LDAP Error for Authentication
267 views
Skip to first unread message
robert.h
Nov 2, 2011, 4:08:09 PM11/2/11
to rhodecode
I continue to get this error when trying to utilize LDAP. I have used
a similar LDAP setup in Drupal it works great there but I cannot get
it to work on RhodeCode and would really like to use LDAP for username
and password.
Thank you
2011-11-02 15:04:18.264 ERROR [rhodecode.lib.auth] Traceback (most
recent call last):
File "/usr/local/lib/python2.6/dist-packages/RhodeCode-1.2.2-
py2.6.egg/rhodecode/lib/auth.py", line 202, in authenticate
password)
File "/usr/local/lib/python2.6/dist-packages/RhodeCode-1.2.2-
py2.6.egg/rhodecode/lib/auth_ldap.py", line 144, in authenticate_ldap
raise LdapConnectionError("LDAP can't access "
LdapConnectionError: LDAP can't access authentication server
a similar LDAP setup in Drupal it works great there but I cannot get
it to work on RhodeCode and would really like to use LDAP for username
and password.
Thank you
2011-11-02 15:04:18.264 ERROR [rhodecode.lib.auth] Traceback (most
recent call last):
File "/usr/local/lib/python2.6/dist-packages/RhodeCode-1.2.2-
py2.6.egg/rhodecode/lib/auth.py", line 202, in authenticate
password)
File "/usr/local/lib/python2.6/dist-packages/RhodeCode-1.2.2-
py2.6.egg/rhodecode/lib/auth_ldap.py", line 144, in authenticate_ldap
raise LdapConnectionError("LDAP can't access "
LdapConnectionError: LDAP can't access authentication server
Chris Sutton
Nov 3, 2011, 2:54:53 PM11/3/11
to rhod...@googlegroups.com
After upgrading to 1.2.3 we are still seeing the same LDAP issue. Do you have any suggestions as to what we could do to narrow down the issue.
Chris
mbrownnyc
Nov 9, 2011, 5:03:04 PM11/9/11
to rhodecode
If you review the source of that file, it's pretty clear that this
error is related to:
lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,filt)
server = ldap.initialize(self.LDAP_SERVER)
self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
self.LDAP_SERVER_ADDRESS, self.LDAP_SERVER_PORT)
Anyway, dropping all the code... Confirm your settings are correct.
What happens when you perform a lower level analysis? For instance,
sniff network traffic going out of your rhodecode host? Coming in to
your LDAP server?
error is related to:
lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,filt)
server = ldap.initialize(self.LDAP_SERVER)
self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
self.LDAP_SERVER_ADDRESS, self.LDAP_SERVER_PORT)
Anyway, dropping all the code... Confirm your settings are correct.
What happens when you perform a lower level analysis? For instance,
sniff network traffic going out of your rhodecode host? Coming in to
your LDAP server?
mbrownnyc
Nov 10, 2011, 2:19:49 PM11/10/11
to rhodecode
sure enough, same error is logged.
On 1.2.2 My LDAP auth worked, then stopped... then I upgraded to the
latest release 1.2.3 (easy_install -U rhodecode)...
2011-11-10 14:01:51.055 ERROR [rhodecode.lib.auth] Traceback (most
recent call last):
File "/var/www/rhodecode-venv/lib/python2.6/site-packages/
RhodeCode-1.2.3-py2.6.egg/rhodecode/lib/auth.py", line 202, in
authenticate
password)
File "/var/www/rhodecode-venv/lib/python2.6/site-packages/
RhodeCode-1.2.3-py2.6.egg/rhodecode/lib/auth_ldap.py", line 148, in
with:
tcpdump -c 100 -w ~/ldapquery.pcap port 636
I see traffic both ways, and see the certificate request and delivery
(you can look at the packets' payloads and see plain text contents of
the certificate).
This error must be related to the handling of certificate validation
("certificate checks" on http://packages.python.org/RhodeCode/setup.html#setting-up-ldap-support).
I was set to TRY, but then I changed the setting to ALLOW. The same
error occurs.
Marcin: can you offer any advice?
Thanks!
Matt
On 1.2.2 My LDAP auth worked, then stopped... then I upgraded to the
latest release 1.2.3 (easy_install -U rhodecode)...
2011-11-10 14:01:51.055 ERROR [rhodecode.lib.auth] Traceback (most
recent call last):
File "/var/www/rhodecode-venv/lib/python2.6/site-packages/
RhodeCode-1.2.3-py2.6.egg/rhodecode/lib/auth.py", line 202, in
authenticate
password)
File "/var/www/rhodecode-venv/lib/python2.6/site-packages/
RhodeCode-1.2.3-py2.6.egg/rhodecode/lib/auth_ldap.py", line 148, in
authenticate_ldap
raise LdapConnectionError("LDAP can't access "
LdapConnectionError: LDAP can't access authentication server
I produced a packet capture at the interface of the "rhodecode" box
raise LdapConnectionError("LDAP can't access "
LdapConnectionError: LDAP can't access authentication server
with:
tcpdump -c 100 -w ~/ldapquery.pcap port 636
I see traffic both ways, and see the certificate request and delivery
(you can look at the packets' payloads and see plain text contents of
the certificate).
This error must be related to the handling of certificate validation
("certificate checks" on http://packages.python.org/RhodeCode/setup.html#setting-up-ldap-support).
I was set to TRY, but then I changed the setting to ALLOW. The same
error occurs.
Marcin: can you offer any advice?
Thanks!
Matt
mbrownnyc
Nov 10, 2011, 3:45:43 PM11/10/11
to rhodecode
I troubleshot this with Marcin.
It appears that the Certificate Check setting does not apply until the
paste instance is restarted.
I set my Certificate Check to "TRY." Restart the paste instance.
Attempted auth over LDAPS. Creds fail. Error is logged.
I then set my Certificate Check to "ALLOW." Attempted auth over
LDAPS. Creds fail. Error is logged.
I then restart the paste instance. Attempted auth over LDAPS. Creds
succeed.
Try the above. Post response.
On Nov 10, 2:19 pm, mbrownnyc <matthewbr...@gmail.com> wrote:
> sure enough, same error is logged.
>
> On 1.2.2 My LDAP auth worked, then stopped... then I upgraded to the
> latest release 1.2.3 (easy_install -U rhodecode)...
>
> 2011-11-10 14:01:51.055 ERROR [rhodecode.lib.auth] Traceback (most
> recent call last):
> File "/var/www/rhodecode-venv/lib/python2.6/site-packages/
> RhodeCode-1.2.3-py2.6.egg/rhodecode/lib/auth.py", line 202, in
> authenticate
> password)
> File "/var/www/rhodecode-venv/lib/python2.6/site-packages/
> RhodeCode-1.2.3-py2.6.egg/rhodecode/lib/auth_ldap.py", line 148, in
> authenticate_ldap
> raise LdapConnectionError("LDAP can't access "
> LdapConnectionError: LDAP can't access authentication server
>
> I produced a packet capture at the interface of the "rhodecode" box
> with:
>
> tcpdump -c 100 -w ~/ldapquery.pcap port 636
>
> I see traffic both ways, and see the certificate request and delivery
> (you can look at the packets' payloads and see plain text contents of
> the certificate).
>
> This error must be related to the handling of certificate validation
> ("certificate checks" onhttp://packages.python.org/RhodeCode/setup.html#setting-up-ldap-support).
It appears that the Certificate Check setting does not apply until the
paste instance is restarted.
I set my Certificate Check to "TRY." Restart the paste instance.
Attempted auth over LDAPS. Creds fail. Error is logged.
I then set my Certificate Check to "ALLOW." Attempted auth over
LDAPS. Creds fail. Error is logged.
I then restart the paste instance. Attempted auth over LDAPS. Creds
succeed.
Try the above. Post response.
On Nov 10, 2:19 pm, mbrownnyc <matthewbr...@gmail.com> wrote:
> sure enough, same error is logged.
>
> On 1.2.2 My LDAP auth worked, then stopped... then I upgraded to the
> latest release 1.2.3 (easy_install -U rhodecode)...
>
> 2011-11-10 14:01:51.055 ERROR [rhodecode.lib.auth] Traceback (most
> recent call last):
> File "/var/www/rhodecode-venv/lib/python2.6/site-packages/
> RhodeCode-1.2.3-py2.6.egg/rhodecode/lib/auth.py", line 202, in
> authenticate
> password)
> File "/var/www/rhodecode-venv/lib/python2.6/site-packages/
> RhodeCode-1.2.3-py2.6.egg/rhodecode/lib/auth_ldap.py", line 148, in
> authenticate_ldap
> raise LdapConnectionError("LDAP can't access "
> LdapConnectionError: LDAP can't access authentication server
>
> I produced a packet capture at the interface of the "rhodecode" box
> with:
>
> tcpdump -c 100 -w ~/ldapquery.pcap port 636
>
> I see traffic both ways, and see the certificate request and delivery
> (you can look at the packets' payloads and see plain text contents of
> the certificate).
>
> This error must be related to the handling of certificate validation
Reply all
Reply to author
Forward
0 new messages