Modify

Opened 23 months ago

Closed 23 months ago

Last modified 22 months ago

#10309 closed defect (fixed)

FILTER_ERROR: {'desc': 'Bad search filter'}

Reported by: Anonymous Owned by: sandinak
Priority: normal Component: DirectoryAuthPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.12

Description (last modified by rjollos)

Hi,

we are having some problems with the trac ActiveDirectoryAuthPlugin (current version -> 0.32 -> 2012-09-12). If we use an AD group with underscore _ or minus - for authentication it always says "Bad search filter". If we create a new group without underscore or minus etc. it also does not work. If we use an existing group, e.g. "Domain Users" it works. Some groups work, some do not work and result in "Bad search filter". We tried also multiple Trac Releases (0.11, 0.12, 1.0) but it looks like a problem of the ActiveDirectoryAuthPlugin.

Trac detected an internal error:
FILTER_ERROR: {'desc': 'Bad search filter'}

Python Traceback

Most recent call last:
Traceback (most recent call last):
  File "build/bdist.linux-x86_64/egg/trac/web/main.py", line 513, in _dispatch_request
    dispatcher.dispatch(req)
  File "build/bdist.linux-x86_64/egg/trac/web/main.py", line 235, in dispatch
    resp = chosen_handler.process_request(req)
  File "build/bdist.linux-x86_64/egg/trac/admin/web_ui.py", line 80, in process_request
    panels, providers = self._get_panels(req)
  File "build/bdist.linux-x86_64/egg/trac/admin/web_ui.py", line 163, in _get_panels
    p = list(provider.get_admin_panels(req) or [])
  File "build/bdist.linux-x86_64/egg/acct_mgr/admin.py", line 194, in get_admin_panels
    if req.perm.has_permission('ACCTMGR_CONFIG_ADMIN'):
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 553, in has_permission
    return self._has_permission(action, resource)
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 567, in _has_permission
    check_permission(action, perm.username, resource, perm)
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 454, in check_permission
    perm)
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 286, in check_permission
    get_user_permissions(username)
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 372, in get_user_permissions
    for perm in self.store.get_user_permissions(username) or []:
  File "build/bdist.linux-x86_64/egg/tracext/adauth/api.py", line 43, in get_user_permissions
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 199, in get_permission_groups
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 271, in _get_user_dn
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 129, in has_user
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 73, in get_users
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 104, in expand_group_users
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 456, in _ad_search
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 551, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 855, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 804, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 544, in search_ext_s
    msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 540, in search_ext
    timeout,sizelimit,
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 98, in _ldap_call
    result = func(*args,**kwargs)
FILTER_ERROR: {'desc': 'Bad search filter'}
System Information:

Trac	0.12
Babel	0.9.6
Genshi	0.6
mod_wsgi	3.3 (WSGIProcessGroup WSGIApplicationGroup %{GLOBAL})
pysqlite	2.6.0
Python	2.7.2 (default, Aug 19 2011, 20:41:43) [GCC]
setuptools	0.6c11
SQLite	3.7.8
Subversion	1.6.18 (r1303927)

Attachments (0)

Change History (4)

comment:1 Changed 23 months ago by sandinak

  • Status changed from new to assigned

So .. you're using the group for the auth_group or in 0.4 group_validusers? LDAP should accept - and _ as valid search characters.. i'll see if I can duplicate it here.

comment:2 Changed 23 months ago by sandinak

  • Resolution set to fixed
  • Status changed from assigned to closed

so I couldn't duplicate this .. but I did find another problem that i had to fix that may have resolved it. Please try 0.5 when I release it today. Thanks.

comment:2 Changed 23 months ago by sandinak

  • Resolution set to fixed
  • Status changed from assigned to closed

so I couldn't duplicate this .. but I did find another problem that i had to fix that may have resolved it. Please try 0.5 when I release it today. Thanks.

comment:3 Changed 22 months ago by rjollos

  • Description modified (diff)

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from sandinak. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.