Hi,
we are having some problems with the trac ActiveDirectoryAuthPlugin (current version -> 0.32 -> 2012-09-12). If we use an AD group with underscore _ or minus - for authentication it always says "Bad search filter". If we create a new group without underscore or minus etc. it also does not work. If we use an existing group, e.g. "Domain Users" it works. Some groups work, some do not work and result in "Bad search filter". We tried also multiple Trac Releases (0.11, 0.12, 1.0) but it looks like a problem of the ActiveDirectoryAuthPlugin.
Trac detected an internal error:
FILTER_ERROR: {'desc': 'Bad search filter'}
Python Traceback
Most recent call last:
Traceback (most recent call last):
File "build/bdist.linux-x86_64/egg/trac/web/main.py", line 513, in _dispatch_request
dispatcher.dispatch(req)
File "build/bdist.linux-x86_64/egg/trac/web/main.py", line 235, in dispatch
resp = chosen_handler.process_request(req)
File "build/bdist.linux-x86_64/egg/trac/admin/web_ui.py", line 80, in process_request
panels, providers = self._get_panels(req)
File "build/bdist.linux-x86_64/egg/trac/admin/web_ui.py", line 163, in _get_panels
p = list(provider.get_admin_panels(req) or [])
File "build/bdist.linux-x86_64/egg/acct_mgr/admin.py", line 194, in get_admin_panels
if req.perm.has_permission('ACCTMGR_CONFIG_ADMIN'):
File "build/bdist.linux-x86_64/egg/trac/perm.py", line 553, in has_permission
return self._has_permission(action, resource)
File "build/bdist.linux-x86_64/egg/trac/perm.py", line 567, in _has_permission
check_permission(action, perm.username, resource, perm)
File "build/bdist.linux-x86_64/egg/trac/perm.py", line 454, in check_permission
perm)
File "build/bdist.linux-x86_64/egg/trac/perm.py", line 286, in check_permission
get_user_permissions(username)
File "build/bdist.linux-x86_64/egg/trac/perm.py", line 372, in get_user_permissions
for perm in self.store.get_user_permissions(username) or []:
File "build/bdist.linux-x86_64/egg/tracext/adauth/api.py", line 43, in get_user_permissions
File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 199, in get_permission_groups
File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 271, in _get_user_dn
File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 129, in has_user
File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 73, in get_users
File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 104, in expand_group_users
File "build/bdist.linux-x86_64/egg/tracext/adauth/auth.py", line 456, in _ad_search
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 551, in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 855, in search_ext_s
return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 804, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 544, in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 540, in search_ext
timeout,sizelimit,
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 98, in _ldap_call
result = func(*args,**kwargs)
FILTER_ERROR: {'desc': 'Bad search filter'}
System Information:
Trac 0.12
Babel 0.9.6
Genshi 0.6
mod_wsgi 3.3 (WSGIProcessGroup WSGIApplicationGroup %{GLOBAL})
pysqlite 2.6.0
Python 2.7.2 (default, Aug 19 2011, 20:41:43) [GCC]
setuptools 0.6c11
SQLite 3.7.8
Subversion 1.6.18 (r1303927)
So .. you're using the group for the auth_group or in 0.4 group_validusers? LDAP should accept - and _ as valid search characters.. i'll see if I can duplicate it here.