Hi
I'm happy to say the fix works for MOST of our users.
Unfortunately not for me...
I have traced it down to the fact that i have a "ø" in my last name. Users with names not containing "æøå" can log in just fine.
From Apache error.log: [Tue Apr 01 11:29:17 2014] [error] [Tue Apr 01 11:29:17 2014] [ERROR] [pid=18668 django.request] Internal Server Error: /index/login/ [Tue Apr 01 11:29:17 2014] [error] Traceback (most recent call last): [Tue Apr 01 11:29:17 2014] [error] File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 111, in get_response [Tue Apr 01 11:29:17 2014] [error] response = callback(request, *callback_args, **callback_kwargs) [Tue Apr 01 11:29:17 2014] [error] File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 69, in sensitive_post_parameters_wrapper [Tue Apr 01 11:29:17 2014] [error] return view(request, *args, **kwargs) [Tue Apr 01 11:29:17 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 92, in login [Tue Apr 01 11:29:17 2014] [error] return do_login(request) [Tue Apr 01 11:29:17 2014] [error] File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 34, in sensitive_variables_wrapper [Tue Apr 01 11:29:17 2014] [error] return func(*args, **kwargs) [Tue Apr 01 11:29:17 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 127, in do_login [Tue Apr 01 11:29:17 2014] [error] account = auth.authenticate(username, password) [Tue Apr 01 11:29:17 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/auth.py", line 95, in authenticate [Tue Apr 01 11:29:17 2014] [error] auth = ldapauth.authenticate(username, password) [Tue Apr 01 11:29:17 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 127, in authenticate [Tue Apr 01 11:29:17 2014] [error] user.bind(password) [Tue Apr 01 11:29:17 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 186, in bind [Tue Apr 01 11:29:17 2014] [error] self.ldap.simple_bind_s(user_dn.encode(encoding), [Tue Apr 01 11:29:17 2014] [error] UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 18: ordinal not in range(128)
regards Steinar Otto Sjøholt Seniorengineer - IT-Services Aalesund University College
-----Original Message----- From: Morten Brekkevold [mailto:morten.brekkevold@uninett.no] Sent: 24. mars 2014 09:11 To: Mischa Diehm Cc: Sjøholt Steinar Otto; nav-users@uninett.no Subject: Re: NAV authentication with LDAP + MS AD
On Fri, 21 Mar 2014 07:34:15 +0000 Mischa Diehm mischa.diehm@unibas.ch wrote:
this bug broke LDAP-Auth for us too but we are using OpenLDAP as a
backend.
After applying the patches to our system things work nice again.
Debug output:
put_simple_filter: "uid:caseExactMatch:=foobar" ... [error] UNAVAILABLE_CRITICAL_EXTENSION: {'info': 'Bad search filter', 'desc': 'Critical extension is unavailable'}
Is this extension maybe version-specific in OpenLDAP? It worked fine on our OpenLDAP-based catalog when we tested it.
Nevertheless, I'm glad the fix works for you too; we will likely do another 3.15 release this week, with the fix in it.
-- Morten Brekkevold UNINETT