Modify

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#10309 closed defect (fixed)

FILTER_ERROR: {'desc': 'Bad search filter'}

Reported by: Anonymous Owned by: branson
Priority: normal Component: DirectoryAuthPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.12

Description (last modified by Ryan J Ollos)

Hi,

we are having some problems with the trac ActiveDirectoryAuthPlugin (current version -> 0.32 -> 2012-09-12). If we use an AD group with underscore _ or minus - for authentication it always says "Bad search filter". If we create a new group without underscore or minus etc. it also does not work. If we use an existing group, e.g. "Domain Users" it works. Some groups work, some do not work and result in "Bad search filter". We tried also multiple Trac Releases (0.11, 0.12, 1.0) but it looks like a problem of the ActiveDirectoryAuthPlugin.

Trac detected an internal error:
FILTER_ERROR: {'desc': 'Bad search filter'}

Python Traceback

Most recent call last:
Traceback (most recent call last):
  File "build/bdist.linux-x86_64/egg/trac/web/main.py", line 513, in _dispatch_request
    dispatcher.dispatch(req)
  File "build/bdist.linux-x86_64/egg/trac/web/main.py", line 235, in dispatch
    resp = chosen_handler.process_request(req)
  File "build/bdist.linux-x86_64/egg/trac/admin/web_ui.py", line 80, in process_request
    panels, providers = self._get_panels(req)
  File "build/bdist.linux-x86_64/egg/trac/admin/web_ui.py", line 163, in _get_panels
    p = list(provider.get_admin_panels(req) or [])
  File "build/bdist.linux-x86_64/egg/acct_mgr/admin.py", line 194, in get_admin_panels
    if req.perm.has_permission('ACCTMGR_CONFIG_ADMIN'):
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 553, in has_permission
    return self._has_permission(action, resource)
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 567, in _has_permission
    check_permission(action, perm.username, resource, perm)
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 454, in check_permission
    perm)
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 286, in check_permission
    get_user_permissions(username)
  File "build/bdist.linux-x86_64/egg/trac/perm.py", line 372, in get_user_permissions
    for perm in self.store.get_user_permissions(username) or []:
  File "build/bdist.linux-x86_64/egg/tracext/adauth/api.py", line 43, in get_user_permissions
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 199, in get_permission_groups
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 271, in _get_user_dn
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 129, in has_user
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 73, in get_users
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 104, in expand_group_users
  File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 456, in _ad_search
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 551, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 855, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 804, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 544, in search_ext_s
    msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 540, in search_ext
    timeout,sizelimit,
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 98, in _ldap_call
    result = func(*args,**kwargs)
FILTER_ERROR: {'desc': 'Bad search filter'}
System Information:

Trac	0.12
Babel	0.9.6
Genshi	0.6
mod_wsgi	3.3 (WSGIProcessGroup WSGIApplicationGroup %{GLOBAL})
pysqlite	2.6.0
Python	2.7.2 (default, Aug 19 2011, 20:41:43) [GCC]
setuptools	0.6c11
SQLite	3.7.8
Subversion	1.6.18 (r1303927)

Attachments (0)

Change History (4)

comment:1 Changed 12 years ago by branson

Status: newassigned

So .. you're using the group for the auth_group or in 0.4 group_validusers? LDAP should accept - and _ as valid search characters.. i'll see if I can duplicate it here.

comment:2 Changed 12 years ago by branson

Resolution: fixed
Status: assignedclosed

so I couldn't duplicate this .. but I did find another problem that i had to fix that may have resolved it. Please try 0.5 when I release it today. Thanks.

comment:2 Changed 12 years ago by branson

Resolution: fixed
Status: assignedclosed

so I couldn't duplicate this .. but I did find another problem that i had to fix that may have resolved it. Please try 0.5 when I release it today. Thanks.

comment:3 Changed 12 years ago by Ryan J Ollos

Description: modified (diff)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain branson.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.