LDAP login - TypeError: not enough arguments for format string
138 views
Skip to first unread message
Andrew Hunkin
Nov 20, 2018, 4:54:42 PM11/20/18
to NetBox
For one user at our organisation, we're getting an error when he tries to log in using his LDAP credentials.
Using Netbox 2.4.6 on Debian 9
His username doesn't contain any weird characters, neither is it very long. Simple first.last login name.
Works fine for every other user.
He's logged in before, some many months ago before upgrades were done so not sure when it broke exactly.
TypeError: not enough arguments for format stringUsing Netbox 2.4.6 on Debian 9
Running this command for more verbose output:
gunicorn -c /opt/netbox/gunicorn_config.py netbox.wsgiError:
(Before the below, it checks the LDAP groups and prints them into the console, omitted due to sensitive information)
(Before the below, it checks the LDAP groups and prints them into the console, omitted due to sensitive information)
Caught Exception while authenticating joe.bloggs
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/backend.py", line 349, in authenticate
self._check_requirements()
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/backend.py", line 530, in _check_requirements
self._check_required_group()
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/backend.py", line 543, in _check_required_group
result = required_group_dn.resolve(self)
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/config.py", line 697, in resolve
result = self.aggregator(self._resolve_children(ldap_user, groups))
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/config.py", line 725, in _resolve_children
yield groups.is_member_of(child)
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/backend.py", line 941, in is_member_of
is_member = (group_dn in self.get_group_dns())
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/backend.py", line 953, in get_group_dns
group_infos = self._get_group_infos()
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/backend.py", line 965, in _get_group_infos
self._group_search)
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/config.py", line 554, in user_groups
ldap_user.connection)
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/config.py", line 574, in find_groups_with_any_member
return search.execute(connection)
File "/usr/local/lib/python3.5/dist-packages/django_auth_ldap/config.py", line 168, in execute
filterstr = self.filterstr % filterargs
TypeError: not enough arguments for format stringHis username doesn't contain any weird characters, neither is it very long. Simple first.last login name.
Works fine for every other user.
He's logged in before, some many months ago before upgrades were done so not sure when it broke exactly.
He's in the appropriate LDAP group so no issues there, and doesn't appear to be a password issue.
Brian Candler
Nov 20, 2018, 5:18:59 PM11/20/18
to NetBox
Why not just insert these before line 168 of django_auth_ldap/config.py:
print("self.filterstr = %s" % repr(self.filterstr))
print("filterargs = %s" % repr(filterargs))
It may become clear what's going on.
Andrew Hunkin
Nov 20, 2018, 5:35:06 PM11/20/18
to NetBox
Have added that in:
User that fails:
self.filterstr = '(sAMAccountName=%(user)s)'
filterargs = {'user': 'joe.bloggs'}My successful login:
self.filterstr = '(sAMAccountName=%(user)s)'
filterargs = {'user': 'andrew.hunkin'}
Brian Candler
Nov 21, 2018, 5:07:44 PM11/21/18
to NetBox
>>> filterstr = '(sAMAccountName=%(user)s)'
>>> filterargs = {'user': 'joe.bloggs'}
>>> filterstr % filterargs
'(sAMAccountName=joe.bloggs)'
>>>
The error you got doesn't make any sense. Is it exactly the same error, even with these print statements in place?
Andrew Hunkin
Feb 20, 2019, 10:00:33 PM2/20/19
to NetBox
Hi Brian,
Yes, same error with the print statements in place.
We're having it start for one of our other team as well.
So this is affecting 2 users now at our organisation.
What would be the next best step for troubleshooting this? I'm not at all a python guru so wouldn't have a clue where to start.
Any help would be greatly appreciated.
Thanks,
Andrew
Andrew
Brian Candler
Feb 21, 2019, 3:49:29 AM2/21/19
to NetBox
What version of django-auth-ldap is installed?
I suggest you first update to Netbox 2.5.6. This involves migrating to python3 if you haven't already, but you really want to do this; a number of problems on this mailing list have been due to python2/python3 mismatch. It's very easy to end up with gunicorn for python2 but packages installed using pip3, or vice versa.
Then check that django-auth-ldap is most recent version, since it won't be automatically updated when you update netbox.
Then get rid of supervisord, because that's a python2 dependency. Once done, you can strip python2 out of your system, and be 100% sure you don't have any python version mismatches.
Then if the problem remains, it should be easier to replicate/debug.
Andrew Hunkin
Feb 25, 2019, 3:07:00 PM2/25/19
to NetBox
I found the issue!
I was testing auth with nested LDAP groups and had AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType() set in ldap_config.py
I was testing auth with nested LDAP groups and had AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType() set in ldap_config.py
(I did change the import line to reflect the changes as per documentation)
Interesting that this broke logins for only 2 people (well, ones who reported the issue).
#AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()Interesting that this broke logins for only 2 people (well, ones who reported the issue).
I have since changed it back to AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()and problem solved.
I did take your suggestions on-board, I migrated to python3 awhile ago, removed supervisord recently and have upgraded to v2.5.6.
Thanks for your help with this Brian, very much appreciated.
Reply all
Reply to author
Forward
0 new messages