def verify(my, login_name, password):
        # replace cn=attribute with cn={login} in the config ldap_path
        # e.g. cn={login},o=organization,ou=server,dc=domain
        path = Config.get_value("security", "ldap_path")
        server = Config.get_value("security", "ldap_server")
        assert path, server

        my.login_name = login_name
        my.internal = True
        path = path.replace("{login}", login_name)
        #import ldap

        try:
            l = ldap.open(server)
            l.simple_bind_s(path, password)
            l.unbind()
            return True
        except: 
            login = Login.get_by_login(login_name)
            # check if it's an external account and verify with standard approach
            if login and login.get_value('location', no_exception=True) == 'external':
                auth_class = "pyasm.security.TacticAuthenticate"
                authenticate = Common.create_from_class_path(auth_class)
                is_authenticated = authenticate.verify(login_name, password)
                if is_authenticated == True:
                    my.internal = False
                    return True
            elif login:
                auth_class = "pyasm.security.TacticAuthenticate"
                authenticate = Common.create_from_class_path(auth_class)
                is_authenticated = authenticate.verify(login_name, password)
                if is_authenticated == True:
                    my.internal = False
                    return True
            raise SecurityException("Login/Password combination incorrect")

    def draw(self):
        self.add_shortcuts()
        data_dir = tacticenv.get_data_dir()

        if os.path.exists(data_dir):
            geometry = Config.get_value("window", "geometry")
            title = Config.get_value("window", "title")
        else:
            geometry = None
            title = None

        if not title:
            title = "TACTIC - %s" % self.url
            geometry = Config.get_value("window", "geometry")
        
        if geometry == "fullscreen":
            self.setWindowFlags(QtCore.Qt.FramelessWindowHint)
            self.showFullScreen()
        elif geometry:
            parts = geometry.split(",")
            parts = [int(x) for x in parts]
            self.setGeometry(parts[0], parts[1], parts[2], parts[3])

        self.splash.finish(self)
        self.setWindowTitle(title)
        self.setCentralWidget(self.webView)  
        self.show()  

    def execute(my):

        # make sure tmp config is unset.
        Config.unset_tmp_config()
        Config.reload_config()

        web = WebContainer.get_web()

        vendor = web.get_form_value("database/vendor")


        if vendor == 'Sqlite':
            db_dir = web.get_form_value("database/sqlite_db_dir")
            database = "sthpw"
            db_path = "%s/%s.db" % (db_dir, database)
            if os.path.exists(db_path):
                return

        elif vendor == 'PostgreSQL':
            my.test_postgres(vendor)
            return

        elif vendor in ['MySQL','SQLServer','Oracle']:
            my.test_postgres(vendor)
            return

        my.info['error'] = "Cannot connect to database"

    def verify(self, login_name, password):
            
        if login_name.find("\\") != -1:
            domain, base_login_name = login_name.split("\\")
        else:
            base_login_name = login_name
            domain = None

        # confirm that there is a domain present if required
        require_domain = Config.get_value("active_directory", "require_domain")
        domain_component = Config.get_value("active_directory","domain_component")
        script_path = Config.get_value("active_directory","allow_script")
        
        if script_path:
            flag = False
            try:
                from tactic.command import PythonCmd
                from pyasm.command import Command
                kwargs = {'login' : login_name}
                cmd = PythonCmd(script_path=script_path, **kwargs)
                #flag = Command.execute_cmd(cmd)
                flag = cmd.execute()
            except Exception, e:
                print e
                raise
            if flag != True:
                return False  

    def _do_login(self):

        security = Environment.get_security()

        require_password = Config.get_value("security", "api_require_password")
        api_password = Config.get_value("security", "api_password")

        site = Site.get()
        allow_guest =  site.allow_guest()

        # the xmlrpc login can be overridden to not require a password
        if require_password == "false" or (allow_guest and self.login_name == "guest"):
            security.login_user_without_password(self.login_name, expiry="NULL")
        elif api_password:
            if api_password == self.password:
                security.login_user_without_password(self.login_name, expiry="NULL")
            else:
                # if api password is incorrect, still try and authenticate with
                # user's password
                security.login_user(self.login_name, self.password, expiry="NULL")
        elif self.login_name == "guest":
                security.login_user_without_password(self.login_name)
        else:        
            security.login_user(self.login_name, self.password, expiry="NULL")

        if not security.is_logged_in():
            raise SecurityException("Cannot login as user: %s." % self.login_name)

    def __init__(my, port=''):

        # It is possible on startup that the database is not running.
        from pyasm.search import DbContainer, DatabaseException, Sql

        try:
            sql = DbContainer.get("sthpw")
            if sql.get_database_type() != "MongoDb":
                # before batch, clean up the ticket with a NULL code
                if os.getenv('TACTIC_MODE') != 'production':
                    sql.do_update('DELETE from "ticket" where "code" is NULL;')
                else:
                    start_port = Config.get_value("services", "start_port")
                    if start_port:
                        start_port = int(start_port)
                    else:
                        start_port = 8081
                    if port and int(port) == start_port:
                         sql.do_update('DELETE from "ticket" where "code" is NULL;')
        except DatabaseException, e:
            # TODO: need to work on this
            print "ERROR: could not connect to [sthpw] database"
            #os.environ["TACTIC_CONFIG_PATH"] = Config.get_default_config_path()
            #Sql.set_default_vendor("Sqlite")

            Config.set_tmp_config()
            Config.reload_config()

            # try connecting again
            try:
                sql = DbContainer.get("sthpw")
            except:
                print "Could not connect to the database."
                raise

    def execute(self):

        # save prefix
        local_prefix = self.get_value("local_prefix")
        self.server_prefix = Config.get_value("install", "server")

        if not local_prefix and not self.server_prefix:
            raise TacticException("Cannot have empty local server prefix")

        if local_prefix and local_prefix != self.server_prefix:
            Config.set_value("install", "server", local_prefix)

            Config.save_config()

        self.project_code = self.get_value("project")
        if not self.project_code:
            self.project_code = Project.get_project_code()


        # create a share
        share = SearchType.create("sthpw/sync_server")
        self.handle_info(share)
        self.handle_sync_mode(share)

        share.commit()

def do_startup(port, server=""):

    #from tactic.startup import FirstRunInit
    #cmd = FirstRunInit()
    #cmd.execute()

    if os.name != 'nt' and os.getuid() == 0:
        print 
        print "You should not run this as root. Run it as the Web server process's user. e.g. apache"
        print
	return

    thread_count = Config.get_value("services", "thread_count") 
    

    if not thread_count:
        thread_count = 10
    else: 
        thread_count = int(thread_count)


    from pyasm.web.cherrypy30_startup import CherryPyStartup
    startup = CherryPyStartup()

    startup.set_config('global', 'server.socket_port', port)

    startup.set_config('global', 'server.socket_queue_size', 100)
    startup.set_config('global', 'server.thread_pool', thread_count)
    #startup.set_config('global', 'server.socket_host', server)

    #startup.set_config('global', 'log.screen', True)

    startup.set_config('global', 'request.show_tracebacks', True)
    startup.set_config('global', 'server.log_unhandled_tracebacks', True)

    startup.set_config('global', 'engine.autoreload_on', True)




    hostname = None
    server_default = '127.0.0.1'

    if not server:
        hostname = Config.get_value("install", "hostname") 
        if hostname == 'localhost':
            # swap it to IP to suppress CherryPy Warning
            hostname = server_default
        if hostname:
            # special host name for IIS which can't load balance across many
            # ports with the same service
            hostname = hostname.replace("{port}", str(port))
            server = hostname
        else:
            server = server_default
       
    startup.set_config('global', 'server.socket_host', server)

    startup.execute()

    def _test_strict_checkin(my):

        server = Config.get_value("install", "server")
        process = "process"
        person_code = my.person.get_code()

        filename = "filename.jpg"

        process = "strict"

        subcontexts = [
            '', '', # do 2 checkins
            'hi', 'hi',
            'medium',
            'low',
        ]

        for i, subcontext in enumerate(subcontexts):

            if subcontext:
                context = "%s/%s" % (process, subcontext)
            else:
                context = process

            # create a new test.txt file
            file_path = "./%s" % filename
            file = open(file_path, 'w')
            file.write("test")
            file.close()


            #import time
            #start = time.time()

            checkin = FileCheckin(my.person, file_path, context=context, checkin_type='strict')
            checkin.execute()
            snapshot = checkin.get_snapshot()

            #print "time: ", time.time() - start
            #print "---"

            # make sure there is no versionless
            versionless = Snapshot.get_versionless(my.person.get_search_type(), my.person.get_id(), context, mode='latest', create=False)
            my.assertEquals(None, versionless)

            
            path = snapshot.get_path_by_type("main")

            asset_dir = Config.get_value("checkin", "asset_base_dir")

            file_objects = snapshot.get_all_file_objects()
            my.assertEquals(1, len(file_objects))

            file_object = file_objects[0]
            relative_dir = file_object.get_value("relative_dir")
            file_name = file_object.get_value("file_name")

            test_path = "%s/%s/%s" % (asset_dir, relative_dir, file_name)
            my.assertEquals(test_path, path)

    def _test_base_dir_alias(my):

        Config.set_value("checkin", "asset_base_dir", {
            'default': '/tmp/tactic/default',
            'alias': '/tmp/tactic/alias',
            'alias2': '/tmp/tactic/alias2',
        });
        asset_dict = Environment.get_asset_dirs()
        default_dir = asset_dict.get("default")
        my.assertEquals( "/tmp/tactic/default", default_dir)

        aliases = asset_dict.keys()
        # "plugins" is assumed in some branch 
        if 'plugins' in aliases:
            my.assertEquals( 4, len(aliases))
        else:
            my.assertEquals( 3, len(aliases))
        my.assertNotEquals( None, "alias" in aliases )

        # create a naming
        naming = SearchType.create("config/naming")
        naming.set_value("search_type", "unittest/person")
        naming.set_value("context", "alias")
        naming.set_value("dir_naming", "alias")
        naming.set_value("file_naming", "text.txt")
        naming.set_value("base_dir_alias", "alias")
        naming.commit()

        # create 2nd naming where 
        naming = SearchType.create("config/naming")
        naming.set_value("search_type", "unittest/person")
        naming.set_value("context", "alias2")
        naming.set_value("dir_naming", "alias2")
        naming.set_value("base_dir_alias", "alias2")
        naming.set_value("file_naming", "text.txt")
        naming.set_value("checkin_type", "auto")
        naming.commit()

        my.clear_naming()

        # create a new test.txt file
        for context in ['alias', 'alias2']:
            file_path = "./test.txt"
            file = open(file_path, 'w')
            file.write("whatever")
            file.close()

            checkin = FileCheckin(my.person, file_path, context=context)
            checkin.execute()
            snapshot = checkin.get_snapshot()

            lib_dir = snapshot.get_lib_dir()
            expected = "/tmp/tactic/%s/%s" % (context, context)
            my.assertEquals(expected, lib_dir)

            path = "%s/text.txt" % (lib_dir)
            exists = os.path.exists(path)
            my.assertEquals(True, exists)

    def configure_palette(my):
        my.section = 'Look and Feel'
        web = WebContainer.get_web()
        palette = web.get_form_value("look/palette")

        if palette:
            Config.set_value("look", "palette", palette)
        else:
            Config.set_value("look", "palette", "")

    def configure_palette(my):

        web = WebContainer.get_web()
        palette = web.get_form_value("look/palette")

        if palette:
            Config.set_value("look", "palette", palette)
        else:
            Config.set_value("look", "palette", "")

    def execute(self):
        self.section = None

        # make sure tmp config is unset.
        Config.unset_tmp_config()
        Config.reload_config()

        web = WebContainer.get_web()

        # read the current config file.


        # copy config to the path
        config_path = Config.get_config_path()
        if not os.path.exists(config_path):
            print "Installing default config file"

            dirname = os.path.dirname(config_path)
            if not os.path.exists(dirname):
                os.makedirs(dirname)

            if os.name == 'nt':
                osname = 'win32'
            else:
                osname = 'linux'

            install_dir = Environment.get_install_dir()
            install_config_path = "%s/src/install/start/config/tactic_%s-conf.xml" % ( install_dir, osname)

            shutil.copy(install_config_path, dirname)

        try:
            self.configure_db()
            self.configure_install()
            self.configure_mail_services()
            self.configure_gen_services()
            self.configure_asset_dir()
            self.configure_palette()
            self.configure_security()
        except Exception as e:
            raise TacticException('Error in [%s]: %s'%(self.section, e.__str__()))
        # FIXME: if this all fails, then revert back
        
        self.save_config()

        # after saving the config, test the database
        self.load_bootstrap()

        # remove the first run file
        data_dir = Environment.get_data_dir()
        path = "%s/first_run" % data_dir
        if os.path.exists(path):
            os.unlink(path)


        self.restart_program()

    def get_local_dir(self):
        '''get the local asset directory on the client machine'''
        user_agent = self.get_env("HTTP_USER_AGENT")
        if user_agent.startswith("Houdini"):
            dir = Config.get_value("checkin", "win32_local_base_dir")

        elif user_agent.find("Windows") != -1:
            dir = Config.get_value("checkin", "win32_local_base_dir")
        else:
            dir = Config.get_value("checkin", "linux_local_base_dir")

        return dir

    def configure_services(my):

        web = WebContainer.get_web()

        options = ['server', '_user', '_password', '_port', '_tls_enabled','_sender_disabled']
        for option in options:
            server = web.get_form_value("services/mail%s" %option)

            if server:
                Config.set_value("services", "mail%s" %option, server)
            else:
                #Config.remove("services", "mail%s"%option)
                Config.set_value("services", "mail%s"%option,  "")

    def configure_gen_services(my):
        my.section = 'Services'
        web = WebContainer.get_web()

        options = ['process_count', 'process_time_alive', 'thread_count', 'python_path','rsync']
        for option in options:
            value = web.get_form_value("services/%s" %option)

            if value:
                Config.set_value("services", option, value)
            else:
                
                Config.set_value("services", option,  "")

    def configure_security(my):
        my.section = 'Security'
        web = WebContainer.get_web()

        options = ['allow_guest','ticket_expiry','authenticate_mode',
            'authenticate_class','authenticate_version','auto_create_user',
            'api_require_password','api_password','max_login_attempt','account_logout_duration']
        for option in options:
            security_value = web.get_form_value("security/%s" %option)

            if security_value:
                Config.set_value("security", option, security_value)
            else:
                Config.set_value("security", option,  "")

    def execute(my):
        hostname = my.kwargs.get("hostname")
        if not hostname:
            hostname = Config.get_value("install", "hostname")

        port = my.kwargs.get("port")
        if not port:
            port = Config.get_value("install", "port")
        if not port:
            port = 9123
        else:
            port = int(port)

        do_startup(port, server=hostname)

    def get_otherdb_wdg(my):

        div = DivWdg()
        div.add_class("spt_db_options")
        div.add_attr("spt_vendor", "Other")
        div.add_style("margin: 20px")

        table = Table()
        div.add(table)
        table.add_color("color", "color")


        table.add_row()
        table.add_cell("Server: ")
        text = TextInputWdg(name="server")
        text.set_value("localhost")
        table.add_cell(text)
        server = Config.get_value("database", "server")
        if server:
            text.set_value(server)

        table.add_row()
        table.add_cell("Port: ")
        text = TextInputWdg(name="port")
        table.add_cell(text)
        port = Config.get_value("database", "port")
        if port:
            text.set_value(port)

        table.add_row()
        table.add_cell("Login: ")
        text = TextInputWdg(name="user")
        table.add_cell(text)
        user = Config.get_value("database", "user")
        if user:
            text.set_value(user)

        table.add_row()
        text = PasswordInputWdg(name="password")
        table.add_cell("Password: ")
        table.add_cell(text)
        password = Config.get_value("database", "password")
        if password:
            text.set_value(password)

        #from pyasm.search import Sql
        #sql.connect()

        return div

    def verify(my, login_name, password):
        path = Config.get_value("checkin", "ldap_path")
        server = Config.get_value("checkin", "ldap_server")
        assert path, server

        path = path.replace("{login}", login_name)

        import ldap

        try:
            l = ldap.open(server)
            l.simple_bind_s(path, password)
            return True
        except:
            raise SecurityException("Login/Password combination incorrect")