Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems to authenticate using openldap #321

Closed
viniciusrsdutra opened this issue May 9, 2016 · 13 comments
Closed

Problems to authenticate using openldap #321

viniciusrsdutra opened this issue May 9, 2016 · 13 comments
Labels
question

Comments

@viniciusrsdutra
Copy link

Hi everyone!
I'm new to Caravel and made the necessary changes to bind to LDAP. I'm using OpenLDAP.
According to the app log the changes are ok, but users can't login at the front end.
Any help?

Thanks in advance
ldap-problem
ldap-problem
@dpgaspar
Copy link
Owner

dpgaspar commented May 9, 2016

Can you upgrade flask-appbuilder to version 1.6.1 and run the test again, and send me logs once more?

@viniciusrsdutra
Copy link
Author

Hi @dpgaspar!
Thanks for helping!
I did as instructed but I got the same behavior...
Here follows the versions I'm using and the log after updating everything.
image
ldap-problem-3

@dpgaspar
Copy link
Owner

dpgaspar commented May 9, 2016

Ok, no login failed message, i'll run some tests, could you send me your config.py (AUTH_LDAP* settings).

@dpgaspar
Copy link
Owner

dpgaspar commented May 9, 2016

My tests went fine with OpenLDAP::

2016-05-10 00:49:29,456:DEBUG:flask_appbuilder.security.manager:LDAP indirect bind with: CN=admin,dc=puppetlabs,dc=test
2016-05-10 00:49:29,458:DEBUG:flask_appbuilder.security.manager:LDAP BIND indirect OK
2016-05-10 00:49:29,459:DEBUG:flask_appbuilder.security.manager:LDAP got User [('uid=test,ou=people,dc=puppetlabs,dc=test', {'mail': ['test@example.com'], 'sn': ['User']})]
2016-05-10 00:49:29,459:DEBUG:flask_appbuilder.security.manager:LDAP bind with: uid=test,ou=people,dc=puppetlabs,dc=test XXXXXX
2016-05-10 00:49:29,460:DEBUG:flask_appbuilder.security.manager:LDAP bind OK: uid=test,ou=people,dc=puppetlabs,dc=test
2016-05-10 00:49:29,465:INFO:flask_appbuilder.security.sqla.manager:Updated user test test
2016-05-10 00:49:29,467:INFO:werkzeug:127.0.0.1 - - [10/May/2016 00:49:29] "POST /login/ HTTP/1.1" 302 -
2016-05-10 00:49:29,519:INFO:werkzeug:127.0.0.1 - - [10/May/2016 00:49:29] "GET / HTTP/1.1" 200 -
2016-05-10 00:49:32,594:INFO:werkzeug:127.0.0.1 - - [10/May/2016 00:49:32] "GET /users/list/ HTTP/1.1" 200 -

Looks like f.a.b. was able to catch the user vinicius.dutra@XXXX.XXXX, do you have this user registered on the database with the exact same username ?

@viniciusrsdutra
Copy link
Author

viniciusrsdutra commented May 10, 2016
edited
Loading

@dpgaspar, the user is properly registered on LDAP!
On my log everything seems to to be ok, but on UI don't work at all. Were you able to login on UI with this test user?
Here follows my LDAP config parameters for config.py
caravel-ldap-config

@dpgaspar
Copy link
Owner

Yes, i was able to login on the UI, with test user (you saw on the logs) and other test users like 'dpgaspar'.

Can you try creating a test user without the @ just the . Try to reproduce my test case please.

@viniciusrsdutra
Copy link
Author

viniciusrsdutra commented May 10, 2016
edited
Loading

@dpgaspar Did it, but results were the same. Couldn't log in on UI.
ldap-problem-4

@viniciusrsdutra
Copy link
Author

@dpgaspar Does the LDAP have to be configured in a way in particular?
Do you have any clue about it?

@dpgaspar
Copy link
Owner

I just created a vagrant box using https://github.com/cforcey/vagrant_ubuntu_openldap
No extra config on it....

My config for tests:

AUTH_TYPE = AUTH_LDAP
AUTH_LDAP_SEARCH = 'dc=puppetlabs,dc=test'
AUTH_LDAP_BIND_USER = "CN=admin,dc=puppetlabs,dc=test"
AUTH_LDAP_BIND_PASSWORD = "test"

First of course i've added a test user on F.A.B. The only diference i can see is the AUTH_LDAP_BIND_USER, i'm using CN and your using UID. Change this, make some tests, and send me the logs, can you send something more extended? after GET /login/ HTTP ...

You can use this for tests also:

import ldap

con = ldap.initialize("ldap://ldap-somewhere.com")
con.set_option(ldap.OPT_REFERRALS, 0)
con.bind_s('caravel@yourdomain.local', 'password')

user = con.search_s('dc=domain,dc=local',ldap.SCOPE_SUBTREE, "userPrincipalName=test@yourdomain.local",
                    ['givenName','sn','mail'])

print user[0][0]

@dpgaspar
Copy link
Owner

Any luck?

@viniciusrsdutra
Copy link
Author

Hi @dpgaspar,

Unfortunately I had not! Sorry for responding so late!
Tried several configs and packages but no success at all...
I've noticed that I couldn't install the python-ldap package from pip. The only one that works is the one provided by ubuntu. How's the package configuration on your vagrant environment?
Can this be the thing that is making the difference?

@viniciusrsdutra
Copy link
Author

@dpgaspar
Thank you so much for your patience and cooperation on solving this.
Eric Wong gave the tip that made the difference. After enabling AUTH_USER_REGISTRATION property it worked.
Many thanks once again!

@dpgaspar
Copy link
Owner

dpgaspar commented Jun 8, 2016
edited
Loading

Ho! i thought you had registered the user on flask-appbuilder first!

I said that "First of course i've added a test user on F.A.B.".

We were not understanding each other :)

You've got it working, great! I'll close this one.

@dpgaspar dpgaspar closed this as completed Jun 8, 2016
@dpgaspar dpgaspar removed the pending label Jun 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dpgaspar @viniciusrsdutra