On Tue, 2 Jan 2018 12:48:35 +0000 Jan Sigurd Refvik j.s.refvik@usit.uio.no wrote:
Hello and happy new year!
Hi Sigurd,
happy new year to you as well!
User is defined in LDAP and new to NAVdb.
error.log:[...] [INFO] [pid=36224 nav.web.ldapauth] USER-drift is verified to be a member of cn=nav,cn=filegroups,cn=system, (removed) error.log:put_filter: "(member=uid=USER,cn=users,cn=system, (removed) )"
Seems like the -drift is removed from the USER (it does appear with other users) ?
I cannot see any code paths that would lead to the "-drift" part being stripped. I also cannot confirm it in actual tests. However, you have pasted redacted, non-consecutive log lines here, so we cannot be sure what's going on, or in what order.
For all I know, the log lines you posted only indicate that someone failed logging in as "USER-drift" and subsequently made another attempt as just "USER" ;-)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) TypeError: ('expected string in list', u'cn')
From this I would deduce that the user object either doesn't exist or
doesn't have a `cn` attribute - so the login process crashes when attempting to extract a full name from the user object (which is needed before the account can be created in NAV).