Re: NAV authentication with LDAP + MS AD

Hi,

I pulled the fix from:

https://nav.uninett.no/hg/stable/rev/23d774154094

this makes the login with wrong credentials work (before we had an error) but in case of good credentials the system still crashes. Debug output below:

read1msg: mark request completed, ld 0x7fdfb4d38300 msgid 4

request done: ld 0x7fdfb4d38300 msgid 4

res_errno: 0, res_error: <>, res_matched: <>

ldap_free_request (origid 4, msgid 4)

ldap_parse_result

ldap_msgfree

[Wed Apr 02 17:23:22 2014] [error] [Wed Apr 02 17:23:22 2014] [ERROR] [pid=12954 django.request] Internal Server Error: /index/login/

[Wed Apr 02 17:23:22 2014] [error] Traceback (most recent call last):

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 111, in get_response

[Wed Apr 02 17:23:22 2014] [error] response = callback(request, *callback_args, **callback_kwargs)

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 69, in sensitive_post_parameters_wrapper

[Wed Apr 02 17:23:22 2014] [error] return view(request, *args, **kwargs)

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 92, in login

[Wed Apr 02 17:23:22 2014] [error] return do_login(request)

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 34, in sensitive_variables_wrapper

[Wed Apr 02 17:23:22 2014] [error] return func(*args, **kwargs)

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 127, in do_login

[Wed Apr 02 17:23:22 2014] [error] account = auth.authenticate(username, password)

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/auth.py", line 79, in authenticate

[Wed Apr 02 17:23:22 2014] [error] user = ldapauth.authenticate(username, password)

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 151, in authenticate

[Wed Apr 02 17:23:22 2014] [error] if user.is_group_member(group_dn):

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 280, in is_group_member

[Wed Apr 02 17:23:22 2014] [error] result = self.ldap.search_s(group_dn, ldap.SCOPE_BASE, filterstr)

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 552, in search_s

[Wed Apr 02 17:23:22 2014] [error] return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout= self.timeout)

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 545, in search_ext_s

[Wed Apr 02 17:23:22 2014] [error] msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientct rls,timeout,sizelimit)

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 541, in search_ext

[Wed Apr 02 17:23:22 2014] [error] timeout,sizelimit,

[Wed Apr 02 17:23:22 2014] [error] File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99, in _ldap_call

[Wed Apr 02 17:23:22 2014] [error] result = func(*args,**kwargs)

[Wed Apr 02 17:23:22 2014] [error] UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 26: ordinal not in range(128)

ldap_free_connection 1 1

ldap_send_unbind

ldap_free_connection: actually freed

==== mail received from system ===

Traceback (most recent call last):

File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 111, in get_response response = callback(request, *callback_args, **callback_kwargs)

File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 69, in sensitive_post_parameters_wrapper return view(request, *args, **kwargs)

File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 92, in login return do_login(request)

File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 34, in sensitive_variables_wrapper return func(*args, **kwargs)

File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 127, in do_login account = auth.authenticate(username, password)

File "/usr/lib/pymodules/python2.7/nav/web/auth.py", line 79, in authenticate user = ldapauth.authenticate(username, password)

File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 151, in authenticate if user.is_group_member(group_dn):

File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 280, in is_group_member result = self.ldap.search_s(group_dn, ldap.SCOPE_BASE, filterstr)

File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 552, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout= self.timeout)

File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 545, in search_ext_s msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientct rls,timeout,sizelimit)

File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 541, in search_ext timeout,sizelimit,

File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs)

UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 26: ordinal not in range(128)

<WSGIRequest path:/index/login/, GET:<QueryDict: {}>, POST:<QueryDict: {u'origin': [u''], u'username': [u'XXX-adm'], u'password': [u'***********']}>, COOKIES:{'sessionid': '59e85ca4ca567cfd8966ab12'}, META:{'CONTENT_LENGTH': '47', 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'DOCUMENT_ROOT': '/usr/share/nav/htdocs', 'GATEWAY_INTERFACE': 'CGI/1.1', 'HTTPS': '1', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate', 'HTTP_ACCEPT_LANGUAGE': 'de,en-us;q=0.7,en;q=0.3', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_COOKIE': 'sessionid=59e85ca4c39f3dbe7a567cfd8966ab12', 'HTTP_DNT': '1', 'HTTP_HOST': 'urz-nav', 'HTTP_REFERER': 'https://urz-nav-pet.urz.unibas.ch/index/login/', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Firefox/28.0', 'PATH_INFO': u'/index/login/', 'PATH_TRANSLATED': '/usr/share/pyshared/nav/wsgi.py/index/login/', 'QUERY_STRING': '', 'REMOTE_ADDR': '1', 'REMOTE_PORT': '64036', 'REQUEST_METHOD': 'POST', 'REQUEST_URI': '/index/login/', 'SCRIPT_FILENAME': '/usr/share/pyshared/nav/wsgi.py', 'SCRIPT_NAME': u'', 'SERVER_ADDR': '1', 'SERVER_ADMIN': 'webmaster@localhost', 'SERVER_NAME': 'urz-nav', 'SERVER_PORT': '443', 'SERVER_PROTOCOL': 'HTTP/1.1', 'SERVER_SIGNATURE': '<address>Apache/2.2.22 (Debian) Server at urz-nav Port 443</address>\n', 'SERVER_SOFTWARE': 'Apache/2.2.22 (Debian)', 'SSL_TLS_SNI': 'urz-nav-pet.urz.unibas.ch', 'mod_wsgi.application_group': 'urz-nav|', 'mod_wsgi.callable_object': 'application', 'mod_wsgi.handler_script': '', 'mod_wsgi.input_chunked': '0', 'mod_wsgi.listener_host': '', 'mod_wsgi.listener_port': '443', 'mod_wsgi.process_group': 'NAV', 'mod_wsgi.request_handler': 'wsgi-script', 'mod_wsgi.script_reloading': '1', 'mod_wsgi.version': (3, 3), 'wsgi.errors': <mod_wsgi.Log object at 0x7fdfb27046f0>, 'wsgi.file_wrapper': <built-in method file_wrapper of mod_wsgi.Adapter object at 0x7fdfb4ca4a08>, 'wsgi.input': <mod_wsgi.Input object at 0x7fdfb34604f0>, 'wsgi.multiprocess': True, 'wsgi.multithread': True, 'wsgi.run_once': False, 'wsgi.url_scheme': 'https', 'wsgi.version': (1, 1)}>