Cannot configure ZULIP_SETTINGS_AUTH_LDAP_USER_SEARCH

[eungjun-yi]

When I configure it and try to login, zulip responds 500 Internal Server Error and logs as follows:

2015-11-17 01:28:41,380 ERROR    Internal Server Error: /accounts/login/
Traceback (most recent call last):
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/srv/zulip/zerver/views/__init__.py", line 634, in login_page
    extra_context=extra_context, **kwargs)
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper
    return view(request, *args, **kwargs)
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/utils/decorators.py", line 110, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/views/decorators/cache.py", line 57, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/contrib/auth/views.py", line 44, in login
    if form.is_valid():
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/forms/forms.py", line 184, in is_valid
    return self.is_bound and not self.errors
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/forms/forms.py", line 176, in errors
    self.full_clean()
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/forms/forms.py", line 393, in full_clean
    self._clean_form()
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/forms/forms.py", line 417, in _clean_form
    cleaned_data = self.clean()
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/contrib/auth/forms.py", line 157, in clean
    password=password)
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django/contrib/auth/__init__.py", line 74, in authenticate
    user = backend.authenticate(**credentials)
  File "/srv/zulip/zproject/backends.py", line 162, in authenticate
    return ZulipLDAPAuthBackendBase.authenticate(self, username, password)
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 167, in authenticate
    user = ldap_user.authenticate(password)
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 337, in authenticate
    self._authenticate_user_dn(password)
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 447, in _authenticate_user_dn
    if self.dn is None:
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 411, in _get_user_dn
    self._load_user_dn()
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 474, in _load_user_dn
    self._search_for_user_dn()
  File "/srv/zulip-venv/local/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 494, in _search_for_user_dn
    results = search.execute(self.connection, {'user': self._username})

It works fine when I set AUTH_LDAP_USER_SEARCH with the same value in /etc/zulip/settings.py.

[eungjun-yi]

I guess that docker-compose.yml stores the value as a string, not a python object, and it causes the problem.

[galexrt]

Could you provide an example value for the AUTH_LDAP_USER_SEARCH?
So I can test and fix it properly. Thanks.

[galexrt]

Can you try with the latest v1.3.9 image?

For me I see that the LDAP Settings are now set as they should, as a python object/array, without quotes.

[eungjun-yi]

Thanks. The error does not reproduce anymore at v1.3.9. But now it seems that zulip ignores ZULIP_SETTINGS_AUTH_LDAP_USER_SEARCH in docker-compose.yml and uses AUTH_LDAP_USER_SEARCH in /etc/zulip/settings.py.

I didn't quote the value as follows:

    ZULIP_SETTINGS_AUTH_LDAP_USER_SEARCH: LDAPSearch("ou=mycompany,dc=mycompany,dc=com", ldap.SCOPE_SUBTREE, "(&(mail=%(user)s)(objectClass=user))")

[galexrt]

You have to quote the value in the docker-compose.yml, with single quotes
or double quotes.

Can you do docker cp ZULIP_CONTAINER_NAME:/etc/zulip/settings.py .;cat settings.py and post the output as a gist please?

On Wed, Nov 18, 2015 at 11:29 AM Yi EungJun notifications@github.com
wrote:

Thanks. The error does not reproduce anymore at v1.3.9. But now it seems
that zulip ignores ZULIP_SETTINGS_AUTH_LDAP_USER_SEARCH in
docker-compose.yml and uses AUTH_LDAP_USER_SEARCH in /etc/zulip/settings.py.

I didn't quote the value as follows:

ZULIP_SETTINGS_AUTH_LDAP_USER_SEARCH: LDAPSearch("ou=mycompany,dc=mycompany,dc=com", ldap.SCOPE_SUBTREE, "(&(mail=%(user)s)(objectClass=user))")

—
Reply to this email directly or view it on GitHub
#49 (comment)
.

[eungjun-yi]

I quoted it with single quotes.

ZULIP_SETTINGS_AUTH_LDAP_USER_SEARCH: 'LDAPSearch("ou=mycompany,dc=mycompany,dc=com", ldap.SCOPE_SUBTREE, "(&(mail=%(user)s)(objectClass=user))")'

But it still does not work. Here is the output of docker-compose up zulip:

$ docker-compose up zulip
zulip_redis_1 is up-to-date
zulip_memcached_1 is up-to-date
zulip_rabbitmq_1 is up-to-date
zulip_database_1 is up-to-date
Starting zulip_zulip_1
Attaching to zulip_zulip_1
zulip_1 | === Begin Initial Configuration Phase ===
zulip_1 | Preparing and linking the uploads folder ...
zulip_1 | Prepared and linked the uploads directory.
zulip_1 | Executing nginx configuration ...
zulip_1 | Nginx configuration succeeded.
zulip_1 | Exectuing certificates configuration...
zulip_1 | Certificates configuration succeeded.
zulip_1 | Setting Zulip secrets ...
zulip_1 | Secrets already generated.
zulip_1 | Secret found for "email_password".
zulip_1 | Secret found for "rabbitmq_password".
zulip_1 | Zulip secrets configuration succeeded.
zulip_1 | Setting database configuration ...
zulip_1 | Setting key "DATABASES", type "array".
zulip_1 | Database configuration succeeded.
zulip_1 | Setting caches configuration ...
zulip_1 | Setting key "CACHES", type "array".
zulip_1 | Caches configuration succeeded.
zulip_1 | Activating authentication backends ...
zulip_1 | Setting key "AUTHENTICATION_BACKENDS", type "array".
zulip_1 | Adding authentication backend "ZulipLDAPAuthBackend".
zulip_1 | Authentication backend activation succeeded.
zulip_1 | Setting LDAP settings if set ...
zulip_1 | Setting key "LDAP_APPEND_DOMAIN", type "string".
zulip_1 | LDAP settings set.
zulip_1 | Setting redis configuration ...
zulip_1 | Setting key "RATE_LIMITING", type "bool".
zulip_1 | Setting key "REDIS_HOST", type "string".
zulip_1 | Setting key "REDIS_HOST_PORT", type "int".
zulip_1 | Redis configuration succeeded.
zulip_1 | Setting rabbitmq configuration ...
zulip_1 | Setting key "RABBITMQ_HOST", type "string".
zulip_1 | Setting key "RABBITMQ_USERNAME", type "string".
zulip_1 | Rabbitmq configuration succeeded.
zulip_1 | Executing Zulip configuration ...
zulip_1 | Setting key "EMAIL_HOST_USER", type "string".
zulip_1 | Setting key "AUTH_LDAP_SERVER_URI", type "string".
zulip_1 | Setting key "NOREPLY_EMAIL_ADDRESS", type "string".
zulip_1 | Setting key "EMAIL_HOST", type "string".
zulip_1 | Setting key "EXTERNAL_HOST", type "string".
zulip_1 | Setting key "AUTH_LDAP_BIND_DN", type "string".
zulip_1 | Setting key "ADMIN_DOMAIN", type "string".
zulip_1 | Setting key "DEFAULT_FROM_EMAIL", type "string".
zulip_1 | Setting key "AUTH_LDAP_BIND_PASSWORD", type "string".
zulip_1 | Setting key "ZULIP_ADMINISTRATOR", type "string".
zulip_1 | Zulip configuration succeeded.
zulip_1 | Auto backup enabled.

Here is my /etc/zulip/settings.py: https://gist.github.com/npcode/dcff245588768fa30ac7

[galexrt]

Thanks for the settings.py. I'm looking into it.

[galexrt]

@npcode I fixed the problem now. Please repull the v1.3.9 image and try again.
Please remove the old containers before retrying. Thanks.

[eungjun-yi]

Now it works very well. Thanks a lot!

On Thu, Nov 19, 2015 at 4:28 AM, Alexander Trost notifications@github.com
wrote:

@npcode https://github.com/npcode I fixed the problem now. Please
repull the v1.3.9 image and try again.
Please remove the old containers before retrying. Thanks.

—
Reply to this email directly or view it on GitHub
#49 (comment)
.