[Moin-user] Is LDAP auth in desktop mode possible?

jlist9 jlist9 at gmail.com
Wed Mar 2 22:26:37 EST 2011


Hi Reimar,

Thanks for the reply! I was away from the computer where I first tried it.
So I redownloaded the moinmoin package and started from scratch,
and captured what I did. I identified the place that's failing but not sure
why it fails.

I'll describe what I find first, followed by what I did make the error happen.

The error has something to do with this line in ldap_login.py:

if hasattr(ldap, 'TLS_AVAIL') and ldap.TLS_AVAIL:

This condition is true in my environment. So it continues on to set
the option values. There are the values of the options:

option: 24579 value: None
option: 24578 value: None
option: 24580 value: None
option: 24581 value: None
option: 24582 value: 0
option: 24576 value: 0

The code skips the None values. When it tries to set the 0 value,
the code throws an exception. (Maybe it should skip 0s as well?)
Anyway, the exception is caught here:

        except ldap.SERVER_DOWN, err:
            # looks like this LDAP server isn't working, so we just try the next
            # authenticator object in cfg.auth list (there could be some second
            # ldap authenticator that queries a backup server or any other auth
            # method).
            logging.error("LDAP server %s failed (%s). "
                          "Trying to authenticate with next auth list
entry." % (server, str(err)))
            return ContinueLogin(user_obj, _("LDAP server %(server)s
failed.") % {'server': server})

This is a bug. The exception handling code assumes that the server
variable exists when the exception happens. In my case the error happens
before the "server = self.server_uri" line the the server variable
doesn't exist.

But the bug is not the root cause of the problem. The root cause is setting
option 24582 value 0 causing an exception. I have no idea what this option
is or why it fails. My hack to make LDAP login work is to comment out
the whole if section to bypass setting options that seem to be related to TLS:

#if hasattr(ldap, 'TLS_AVAIL') and ldap.TLS_AVAIL:
#    ...
#    ...


These are the steps I did to produce the problem:

a. extract moinmoin 1.9.3 package to C:\Dev\moin-1.9.3 (I'm on Windows.).
Install python ldap module.

b. copy the complete content in ldap_wikiconfig_snippet file into this file
C:\Dev\moin-1.9.3\wikiconfig.py, towards the end of the LocalConfig class
definition. I'm aware of indentation because I also code in Python. Basically
when I copy, I didn't change indentation.

c. change the base_dn in the copied snippet to "dc=example,dc=com".
This is how my test LDAP is set up on localhost. (I have verified that LDAP
query works with a separate LDAP client.)

4. start moinmoin server by running C:\Dev\moin-1.9.3\wikiserver.py.
moinmoin starts fine and I see homepage in browser OK.

5. Go to login page by clicking the Login link, then login with my LDAP
user's uid and password.

At this point, I see "Internal Server Error" in browser, and see this error
log in the command line console that's running wikiserver.py:

2011-03-02 18:31:39,963 ERROR MoinMoin.wsgiapp:293 An exception has
occurred [http://localhost:8080/LanguageSetup].
Traceback (most recent call last):
  File "C:\Dev\moin-1.9.3\MoinMoin\wsgiapp.py", line 281, in __call__
    context = init(request)
  File "C:\Dev\moin-1.9.3\MoinMoin\wsgiapp.py", line 55, in init
    context.user = setup_user(context, context.session)
  File "C:\Dev\moin-1.9.3\MoinMoin\wsgiapp.py", line 218, in setup_user
    userobj = auth.handle_login(context, userobj, **params)
  File "C:\Dev\moin-1.9.3\MoinMoin\auth\__init__.py", line 396, in handle_login
    ret = authmethod.login(request, userobj, **params)
  File "C:\Dev\moin-1.9.3\MoinMoin\auth\ldap_login.py", line 258, in login
    logging.error("LDAP server %s failed (%s). "
UnboundLocalError: local variable 'server' referenced before assignment
2011-03-02 18:31:39,994 INFO MoinMoin.web.serving:41 127.0.0.1 "POST
/LanguageSetup HTTP/1.1" 500 -
2011-03-02 18:31:40,010 ERROR werkzeug:106 Error on request:
Traceback (most recent call last):
  File "C:\Dev\moin-1.9.3\MoinMoin\support\werkzeug\serving.py", line
151, in run_wsgi
    execute(app)
  File "C:\Dev\moin-1.9.3\MoinMoin\support\werkzeug\serving.py", line
138, in execute
    application_iter = app(environ, start_response)
  File "C:\Dev\moin-1.9.3\MoinMoin\support\werkzeug\utils.py", line
248, in __call__
    return self.app(environ, start_response)
  File "C:\Dev\moin-1.9.3\MoinMoin\wsgiapp.py", line 281, in __call__
    context = init(request)
  File "C:\Dev\moin-1.9.3\MoinMoin\wsgiapp.py", line 55, in init
    context.user = setup_user(context, context.session)
  File "C:\Dev\moin-1.9.3\MoinMoin\wsgiapp.py", line 218, in setup_user
    userobj = auth.handle_login(context, userobj, **params)
  File "C:\Dev\moin-1.9.3\MoinMoin\auth\__init__.py", line 396, in handle_login
    ret = authmethod.login(request, userobj, **params)
  File "C:\Dev\moin-1.9.3\MoinMoin\auth\ldap_login.py", line 258, in login
    logging.error("LDAP server %s failed (%s). "
UnboundLocalError: local variable 'server' referenced before assignment

At this point, there's no new entries in the access log of the LDAP server.
(I see access log entries when I query it with my test LDAP client.) So
the error happens before a call is made to the LDAP server.

Thanks,
Jack



On Tue, Mar 1, 2011 at 12:43 AM, R.Bauer <rb.proj at gmail.com> wrote:
> Am 27.02.2011 09:26, schrieb jlist9:
>> Hi all,
>>
>> I'm evaluating moinmoin for an internal wiki. It's meant to be a simple set up
>> in company LAN so I'm thinking to run it in the desktop mode. However, I'm
>> having a hard time to make LDAP auth work. I put the code in
>> ldap_wikiconfig_snippet
>> in moinmoin-1.9.3\wiki\config\wikiconfig.py and restarted server by
>> running wikiserver.py,
>> it seems to still authenticate again local users. It's not hitting the LDAP
>> server at all. Then I move the code snippet to moinmoin-1.9.3\wikiconfig.py
>> and restart the server, I get an error in the console (see below for the
>> error message.)
>>
>> So my question is, is it possible to do LDAP auth in desktop mode, and
>> if yes, what am I missing?
>
>
> yes it is.
>
> I would prefer to look at your settings before I guess what is going
> wrong. Do you now still have the Desktop Edition wiki ocnfig? Where do
> you have inserted the snippet? Did you changed the indenting? How did
> you indent?
>
> If you want to get quickly into contact with us, see
> http://moinmo.in/MoinMoinChat
>
> cheers
> Reimar
>
>
>>
>> Thanks,
>> Jack
>>
>> 2011-02-27 00:25:16,671 ERROR werkzeug:106 Error on request:
>> Traceback (most recent call last):
>>   File "D:\Internet\moin-1.9.3\MoinMoin\support\werkzeug\serving.py",
>> line 151, in run_wsgi
>>     execute(app)
>>   File "D:\Internet\moin-1.9.3\MoinMoin\support\werkzeug\serving.py",
>> line 138, in execute
>>     application_iter = app(environ, start_response)
>>   File "D:\Internet\moin-1.9.3\MoinMoin\support\werkzeug\utils.py",
>> line 248, in __call__
>>     return self.app(environ, start_response)
>>   File "D:\Internet\moin-1.9.3\MoinMoin\wsgiapp.py", line 281, in __call__
>>     context = init(request)
>>   File "D:\Internet\moin-1.9.3\MoinMoin\wsgiapp.py", line 55, in init
>>     context.user = setup_user(context, context.session)
>>   File "D:\Internet\moin-1.9.3\MoinMoin\wsgiapp.py", line 218, in setup_user
>>     userobj = auth.handle_login(context, userobj, **params)
>>   File "D:\Internet\moin-1.9.3\MoinMoin\auth\__init__.py", line 396,
>> in handle_login
>>     ret = authmethod.login(request, userobj, **params)
>>   File "D:\Internet\moin-1.9.3\MoinMoin\auth\ldap_login.py", line 260, in login
>>     "Trying to authenticate with next auth list entry." % (server, str(err)))
>> UnboundLocalError: local variable 'server' referenced before assignment
>>
>> ------------------------------------------------------------------------------
>> Free Software Download: Index, Search & Analyze Logs and other IT data in
>> Real-Time with Splunk. Collect, index and harness all the fast moving IT data
>> generated by your applications, servers and devices whether physical, virtual
>> or in the cloud. Deliver compliance at lower cost and gain new business
>> insights. http://p.sf.net/sfu/splunk-dev2dev
>
>
>
> ------------------------------------------------------------------------------
> Free Software Download: Index, Search & Analyze Logs and other IT data in
> Real-Time with Splunk. Collect, index and harness all the fast moving IT data
> generated by your applications, servers and devices whether physical, virtual
> or in the cloud. Deliver compliance at lower cost and gain new business
> insights. http://p.sf.net/sfu/splunk-dev2dev
> _______________________________________________
> Moin-user mailing list
> Moin-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/moin-user
>




More information about the Moin-user mailing list