_lifetime = 1
LDAP over SSL (ldaps)
Using Ubuntu 9.04, I initially tried to get ldaps to work by first getting #LDAP (without SSL or TLS) to work, then to modify the server_uri and tls_cacertfile entries. However, this came back with an LDAP server connect failure error. The problem was that the tls_* config settings that were not being used were set to '' when they needed to be set to None. Commenting them out didn't help as the default values as set in ldap_login.py are also set to ''. I notice that in the current release (MoinMoin 1.8.4 at the time of writing) the default values in ldap_login.py are set to None so that little bug has been fixed. The following settings in /etc/moin/mywiki.py got ldaps working a treat on Ubuntu 9.04 against an OpenLDAP server. You will definitely need to change the server_uri setting and may need to change other settings such as bind_dn and tls_cacertfile to match your OpenLDAP setup.
from MoinMoin.auth.ldap_login import LDAPAuth
ldap_authenticator1 = LDAPAuth(
server_uri='ldaps://ldap.domainname.com/',
bind_dn='uid=%(username)s,ou=people,dc=domainname,dc=com',
bind_pw='%(password)s',
scope=2,
referrals=0,
search_filter='(uid=%(username)s)',
givenname_attribute='givenName',
surname_attribute='sn',
aliasname_attribute='displayName',
email_attribute='mailRoutingAddress',
email_callback=None,
coding='utf-8',
timeout=10,
start_tls=0, # ignored when using ldaps
tls_cacertdir=None,
tls_cacertfile='/etc/ssl/certs/ca-certificates.crt',
tls_certfile=None,
tls_keyfile=None,
tls_require_cert=0,
bind_once=True,
autocreate=True,
)
auth = [ldap_authenticator1, ]
cookie_lifetime = 1
LDAP with TLS (start_tls)
The problem I described in #LDAP over SSL (ldaps) also occurred for me when using start_tls. Here are the settings I used to get start_tls working on Ubuntu 9.04 against an OpenLDAP server. You will definitely need to change the server_uri setting and may need to change other settings such as bind_dn and tls_cacertfile to match your OpenLDAP setup.
from MoinMoin.auth.ldap_login import LDAPAuth
ldap_authenticator1 = LDAPAuth(
server_uri='ldap://ldap.domainname.com/',
bind_dn='uid=%(username)s,ou=people,dc=domainname,dc=com',
bind_pw='%(password)s',
scope=2,
referrals=0,
search_filter='(uid=%(username)s)',
givenname_attribute='givenName',
surname_attribute='sn',
aliasname_attribute='displayName',
email_attribute='mailRoutingAddress',
email_callback=None,
coding='utf-8',
timeout=10,
start_tls=2,
tls_cacertdir=None,
tls_cacertfile='/etc/ssl/certs/ca-certificates.crt',
tls_certfile=None,
tls_keyfile=None,
tls_require_cert=0,
bind_once=True,
autocreate=True,
)
auth = [ldap_authenticator1, ]
cookie_lifetime = 1
LDAP Groups
I want to permit only members of certain LDAP group to logon to my wiki.
I have modified auth.py like the following:
try:
request.log("MEMBER %s" % ldap_dict['memberOf'].index("CN=blob,CN=Users,DC=vmware,DC=com"))
except:
request.log("NOT A MEMEBER of blob!")
else:
return user_obj, True
if result_length != 1:I thought this would work since if the user is a member of blob, it'll return the user object. But currently, it lets everyone log on, just like before. Any suggestions?
Set ldap_filter (there is a commented out example in the sample ldap config).
Suggestion: Add a filter to your ldap configuration in wikiconfig.py to only return users that are in the desired groups. For example, you could use something like the following.
...
search_filter='(&(uid=%(username)s)(memberOF=cn=wiki,cn=blob,cn=Users,dc=vmware,dc=com))',
...
How to require SSL+httpd auth for specific operations
I can get SSL+httpd auth working just fine, but I can't figure out how to set things up so that both are required for write/admin/etc access, but neither are required for read access. Any ideas?
Partly this is an httpd question and a HelpOnAccessControlLists question. If you have managed to configure your web server to allow optional authentication, then read HelpOnAccessControlLists or see the ACL questions above.
SSL Login
Is it possible for just the login/user create/user preferences portion of a wiki to be redirected to a secure link, but all other pages run in a non-encrypted fashion? -- MichaelLaccetti 2007-02-27 05:19:02
- No, and if you use moin's cookie stuff, it wouldn't make much sense as the cookie transmission happens on every request and would need protection also.
Even if they shared the same URL; just used https:// for login? Cookies work for the same domain, regardless of encryption. -- 74.100.133.5 2007-03-01 04:55:22
How can you configure moin to require SSL for everything (On apache)? It seems to ignore the RequireSSL flag in httpd.conf. -- Alexander Faucher <<DateDate()>>
Embedding MoinMoin -- Automatic User Login?
I'm looking to embed MoinMoin into an application that uses php, and I was wondering how I could go about using php_session for a single sign on integration. I see that it's currently only supported with eGroupWare 1.2, but examples on how to use php_session to extract session info seems to not be around, as well as trying to get it to work for another application. Any help here? Thanks in advance. StevenM 05-Mar-2008
I'd like to use MoinMoin as a Wiki-based knowledge base by opening an appropriate URL from inside an application. Since my application has a user database built-in, it is necessary to promote the user ID to the wiki. Provided that the MoinMoin user IDs are the same as the application's: Is it possible to embed the user ID (and, optionally, the password) into the URL of the wiki page to be shown? Thx... StefanK 14-Dec-2006
- Look at MoinMoin/auth.py (and there is also some old code for 3rd party cookies in contrib/ in the MoinMoin archive)
I needed similar functionality to hook salesforce.com into MoinMoin as a knowledge base. Another use for me is for a phone/email list page for my neighborhood. While I don't want to force everyone to create a user profile and login just to get to the phone number list, I also want to deny access to anonymous Internet users that might happen onto my site. I found (url) which has the format for logging in with a one-click URL.
One-click login requires this format:
http://someserver.org/moin/moin.cgi/HomePage?action=login&name=somename&password=yourpwd&login=login
Now I can create a standard 'guest' account and email the one-click URL. The page will be fairly safe from anonymous Internet bad people and the intended recipients have a good end-user experience.- CraigA 4/1/2007
Feedback: the discussion link above showed the way for me: I had to disable the POST-only check for the login action (userform.py, approx. line 90). Now simply GETting the URL works fine. Thank you very much! StefanK 21-Feb-2007
Feedback: This was the best bit of information I have found on the web for a while, works like a charm. Thank you so much for reposting it from the MoinMoinChat link. DominicF 03/12/2009
How can I implement single login for a farm
I would like have users log into all wiki in our farm form one login. The users accounts are already shared across the farm but you have to login to each instance spereratly. I did try setting cookie_domain = 'mainwiki' but this just prevented login form working. I am not sure that I used it correctly.
We are using moin in standalone with one main wiki (mainwiki), and some project specific wikis (projecta.mainwiki and projectb.mainwiki). Cheers, -- ManuPoletti 2008-04-29 00:59:43
I have got the same problem. We run a wikifarm with many wikis. But the question now is: What do i have to do, that one useraccount is able to write/revert whatever in every wiki? Madis R. 09-Sep-2008
Solution:
- Optional: Create a single wiki for the user homepages. Use also user_homewiki to configure that all user homepages are saved on the same wiki
- Put all the userdata into a same directory (use the config user_dir)
- Use the same cache dir for all farm wikis (use the config cache_dir)
- Now you can configure the session cookies to use the same cookie_domain and also use the same cookie_path.
for more information see HelpOnConfiguration and here HelpOnSessions, bye -- MarcelHäfner 2009-04-04 08:04:02
In answer to my previous post (2008-04-29) you need to set the cookie_domain config item to be the common part of the domain name that your wikis will share. --
ManuPoletti2024-12-22 03:12:53
How do I integrate LDAP authentication with moin moin? (4)
I have combined LDAP/AD authentication with moinmoin auth for cases when the user is not listed in AD.
Firstly, I just added config data from samples followed by auth = [my_ldap_authenticator, MoinAuth()] line. But I discovered that if the user connected to LDAP successfully, but could not be authenticated there then according to the auth/ldap_login.py the authentication stoped with CancelLogin .
When I replaced that line with ContinueLogin , like it is implemented for ldap.SERVER_DOWN exception then everything worked fine.
So I wonder why don't developers use ContinueLogin for ldap.INVALID_CREDENTIALS too? -- AlexanderAgibalov 2009-06-30 13:40:55
I thought the usual usecase for LDAP it that it is authoritative about who is able to login and who not, thus it does not set the continue flag if someone is not in the directory. -- ThomasWaldmann 2009-06-30 18:06:58
OK, I see. Then I'll just apply this patch myself for every upgrade of my wiki. The reason why I need this is that we have corporate users who are listed in AD and several contractual employees who are not. Currenly we are using native authentication, but people continue to constantly forget not only their passwords, but usernames too But they always remember their AD credentials. -- AlexanderAgibalov 2009-07-01 11:02:18
I have the same usecase for LDAP fall through to native moinmoin authentication, external contractors mixed with AD users. -- diepes 2012-09-11 10:58:55
Authentication drops on IE8
Some users of my MoinMoin 1.8.4 (seems that this mostly concerns users with limited windows accounts) after upgrading to IE8 experience the following problem: they login sucessfully, then navigate to any page and their authentication drops for no reasons, so they have to re-login. Earlier it helped to switch to the IE's "Compatiblity view" (couldn't find how to save this setting), but it seems that with some recent IE patches this doesn't work anymore for most of the users. So I wonder what's the problem is and how to fix it? Any chances that this is fixed in moin 1.9 ? -- AlexanderAgibalov 2009-11-05 08:08:55
The "logged in session" depends on moin's session cookie. So maybe try clearing all moin-related cookies from the user's browser and then log in again. If you can reproduce the problem, please file a bug giving all details about how to reproduce. Whether it works better with 1.9 you could check with 1.9.0rc1 (I don't remember fixing anything related to that, though). -- ThomasWaldmann 2009-11-05 08:20:24
At last found a virtual machine where I experience the issue myself. Discovered that the problem is solved by cleaning up the user Cookies directory MANUALLY. Using the native IE's cleanup mechanism doesn't help. A bit surpised by the cause of this behavior. -- AlexanderAgibalov 2009-11-06 12:03:58