Hello and happy new year!
User is defined in LDAP and new to NAVdb.
error.log:[...] [INFO] [pid=36224 nav.web.ldapauth] USER-drift is verified to be a member of cn=nav,cn=filegroups,cn=system, (removed) error.log:put_filter: "(member=uid=USER,cn=users,cn=system, (removed) )"
Seems like the -drift is removed from the USER (it does appear with other users) ?
There is no 'successfully logged in' in the log as with other users (with -drift).
USER is not created in Account list.
NAV version is 4.8.1
Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 111, in get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper return view(request, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/nav/web/webfront/views.py", line 181, in login return do_login(request) File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 36, in sensitive_variables_wrapper return func(*func_args, **func_kwargs) File "/usr/lib/python2.7/dist-packages/nav/web/webfront/views.py", line 216, in do_login account = auth.authenticate(username, password) File "/usr/lib/python2.7/dist-packages/nav/web/auth.py", line 47, in authenticate name=user.get_real_name(), File "/usr/lib/python2.7/dist-packages/nav/web/ldapauth.py", line 272, in get_real_name '(objectClass=*)', [name_attr]) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 552, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 545, in search_ext_s msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 541, in search_ext timeout,sizelimit, File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) TypeError: ('expected string in list', u'cn')
Any ideas?
On Tue, 2 Jan 2018 12:48:35 +0000 Jan Sigurd Refvik j.s.refvik@usit.uio.no wrote:
Hello and happy new year!
Hi Sigurd,
happy new year to you as well!
User is defined in LDAP and new to NAVdb.
error.log:[...] [INFO] [pid=36224 nav.web.ldapauth] USER-drift is verified to be a member of cn=nav,cn=filegroups,cn=system, (removed) error.log:put_filter: "(member=uid=USER,cn=users,cn=system, (removed) )"
Seems like the -drift is removed from the USER (it does appear with other users) ?
I cannot see any code paths that would lead to the "-drift" part being stripped. I also cannot confirm it in actual tests. However, you have pasted redacted, non-consecutive log lines here, so we cannot be sure what's going on, or in what order.
For all I know, the log lines you posted only indicate that someone failed logging in as "USER-drift" and subsequently made another attempt as just "USER" ;-)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) TypeError: ('expected string in list', u'cn')
From this I would deduce that the user object either doesn't exist or
doesn't have a `cn` attribute - so the login process crashes when attempting to extract a full name from the user object (which is needed before the account can be created in NAV).
From this I would deduce that the user object either doesn't exist or doesn't have a `cn` attribute - so the login process crashes when attempting to extract a full name from the user object (which is needed before the account can be created in NAV).
Looks like the problem is a unicode string is being passed to python-ldap:
Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 111, in get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper return view(request, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/nav/web/webfront/views.py", line 181, in login return do_login(request) File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 36, in sensitive_variables_wrapper return func(*func_args, **func_kwargs) File "/usr/lib/python2.7/dist-packages/nav/web/webfront/views.py", line 216, in do_login account = auth.authenticate(username, password) File "/usr/lib/python2.7/dist-packages/nav/web/auth.py", line 47, in authenticate name=user.get_real_name(), File "/usr/lib/python2.7/dist-packages/nav/web/ldapauth.py", line 272, in get_real_name '(objectClass=*)', [name_attr]) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 552, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 545, in search_ext_s msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 541, in search_ext timeout,sizelimit, File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) TypeError: ('expected string in list', u'cn')
On Tue, 9 Jan 2018 07:48:51 +0000 Andreas Dobloug andreas.dobloug@usit.uio.no wrote:
From this I would deduce that the user object either doesn't exist or doesn't have a `cn` attribute - so the login process crashes when attempting to extract a full name from the user object (which is needed before the account can be created in NAV).
Looks like the problem is a unicode string is being passed to python-ldap:
It is. I literally just responded to and fixed this exact bug, reported on GitHub, before reading your post :-D
See https://github.com/UNINETT/nav/issues/1647
It is. I literally just responded to and fixed this exact bug, reported on GitHub, before reading your post :-D
Thanks! When do you expect this patch to reach the debian package repository?
PS: This also explains why we had to remove Norwegian characters from the comments in our config files.
best regards Andreas Dobloug
On Tue, 9 Jan 2018 09:39:51 +0000 Andreas Dobloug andreas.dobloug@usit.uio.no wrote:
Thanks! When do you expect this patch to reach the debian package repository?
As it stands now, I believe a bugfix release on Thursday of this week is in order.
PS: This also explains why we had to remove Norwegian characters from the comments in our config files.
That sounds like another bug we haven't noticed, and is probably another unintended side-effect of switching configparser libraries.
As we are slowly porting the codebase towards Python 3, more of these issue may arise. They all stem from the different ways of handling bytestrings vs. unicode strings in Python 2 and 3, and I guess the problems with configparser is due to the fact that this is a backported-to-python2 version of the Python 3 standard library configparser.
-
Andreas Dobloug -
Jan Sigurd Refvik -
Morten Brekkevold