Context Navigation

Modify ↓

#13490 closed defect (fixed)

LDAPStore has no attribute 'has_user'

Reported by:	Jun Omae	Owned by:	Jun Omae
Priority:	normal	Component:	LDAPAcctMngrPlugin
Severity:	normal	Keywords:
Cc:		Trac Release:

Description

06:27:44 PM Trac[main] ERROR: [192.168.11.19] Internal Server Error: <RequestWithSession "GET '/admin/accounts/users/USERNAME'">, referrer 'http://192.168.11.27:3000/t13487-env/admin/accounts/users'
Traceback (most recent call last):
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/trac/web/main.py", line 623, in _dispatch_request
    dispatcher.dispatch(req)
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/trac/web/main.py", line 239, in dispatch
    resp = chosen_handler.process_request(req)
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/trac/admin/web_ui.py", line 109, in process_request
    provider.render_admin_panel(req, cat_id, panel_id, path_info)
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/acct_mgr/admin.py", line 218, in render_admin_panel
    return self._do_acct_details(req, path_info)
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/acct_mgr/admin.py", line 332, in _do_acct_details
    if not (username and acctmgr.has_user(username)):
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/acct_mgr/api.py", line 245, in has_user
    if store.has_user(user):
AttributeError: 'LDAPStore' object has no attribute 'has_user'

Attachments (0)

Change History (12)

comment:1 follow-up: 2 Changed 6 years ago by totalcaos

+1 The login using the LDAPAcctMngr works along with the sync of users from LDAP, but not user management is possible.

Also noticed that when logging in to trac with an LDAP user for the first time the following error pops up (and the login fails):

AttributeError: 'LDAPStore' object has no attribute 'delete_user'

logging in as the same user again does not show the error and successfully logs the user in.

Last edited 6 years ago by Ryan J Ollos (previous) (diff)

comment:2 in reply to: 1 Changed 6 years ago by Jun Omae

Replying to totalcaos:

Also noticed that when logging in to trac with an LDAP user for the first time the following error pops up (and the login fails):
AttributeError: 'LDAPStore' object has no attribute 'delete_user'

Weird. AccountManagerPlugin invokes the delete_user() only when the store has delete_user attribute, accountmanagerplugin/trunk/acct_mgr/api.py@17223:301-302#L297 .

Could you please post stack trace of the AttributeError?

comment:3 Changed 6 years ago by Ryan J Ollos

Resolution:	→ worksforme
Status:	new → closed

Feel free to reopen if you can provide the traceback (comment:2).

comment:4 Changed 6 years ago by Jun Omae

Resolution:	worksforme
Status:	closed → reopened

The reported issue is not fixed.

comment:5 Changed 6 years ago by Ryan J Ollos

What is the plan to fix it then? It may or may not be a valid issue. Most likely it just stays open indefinitely with no user feedback.

comment:6 Changed 6 years ago by Jun Omae

I've reported AttributeError: 'LDAPStore' object has no attribute 'has_user'. The method is invoked by AccountManager. Then, LDAPStore component should have has_user method of IPasswordStore.

ldapacctmngrplugin/trunk/ldapacctmngrplugin/security/ldapstore.py

diff --git a/ldapacctmngrplugin/trunk/ldapacctmngrplugin/security/ldapstore.py b/ldapacctmngrplugin/trunk/ldapacctmngrplugin/security/ldapstore.py
index 2ee361972..8c39c4768 100644

-                      a
 import ldap
+import ldap.filter
 from trac.core import *
 from trac.config import *
-…
+ class LDAPStore (Component):
     def check_password(self, user, password):
         # Authenticate a user by checking password
         con = None
-        base = self.user_searchbase
-        filter = self.user_matchfilter % user
         # nested "try:" for python2.4
         try:
             try:
                 con = self.init_connection()
                 resp = con.search_s(base, ldap.SCOPE_SUBTREE, filter, ['dn'])
+                resp = self._ldap_search_user(con, user, ['dn'])
                 # Added to prevent empty password authentication (some server allows that)
                 if not len(resp) :
-…
+ class LDAPStore (Component):
             if entry[1]['uid'][0]:
                 yield entry[1]['uid'][0]
+    def has_user(self, user):
+        con = self.init_connection()
+        try:
+            resp = self._ldap_search_user(con, user, ['dn'])
+            return len(resp) != 0
+        finally:
+            con.unbind()
     def init_connection(self):
         # Initialize LDAP connection
         connection = ldap.initialize(self.bind_server)
-…
+ class LDAPStore (Component):
             resp = connection.simple_bind_s(self.bind_dn, self.bind_passwd)
         return connection
+    def _ldap_search_user(self, conn, user, attrs):
+        filter_ = ldap.filter.filter_format(self.user_matchfilter, [user])
+        return con.search_s(self.user_searchbase, ldap.SCOPE_SUBTREE, filter_,
+                            attrs)

Last edited 6 years ago by Jun Omae (previous) (diff)

comment:7 Changed 6 years ago by Ryan J Ollos

I would just go ahead and commit the change. There's been no maintainer activity in a while and there seem to be quite a few users of the plugin.

comment:8 Changed 5 years ago by Ryan J Ollos

Resolution:	→ fixed
Status:	reopened → closed

In 17456:

Fix LDAPStore has no attribute 'has_user'

Patch by Jun Omae.

Fixes #13490.

Last edited 5 years ago by Ryan J Ollos (previous) (diff)

comment:9 Changed 5 years ago by Ryan J Ollos

Owner:	changed from c0redumb to Jun Omae

comment:10 Changed 5 years ago by Gea-Suan Lin

I found it's not working:

Sep 28 19:54:07 ip-10-255-0-12 Trac[main] ERROR: [220.137.4.246] Internal Server Error: <RequestWithSession 
"POST '/login'">, referrer 'https://x/login'#012Traceback (most recent call last):#012  File
 "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 647, in _dispatch_requ
est#012    dispatcher.dispatch(req)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/t
rac/web/main.py", line 215, in dispatch#012    chosen_handler = self._pre_process_request(req, chosen_handle
r)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 455, in _p
re_process_request#012    chosen_handler = filter_.pre_process_request(req, chosen_handler)#012  File "/var/
www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/api.py", line 461, in pre_process_request#01
2    if not req.session.authenticated or 'ACCTMGR_USER_ADMIN' in req.perm:#012  File "/var/www/.pyenv/versio
ns/2.7.16/lib/python2.7/site-packages/trac/web/api.py", line 498, in __getattr__#012    value = self.callbac
ks[name](self)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", lin
e 366, in _get_session#012    return Session(self.env, req)#012  File "/var/www/.pyenv/versions/2.7.16/lib/p
ython2.7/site-packages/trac/web/session.py", line 248, in __init__#012    if req.authname == 'anonymous':#01
2  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/api.py", line 498, in __getatt
r__#012    value = self.callbacks[name](self)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-
packages/trac/web/main.py", line 181, in authenticate#012    authname = authenticator.authenticate(req)#012 
 File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/util.py", line 81, in wrap#012    return func(self, *args, **kwds)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/ac
ct_mgr/web_ui.py", line 452, in authenticate#012    username = self._remote_user(req)#012  File "/var/www/.p
yenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/web_ui.py", line 768, in _remote_user#012    if ac
ctmgr.check_password(username, password) is True:#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/s
ite-packages/acct_mgr/api.py", line 287, in check_password#012    valid = store.check_password(user, passwor
d)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/security/ldapstore.py", line 27, i
n check_password#012    resp = self._ldap_search_user(con, user, ['dn'])#012  File "/var/www/.pyenv/versions
/2.7.16/lib/python2.7/site-packages/security/ldapstore.py", line 85, in _ldap_search_user#012    return con.
search_s(self.user_searchbase, ldap.SCOPE_SUBTREE, filter_,#012NameError: global name 'con' is not defined

Reformat:

Internal Server Error: <RequestWithSession "POST '/login'">, referrer 'https://x/login'
Traceback (most recent call last):
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 647, in _dispatch_request
    dispatcher.dispatch(req)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 215, in dispatch
    chosen_handler = self._pre_process_request(req, chosen_handler)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 455, in _pre_process_request
    chosen_handler = filter_.pre_process_request(req, chosen_handler)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/api.py", line 461, in pre_process_request
    if not req.session.authenticated or 'ACCTMGR_USER_ADMIN' in req.perm:
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/api.py", line 498, in __getattr__
    value = self.callbacks[name](self)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 366, in _get_session
    return Session(self.env, req)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/session.py", line 248, in __init__
    if req.authname == 'anonymous':
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/api.py", line 498, in __getattr__
    value = self.callbacks[name](self)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 181, in authenticate
    authname = authenticator.authenticate(req)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/util.py", line 81, in wrap
    return func(self, *args, **kwds)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/web_ui.py", line 452, in authenticate
    username = self._remote_user(req)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/web_ui.py", line 768, in _remote_user
    if acctmgr.check_password(username, password) is True:
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/api.py", line 287, in check_password
    valid = store.check_password(user, password)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/security/ldapstore.py", line 27, in check_password
    resp = self._ldap_search_user(con, user, ['dn'])
  File /var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/security/ldapstore.py", line 85, in _ldap_search_user
    return con.search_s(self.user_searchbase, ldap.SCOPE_SUBTREE, filter_,
NameError: global name 'con' is not defined

Currently I specify the old version to make it work:

pip install svn+https://trac-hacks.org/svn/ldapacctmngrplugin/trunk/ldapacctmngrplugin/@17412

comment:11 Changed 5 years ago by Ryan J Ollos

In 17534:

Fix incorrect variable name in r17456

Refs #13490.

comment:12 Changed 5 years ago by Gea-Suan Lin

Thanks, it works.

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Jun Omae.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: