ERR905: The user can not be found in any resolver in this realm
507 views
Skip to first unread message
Kurt Bendl
Jun 10, 2015, 11:38:25 AM6/10/15
to priva...@googlegroups.com
Hello,
environment: PI 2.3.1 / Ubuntu 14.04.2 LTS, installed via ppa:privacyidea/privacyidea
I have a test PI instance up, connecting to a test LDAP system (Directory Server 389). The Resolver passes when I hit the test button, and users are listed in the Users list. Doing an ldapsearch with the same credentials is successful. As an admin user, when I select a user (/#/user/details/freeipa/kbtestuser), an error get's generated and appears on the screen: "ERR905: The user can not be found in any resolver in this realm!"
I have output from the debug log for both this screen and a user login.
Any ideas what I might try next would be appreciated. :-)
From the log: /var/log/privacyidea/privacyidea.log
```
[
[2015-06-10 08:35:23,071][30715][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:239] exception ProgrammingError('(ProgrammingError) column "success" is of type integer but expression is of type boolean\nLINE 1: ...10T08:35:23.068387\'::timestamp, \'\', \'GET /user/\', true, NULL...\n ^\nHINT: You will need to rewrite or cast the expression.\n',)
[2015-06-10 08:35:23,071][30715][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:240] DATA: {'info': u'realm: freeipa', 'administrator': u'admin', 'realm': u'freeipa', 'success': True, 'privacyidea_server': 'otp2.hpc.nrel.gov', 'client_user_agent': 'chrome', 'client': '10.40.104.142', 'action_detail': '', 'action': 'GET /user/', 'serial': None}
[2015-06-10 08:35:23,072][30715][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:241] Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/auditmodules/sqlaudit.py", line 231, in finalize_log
self.session.commit()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 721, in commit
self.transaction.commit()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 354, in commit
self._prepare_impl()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 334, in _prepare_impl
self.session.flush()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1818, in flush
self._flush(objects)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1936, in _flush
transaction.rollback(_capture_exception=True)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/util/langhelpers.py", line 58, in __exit__
compat.reraise(exc_type, exc_value, exc_tb)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1900, in _flush
flush_context.execute()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/unitofwork.py", line 372, in execute
rec.execute(self)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/unitofwork.py", line 525, in execute
uow
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 64, in save_obj
table, insert)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 569, in _emit_insert_statements
execute(statement, params)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 662, in execute
params)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 761, in _execute_clauseelement
compiled_sql, distilled_params
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 874, in _execute_context
context)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1024, in _handle_dbapi_exception
exc_info
File "/usr/lib/python2.7/dist-packages/sqlalchemy/util/compat.py", line 196, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 867, in _execute_context
context)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 324, in do_execute
cursor.execute(statement, parameters)
ProgrammingError: (ProgrammingError) column "success" is of type integer but expression is of type boolean
LINE 1: ...10T08:35:23.068387'::timestamp, '', 'GET /user/', true, NULL...
^
HINT: You will need to rewrite or cast the expression.
'INSERT INTO pidea_audit (date, signature, action, success, serial, token_type, "user", realm, administrator, action_detail, info, privacyidea_server, client, loglevel, clearance_level) VALUES (%(date)s, %(signature)s, %(action)s, %(success)s, %(serial)s, %(token_type)s, %(user)s, %(realm)s, %(administrator)s, %(action_detail)s, %(info)s, %(privacyidea_server)s, %(client)s, %(loglevel)s, %(clearance_level)s) RETURNING pidea_audit.id' {'info': u'realm: freeipa', 'administrator': u'admin', 'realm': u'freeipa', 'success': True, 'privacyidea_server': 'otp2.hpc.nrel.gov', 'loglevel': None, 'action_detail': '', 'token_type': None, 'date': datetime.datetime(2015, 6, 10, 8, 35, 23, 68387), 'client': '10.40.104.142', 'user': None, 'clearance_level': None, 'signature': '', 'action': 'GET /user/', 'serial': None}
[2015-06-10 08:35:23,103][30716][139984253683648][ERROR][privacyidea.app:1423] Exception on /token/ [GET]
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py", line 101, in log_wrapper
f_result = func(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/token.py", line 350, in list_api
description=description)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py", line 101, in log_wrapper
f_result = func(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py", line 306, in get_tokens_paginate
description=description)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py", line 182, in _create_token_query
(uid, _rtype, _resolver) = user.get_user_identifiers()
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py", line 213, in get_user_identifiers
raise UserError("The user can not be found in any resolver in "
UserError: ERR905: The user can not be found in any resolver in this realm!
[2015-06-10 08:35:23,180][30716][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:239] exception ProgrammingError('(ProgrammingError) column "success" is of type integer but expression is of type boolean\nLINE 1: ...0T08:35:23.178538\'::timestamp, \'\', \'GET /token/\', false, NUL...\n ^\nHINT: You will need to rewrite or cast the expression.\n',)
[2015-06-10 08:35:23,181][30716][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:240] DATA: {'info': u'ERR905: The user can not be found in any resolver in this realm!', 'administrator': u'admin', 'realm': u'freeipa', 'success': False, 'privacyidea_server': 'otp2.hpc.nrel.gov', 'client_user_agent': 'chrome', 'client': '10.40.104.142', 'action_detail': '', 'action': 'GET /token/', 'serial': None}
[2015-06-10 08:35:23,181][30716][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:241] Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/auditmodules/sqlaudit.py", line 231, in finalize_log
self.session.commit()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 721, in commit
self.transaction.commit()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 354, in commit
self._prepare_impl()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 334, in _prepare_impl
self.session.flush()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1818, in flush
self._flush(objects)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1936, in _flush
transaction.rollback(_capture_exception=True)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/util/langhelpers.py", line 58, in __exit__
compat.reraise(exc_type, exc_value, exc_tb)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1900, in _flush
flush_context.execute()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/unitofwork.py", line 372, in execute
rec.execute(self)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/unitofwork.py", line 525, in execute
uow
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 64, in save_obj
table, insert)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 569, in _emit_insert_statements
execute(statement, params)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 662, in execute
params)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 761, in _execute_clauseelement
compiled_sql, distilled_params
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 874, in _execute_context
context)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1024, in _handle_dbapi_exception
exc_info
File "/usr/lib/python2.7/dist-packages/sqlalchemy/util/compat.py", line 196, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 867, in _execute_context
context)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 324, in do_execute
cursor.execute(statement, parameters)
ProgrammingError: (ProgrammingError) column "success" is of type integer but expression is of type boolean
LINE 1: ...0T08:35:23.178538'::timestamp, '', 'GET /token/', false, NUL...
^
HINT: You will need to rewrite or cast the expression.
'INSERT INTO pidea_audit (date, signature, action, success, serial, token_type, "user", realm, administrator, action_detail, info, privacyidea_server, client, loglevel, clearance_level) VALUES (%(date)s, %(signature)s, %(action)s, %(success)s, %(serial)s, %(token_type)s, %(user)s, %(realm)s, %(administrator)s, %(action_detail)s, %(info)s, %(privacyidea_server)s, %(client)s, %(loglevel)s, %(clearance_level)s) RETURNING pidea_audit.id' {'info': u'ERR905: The user can not be found in any resolver in this realm!', 'administrator': u'admin', 'realm': u'freeipa', 'success': False, 'privacyidea_server': 'otp2.hpc.nrel.gov', 'loglevel': None, 'signature': '', 'token_type': None, 'date': datetime.datetime(2015, 6, 10, 8, 35, 23, 178538), 'client': '10.40.104.142', 'user': None, 'clearance_level': None, 'action_detail': '', 'action': 'GET /token/', 'serial': None}
```
Also, when I attempt to log in to privacyidea as the `kbtestuser`, the following error is also generated, and the user is presented with a "wrong credentials" error :
```
[2015-06-10 08:41:10,273][26563][139984253683648][ERROR][privacyidea.lib.user:319] The user User(login=u'kbtestuser', realm=u'freeipa', resolver='') exists in NO resolver.
[2015-06-10 08:41:10,277][26563][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:239] exception ProgrammingError('(ProgrammingError) column "success" is of type integer but expression is of type boolean\nLINE 1: ...10T08:41:10.274448\'::timestamp, \'\', \'POST /auth\', false, NUL...\n ^\nHINT: You will need to rewrite or cast the expression.\n',)
[2015-06-10 08:41:10,277][26563][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:240] DATA: {'info': 'Wrong credentials', 'success': False, 'privacyidea_server': 'otp2.hpc.nrel.gov', 'client_user_agent': 'safari', 'client': '10.40.104.142', 'action_detail': '', 'action': 'POST /auth'}
[2015-06-10 08:41:10,278][26563][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:241] Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/auditmodules/sqlaudit.py", line 231, in finalize_log
self.session.commit()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 721, in commit
self.transaction.commit()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 354, in commit
self._prepare_impl()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 334, in _prepare_impl
self.session.flush()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1818, in flush
self._flush(objects)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1936, in _flush
transaction.rollback(_capture_exception=True)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/util/langhelpers.py", line 58, in __exit__
compat.reraise(exc_type, exc_value, exc_tb)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/session.py", line 1900, in _flush
flush_context.execute()
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/unitofwork.py", line 372, in execute
rec.execute(self)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/unitofwork.py", line 525, in execute
uow
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 64, in save_obj
table, insert)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 569, in _emit_insert_statements
execute(statement, params)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 662, in execute
params)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 761, in _execute_clauseelement
compiled_sql, distilled_params
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 874, in _execute_context
context)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1024, in _handle_dbapi_exception
exc_info
File "/usr/lib/python2.7/dist-packages/sqlalchemy/util/compat.py", line 196, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 867, in _execute_context
context)
File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 324, in do_execute
cursor.execute(statement, parameters)
ProgrammingError: (ProgrammingError) column "success" is of type integer but expression is of type boolean
LINE 1: ...10T08:41:10.274448'::timestamp, '', 'POST /auth', false, NUL...
^
HINT: You will need to rewrite or cast the expression.
'INSERT INTO pidea_audit (date, signature, action, success, serial, token_type, "user", realm, administrator, action_detail, info, privacyidea_server, client, loglevel, clearance_level) VALUES (%(date)s, %(signature)s, %(action)s, %(success)s, %(serial)s, %(token_type)s, %(user)s, %(realm)s, %(administrator)s, %(action_detail)s, %(info)s, %(privacyidea_server)s, %(client)s, %(loglevel)s, %(clearance_level)s) RETURNING pidea_audit.id' {'info': 'Wrong credentials', 'administrator': None, 'realm': None, 'success': False, 'privacyidea_server': 'otp2.hpc.nrel.gov', 'loglevel': None, 'action_detail': '', 'token_type': None, 'action': 'POST /auth', 'client': '10.40.104.142', 'user': None, 'clearance_level': None, 'signature': '', 'date': datetime.datetime(2015, 6, 10, 8, 41, 10, 274448), 'serial': None}
```
Kurt Bendl
Jun 10, 2015, 11:57:16 AM6/10/15
to priva...@googlegroups.com
fyi: if I create a passwdresolver, that test user can successfully authenticate, but when the user hits the "Enroll token", it is kicked out.
Upon login for that local passwdresolver user, the following error is generated:
```
[2015-06-10 09:54:56,335][30715][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:239] exception ProgrammingError('(ProgrammingError) column "success" is of type integer but expression is of type boolean\nLINE 1: ...0T09:54:56.329968\'::timestamp, \'\', \'GET /token/\', true, \'**\'...\n ^\nHINT: You will need to rewrite or cast the expression.\n',)
[2015-06-10 09:54:56,335][30715][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:240] DATA: {'info': "realm: ['*']", 'realm': u'nreltestrealm', 'success': True, 'privacyidea_server': 'otp2.hpc.nrel.gov', 'client_user_agent': 'safari', 'client': '10.40.104.142', 'user': u'kurt', 'action_detail': '', 'action': 'GET /token/', 'serial': u'**'}
[2015-06-10 09:54:56,336][30715][139984253683648][ERROR][privacyidea.lib.auditmodules.sqlaudit:241] Traceback (most recent call last):
LINE 1: ...0T09:54:56.329968'::timestamp, '', 'GET /token/', true, '**'...
^
HINT: You will need to rewrite or cast the expression.
'INSERT INTO pidea_audit (date, signature, action, success, serial, token_type, "user", realm, administrator, action_detail, info, privacyidea_server, client, loglevel, clearance_level) VALUES (%(date)s, %(signature)s, %(action)s, %(success)s, %(serial)s, %(token_type)s, %(user)s, %(realm)s, %(administrator)s, %(action_detail)s, %(info)s, %(privacyidea_server)s, %(client)s, %(loglevel)s, %(clearance_level)s) RETURNING pidea_audit.id' {'info': "realm: ['*']", 'administrator': None, 'realm': u'nreltestrealm', 'success': True, 'privacyidea_server': 'otp2.hpc.nrel.gov', 'loglevel': None, 'action_detail': '', 'token_type': None, 'date': datetime.datetime(2015, 6, 10, 9, 54, 56, 329968), 'client': '10.40.104.142', 'user': u'kurt', 'clearance_level': None, 'signature': '', 'action': 'GET /token/', 'serial': u'**'}
```
Cornelius Kölbel
Jun 10, 2015, 11:58:32 AM6/10/15
to priva...@googlegroups.com
Hi Kurt,
just to give you an idea of the problem:
The audit writes logs to the audit log.
For some reason in your case the program tries to write an audit entry which says success=true.
But the database expects the success to be an integer value, not a boolean value.
Strange thing, I have not seen this in 2.3.1, yet. An it is quite a normal action you are performing.
So we need to find out, what your side effects are.
Just wanted to let you know, immediately.
Kind regards
Cornelius
just to give you an idea of the problem:
The audit writes logs to the audit log.
For some reason in your case the program tries to write an audit entry which says success=true.
But the database expects the success to be an integer value, not a boolean value.
Strange thing, I have not seen this in 2.3.1, yet. An it is quite a normal action you are performing.
So we need to find out, what your side effects are.
Just wanted to let you know, immediately.
Kind regards
Cornelius
--
You received this message because you are subscribed to the Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/4c2230ea-4629-4c33-942a-db250afb73d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
|
-- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel |
Cornelius Kölbel
Jun 10, 2015, 12:06:59 PM6/10/15
to priva...@googlegroups.com
Hi Kurt,
ok, the code always filled the audit database row with a bool value.
Can you tell me, which version of sqlalchemy you are running?
Please send the output of
dpkg -l | grep sqlalchemy
Kind regards
Cornelius
ok, the code always filled the audit database row with a bool value.
Can you tell me, which version of sqlalchemy you are running?
Please send the output of
dpkg -l | grep sqlalchemy
Kind regards
Cornelius
Kurt Bendl
Jun 10, 2015, 7:24:44 PM6/10/15
to priva...@googlegroups.com
Sorry about the delay:
# dpkg -l | grep sqlalchemy
ii python-flask-sqlalchemy 2.0-1trusty1 all Adds SQLAlchemy support to your Flask application
ii python-sqlalchemy 0.8.4-1build1 all SQL toolkit and Object Relational Mapper for Python
ii python-sqlalchemy-ext 0.8.4-1build1 amd64 SQL toolkit and Object Relational Mapper for Python - C extension
Cornelius Kölbel
Jun 11, 2015, 2:55:48 AM6/11/15
to priva...@googlegroups.com
Hello Kurt,
I guess you installed privacyidea-apache2?
So you are running with apache and mysql?
Was this a fresh install or an upgrade?
If it was an upgrade - from which version did you upgrade?
What is your output of
pip freeze
I'd really like to understand the problem.
Anyway, I attached a fix, that should fix your problem, although I do
not understand why it occurs.
Install
dpkg -i python-privacyidea_2.3.2-1trusty...
and restart apache.
Kind regards
Cornelius
I guess you installed privacyidea-apache2?
So you are running with apache and mysql?
Was this a fresh install or an upgrade?
If it was an upgrade - from which version did you upgrade?
What is your output of
pip freeze
I'd really like to understand the problem.
Anyway, I attached a fix, that should fix your problem, although I do
not understand why it occurs.
Install
dpkg -i python-privacyidea_2.3.2-1trusty...
and restart apache.
Kind regards
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/48bc66b6-f7fb-4d11-a72a-20aa76a90ae6%40googlegroups.com.
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
Reply all
Reply to author
Forward
0 new messages