Modify

Opened 2 years ago

Closed 16 months ago

Last modified 14 months ago

#13490 closed defect (fixed)

LDAPStore has no attribute 'has_user'

Reported by: Jun Omae Owned by: Jun Omae
Priority: normal Component: LDAPAcctMngrPlugin
Severity: normal Keywords:
Cc: Trac Release:

Description

06:27:44 PM Trac[main] ERROR: [192.168.11.19] Internal Server Error: <RequestWithSession "GET '/admin/accounts/users/USERNAME'">, referrer 'http://192.168.11.27:3000/t13487-env/admin/accounts/users'
Traceback (most recent call last):
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/trac/web/main.py", line 623, in _dispatch_request
    dispatcher.dispatch(req)
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/trac/web/main.py", line 239, in dispatch
    resp = chosen_handler.process_request(req)
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/trac/admin/web_ui.py", line 109, in process_request
    provider.render_admin_panel(req, cat_id, panel_id, path_info)
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/acct_mgr/admin.py", line 218, in render_admin_panel
    return self._do_acct_details(req, path_info)
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/acct_mgr/admin.py", line 332, in _do_acct_details
    if not (username and acctmgr.has_user(username)):
  File "/dev/shm/t13487/local/lib/python2.7/site-packages/acct_mgr/api.py", line 245, in has_user
    if store.has_user(user):
AttributeError: 'LDAPStore' object has no attribute 'has_user'

Attachments (0)

Change History (12)

comment:1 Changed 2 years ago by totalcaos

+1 The login using the LDAPAcctMngr works along with the sync of users from LDAP, but not user management is possible.

Also noticed that when logging in to trac with an LDAP user for the first time the following error pops up (and the login fails):

AttributeError: 'LDAPStore' object has no attribute 'delete_user'

logging in as the same user again does not show the error and successfully logs the user in.

Last edited 2 years ago by Ryan J Ollos (previous) (diff)

comment:2 in reply to:  1 Changed 2 years ago by Jun Omae

Replying to totalcaos:

Also noticed that when logging in to trac with an LDAP user for the first time the following error pops up (and the login fails):

AttributeError: 'LDAPStore' object has no attribute 'delete_user'

Weird. AccountManagerPlugin invokes the delete_user() only when the store has delete_user attribute, accountmanagerplugin/trunk/acct_mgr/api.py@17223:301-302#L297.

Could you please post stack trace of the AttributeError?

comment:3 Changed 2 years ago by Ryan J Ollos

Resolution: worksforme
Status: newclosed

Feel free to reopen if you can provide the traceback (comment:2).

comment:4 Changed 2 years ago by Jun Omae

Resolution: worksforme
Status: closedreopened

The reported issue is not fixed.

comment:5 Changed 2 years ago by Ryan J Ollos

What is the plan to fix it then? It may or may not be a valid issue. Most likely it just stays open indefinitely with no user feedback.

comment:6 Changed 2 years ago by Jun Omae

I've reported AttributeError: 'LDAPStore' object has no attribute 'has_user'. The method is invoked by AccountManager. Then, LDAPStore component should have has_user method of IPasswordStore.

  • ldapacctmngrplugin/trunk/ldapacctmngrplugin/security/ldapstore.py

    diff --git a/ldapacctmngrplugin/trunk/ldapacctmngrplugin/security/ldapstore.py b/ldapacctmngrplugin/trunk/ldapacctmngrplugin/security/ldapstore.py
    index 2ee361972..a2b670e73 100644
    a b  
    11import ldap
     2import ldap.filter
    23
    34from trac.core import *
    45from trac.config import *
    class LDAPStore (Component): 
    1819    def check_password(self, user, password):
    1920        # Authenticate a user by checking password
    2021        con = None
    21         base = self.user_searchbase
    22         filter = self.user_matchfilter % user
    2322
    2423        # nested "try:" for python2.4
    2524        try:
    2625            try:
    2726                con = self.init_connection()
    28                 resp = con.search_s(base, ldap.SCOPE_SUBTREE, filter, ['dn'])
     27                resp = self._ldap_search_user(user, ['dn'])
    2928
    3029                # Added to prevent empty password authentication (some server allows that)
    3130                if not len(resp) :
    class LDAPStore (Component): 
    5958            if entry[1]['uid'][0]:
    6059                yield entry[1]['uid'][0]
    6160
     61    def has_user(self, user):
     62        con = self.init_connection()
     63        try:
     64            resp = self._ldap_search_user(user, ['dn'])
     65            return len(resp) != 0
     66        finally:
     67            con.unbind()
     68
    6269    def init_connection(self):
    6370        # Initialize LDAP connection
    6471        connection = ldap.initialize(self.bind_server)
    class LDAPStore (Component): 
    7279            resp = connection.simple_bind_s(self.bind_dn, self.bind_passwd)
    7380
    7481        return connection
     82
     83    def _ldap_search_user(self, conn, user, attrs):
     84        filter_ = ldap.filter.filter_format(self.user_matchfilter, [user])
     85        return con.search_s(self.user_searchbase, ldap.SCOPE_SUBTREE, filter_,
     86                            attrs)
Version 0, edited 2 years ago by Jun Omae (next)

comment:7 Changed 2 years ago by Ryan J Ollos

I would just go ahead and commit the change. There's been no maintainer activity in a while and there seem to be quite a few users of the plugin.

comment:8 Changed 16 months ago by Ryan J Ollos

Resolution: fixed
Status: reopenedclosed

In 17456:

Fix LDAPStore has no attribute 'has_user'

Patch by Jun Omae.

Fixes #13490.

Last edited 16 months ago by Ryan J Ollos (previous) (diff)

comment:9 Changed 16 months ago by Ryan J Ollos

Owner: changed from c0redumb to Jun Omae

comment:10 Changed 14 months ago by Gea-Suan Lin

I found it's not working:

Sep 28 19:54:07 ip-10-255-0-12 Trac[main] ERROR: [220.137.4.246] Internal Server Error: <RequestWithSession 
"POST '/login'">, referrer 'https://x/login'#012Traceback (most recent call last):#012  File
 "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 647, in _dispatch_requ
est#012    dispatcher.dispatch(req)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/t
rac/web/main.py", line 215, in dispatch#012    chosen_handler = self._pre_process_request(req, chosen_handle
r)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 455, in _p
re_process_request#012    chosen_handler = filter_.pre_process_request(req, chosen_handler)#012  File "/var/
www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/api.py", line 461, in pre_process_request#01
2    if not req.session.authenticated or 'ACCTMGR_USER_ADMIN' in req.perm:#012  File "/var/www/.pyenv/versio
ns/2.7.16/lib/python2.7/site-packages/trac/web/api.py", line 498, in __getattr__#012    value = self.callbac
ks[name](self)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", lin
e 366, in _get_session#012    return Session(self.env, req)#012  File "/var/www/.pyenv/versions/2.7.16/lib/p
ython2.7/site-packages/trac/web/session.py", line 248, in __init__#012    if req.authname == 'anonymous':#01
2  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/api.py", line 498, in __getatt
r__#012    value = self.callbacks[name](self)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-
packages/trac/web/main.py", line 181, in authenticate#012    authname = authenticator.authenticate(req)#012 
 File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/util.py", line 81, in wrap#012    return func(self, *args, **kwds)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/ac
ct_mgr/web_ui.py", line 452, in authenticate#012    username = self._remote_user(req)#012  File "/var/www/.p
yenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/web_ui.py", line 768, in _remote_user#012    if ac
ctmgr.check_password(username, password) is True:#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/s
ite-packages/acct_mgr/api.py", line 287, in check_password#012    valid = store.check_password(user, passwor
d)#012  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/security/ldapstore.py", line 27, i
n check_password#012    resp = self._ldap_search_user(con, user, ['dn'])#012  File "/var/www/.pyenv/versions
/2.7.16/lib/python2.7/site-packages/security/ldapstore.py", line 85, in _ldap_search_user#012    return con.
search_s(self.user_searchbase, ldap.SCOPE_SUBTREE, filter_,#012NameError: global name 'con' is not defined

Reformat:

Internal Server Error: <RequestWithSession "POST '/login'">, referrer 'https://x/login'
Traceback (most recent call last):
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 647, in _dispatch_request
    dispatcher.dispatch(req)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 215, in dispatch
    chosen_handler = self._pre_process_request(req, chosen_handler)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 455, in _pre_process_request
    chosen_handler = filter_.pre_process_request(req, chosen_handler)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/api.py", line 461, in pre_process_request
    if not req.session.authenticated or 'ACCTMGR_USER_ADMIN' in req.perm:
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/api.py", line 498, in __getattr__
    value = self.callbacks[name](self)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 366, in _get_session
    return Session(self.env, req)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/session.py", line 248, in __init__
    if req.authname == 'anonymous':
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/api.py", line 498, in __getattr__
    value = self.callbacks[name](self)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/trac/web/main.py", line 181, in authenticate
    authname = authenticator.authenticate(req)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/util.py", line 81, in wrap
    return func(self, *args, **kwds)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/web_ui.py", line 452, in authenticate
    username = self._remote_user(req)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/web_ui.py", line 768, in _remote_user
    if acctmgr.check_password(username, password) is True:
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/acct_mgr/api.py", line 287, in check_password
    valid = store.check_password(user, password)
  File "/var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/security/ldapstore.py", line 27, in check_password
    resp = self._ldap_search_user(con, user, ['dn'])
  File /var/www/.pyenv/versions/2.7.16/lib/python2.7/site-packages/security/ldapstore.py", line 85, in _ldap_search_user
    return con.search_s(self.user_searchbase, ldap.SCOPE_SUBTREE, filter_,
NameError: global name 'con' is not defined

Currently I specify the old version to make it work:

pip install svn+https://trac-hacks.org/svn/ldapacctmngrplugin/trunk/ldapacctmngrplugin/@17412

comment:11 Changed 14 months ago by Ryan J Ollos

In 17534:

Fix incorrect variable name in r17456

Refs #13490.

comment:12 Changed 14 months ago by Gea-Suan Lin

Thanks, it works.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jun Omae.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.