[RFE] Better doc on ldap config

tjyang commented 6 years ago

ISSUE TYPE

Documentation

COMPONENT NAME

UI

SUMMARY

To verify AWX LDAP config code via public ldap test server connection.

ENVIRONMENT

AWX version: 1.0.5.23
- AWX version 1.0.6.1 can't save the ldap setting either.
AWX install method: docker on linux
Ansible version: 2.5.0
Operating System: CentOS 7.4
Web Browser: Chrome

STEPS TO REPRODUCE

make sure centos 7 can do a ldap query on ldap server hosted in R2.
Make sure all AWX containers are running like following

-bash-4.2# docker ps -a
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                                                 NAMES
ee8a11116705        ansible/awx_task:latest      "/tini -- /bin/sh ..."   17 hours ago        Up 11 hours         8052/tcp                                              awx_task
9983de56953f        ansible/awx_web:latest       "/tini -- /bin/sh ..."   17 hours ago        Up 17 hours         0.0.0.0:80->8052/tcp                                  awx_web
777c40f8a906        memcached:alpine             "docker-entrypoint..."   17 hours ago        Up 17 hours         11211/tcp                                             memcached
120793589bdd        ansible/awx_rabbitmq:3.7.4   "docker-entrypoint..."   17 hours ago        Up 17 hours         4369/tcp, 5671-5672/tcp, 15671-15672/tcp, 25672/tcp   rabbitmq
18566213529e        postgres:9.6                 "docker-entrypoint..."   17 hours ago        Up 17 hours         5432/tcp                                              postgres
-bash-4.2#

enter following setting in LDAP default


ldap server uri:
ldap://ldap.forumsys.com:389

ldap bind dn: cn=read-only-admin,dc=example,dc=com

ldap bind password: password

ldap user dn template: blank

ldap group type: GroupOfNamesType

ldap require group: blank

ldap deny group: blank

ldap start tls: off

ldap user search:

[ "DC=example,DC=com", "SCOPE_SUBTREE", "(uid=%(user)s)" ]

ldap group search:

[ "DC=example,DC=com", "SCOPE_SUBTREE", "(objectClass=group)" ]

ldap user attribute map: { "first_name": "givenName", "last_name": "sn", "email": "mail" }

ldap user flags by group: { "is_superuser": "CN=read-only-admin,DC=example,DC=com" }

ldap organization map: for Dev box, organization is "Default" by default.

{ "Default": { "admins": "CN= Admins,ou=admins,dc=example,dc=com", "remove_admins": false, "remove_users": false, "users": [ "CN= Scientists,ou=scientists,dc=example,dc=com” ] } }

ldap team map: blank


* Saved the ldap config to default ldap profile and logout admin account.

##### EXPECTED RESULTS

* ldap setting saved  if there is missed configured via.
* able to login  as any user in R2.  
* If will be great to have "validate" button(to validate ldap setting live) in ldap config tab.

##### ACTUAL RESULTS

* after re-login  as admin the original ldap login config is gone.

##### ADDITIONAL INFORMATION
* Please make sure existing code base can use ldap server in R2 
* And document the ldap settings. 
* References:
  * R1: https://github.com/ansible/awx/issues/956
  * R2: http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
  * R3: https://github.com/ansible/awx/issues/1040
  * R4: https://github.com/ansible/awx/issues/537
  * R5: https://github.com/ansible/awx/issues/1704

* ScreenShots:
  * Organization name
![image](https://user-images.githubusercontent.com/378638/39269858-a8f63cf8-4899-11e8-84fb-0d6568110e55.png)

tjyang commented 6 years ago

ldap config has to be 100% CORRECT like following two screenshots !!

correct ldap.forum.com config 01

correct ldap.forum.com config 02
1. save ldap config(looks like it save it but it didn't).
2. logout admin
3. log in admin again and go to setting->ldap, when asked if you want to have changes, say yes. now I am able to see ldap config with ldap.forumsys.com.

mneumarkidg commented 6 years ago

I'm able to reproduce this issue too, when trying to click "save" in UI. AWX_WEB produces the following error and does not save settings!

return super(AWXWSGIHandler, self)._legacy_get_response(request) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 249, in _legacy_get_response response = self._get_response(request) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in _get_response response = self.process_exception_by_middleware(e, request) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 185, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/utils/decorators.py", line 185, in inner return func(*args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view return view_func(*args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/views/generic/base.py", line 68, in view return self.dispatch(request, *args, **kwargs) File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 284, in dispatch return super(APIView, self).dispatch(request, *args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 494, in dispatch response = self.handle_exception(exc) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 454, in handle_exception self.raise_uncaught_exception(exc) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 491, in dispatch response = handler(request, *args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/generics.py", line 260, in patch return self.partial_update(request, *args, **kwargs) File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 745, in partial_update return super(RetrieveUpdateAPIView, self).partial_update(request, *args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/mixins.py", line 84, in partial_update return self.update(request, *args, **kwargs) File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 741, in update return super(RetrieveUpdateAPIView, self).update(request, *args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/mixins.py", line 69, in update serializer.is_valid(raise_exception=True) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 236, in is_valid self._validated_data = self.run_validation(self.initial_data) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 435, in run_validation value = self.to_internal_value(data) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 465, in to_internal_value validated_value = field.run_validation(primitive_value) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/fields.py", line 523, in run_validation value = self.to_internal_value(data) File "/usr/lib/python2.7/site-packages/awx/conf/serializers.py", line 57, in to_internal_value obj = super(SettingFieldMixin, self).to_internal_value(value) File "/usr/lib/python2.7/site-packages/awx/sso/fields.py", line 401, in to_internal_value return cls(**params_sanitized) TypeError: __init__() takes at least 2 arguments (2 given) [pid: 32|app: 0|req: 12/119] 10.2.97.64 () {48 vars in 2485 bytes} [Wed Apr 25 18:34:14 2018] PATCH /api/v2/settings/all/ => generated 41 bytes in 455 msecs (HTTP/1.1 500) 5 headers in 177 bytes (1 switches on core 0)

alexmela78 commented 6 years ago

same error of mneumarkidg. our versions: versione AWX 1.0.5.24 versione Ansible 2.5.0

If I try to save LDAP Auth Configuration, AWX_WEB produce error: 2018-04-26 13:37:47,762 ERROR django.request Internal Server Error: /api/v2/settings/all/ Traceback (most recent call last): File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/exception.py", line 41, in inner response = get_response(request) File "/usr/lib/python2.7/site-packages/awx/wsgi.py", line 65, in _legacy_get_response return super(AWXWSGIHandler, self)._legacy_get_response(request) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 249, in _legacy_get_response response = self._get_response(request) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in _get_response response = self.process_exception_by_middleware(e, request) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 185, in _get_response response = wrapped_callback(request, *callback_args, callback_kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/utils/decorators.py", line 185, in inner return func(*args, *kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view return view_func(args, kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/views/generic/base.py", line 68, in view return self.dispatch(request, *args, kwargs) File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 284, in dispatch return super(APIView, self).dispatch(request, *args, *kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 494, in dispatch response = self.handle_exception(exc) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 454, in handle_exception self.raise_uncaught_exception(exc) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 491, in dispatch response = handler(request, args, kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/generics.py", line 260, in patch return self.partial_update(request, *args, kwargs) File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 745, in partial_update return super(RetrieveUpdateAPIView, self).partial_update(request, *args, *kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/mixins.py", line 84, in partial_update return self.update(request, args, kwargs) File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 741, in update return super(RetrieveUpdateAPIView, self).update(request, *args, kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/mixins.py", line 69, in update serializer.is_valid(raise_exception=True) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 236, in is_valid self._validated_data = self.run_validation(self.initial_data) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 435, in run_validation value = self.to_internal_value(data) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 465, in to_internal_value validated_value = field.run_validation(primitive_value) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/fields.py", line 523, in run_validation value = self.to_internal_value(data) File "/usr/lib/python2.7/site-packages/awx/conf/serializers.py", line 57, in to_internal_value obj = super(SettingFieldMixin, self).to_internal_value(value) File "/usr/lib/python2.7/site-packages/awx/sso/fields.py", line 401, in to_internal_value return cls(params_sanitized) TypeError: init() takes at least 2 arguments (2 given) [pid: 136|app: 0|req: 224/4553] 192.168.244.68 () {46 vars in 2372 bytes} [Thu Apr 26 13:37:47 2018] PATCH /api/v2/settings/all/ => generated 41 bytes in 409 msecs (HTTP/1.1 500) 5 headers in 177 bytes (1 switches on core 0)

tjyang commented 6 years ago

Hi @cailen

connect to awx db in postgresdb using psql or pgadmin4 GUI client. 1.1. Run this command -> select key,value from conf_setting table where key like 'AUTH%';
Input ldap config from GUI and click on SAVE button.
run 1.1 to see if your input is saved from output of select statement, if not it means you are not entering connection ldap config or json format was not correct.
Please use wiki notes ldap example from ldap.forumsys.com get a feel of successful input that ldap GUI is demanding.

cailen commented 6 years ago

@tjyang, I actually just was in pgadmin4 and noticed that it did in fact save and was updating when I was adding teams and domains.

tjyang commented 6 years ago

@cailen , hope AWX team can fix the bug by looking at logs you guys submitted.

Ashjoker24 commented 5 years ago

@tjyang hey tj i tried your screenshort in my ansible tower. but it not works for me. AWX version = 2.1.2 Ansible version = 2.8.2 OS = CentOS

tjyang commented 5 years ago

@Ashjoker24 , I am using ansible-awx 6.1.0 , ie awx install by rpm approach.

rushtoajay commented 4 years ago

Need help!

=====

My env.

AWX( Ansible Tower) on Centos 7 with docker. And I'm trying to connect AWX with LDAP. It's finding the user but not alowing it to authenticate.

I was able to run ldapsearch command and it gave to the expected result. But its not accepting the p/w with AWX webgui.

{"log":"2020-09-25 23:15:59,824 DEBUG django_auth_ldap search_s('cn=accounts,dc=XXX,dc=XXX,dc=XXX', 2, '(cn=%(user)s)') returned 1 objects: cn=aprasad,cn=groups,cn=accounts,dc=XXX,dc=XXX,dc=XXX\n","stream":"stderr","time":"2020-09-25T23:15:59.82497491Z"}

{"log":"2020-09-25 23:15:59,828 WARNING django_auth_ldap Caught LDAPError while authenticating aprasad: INAPPROPRIATE_AUTH({'msgtype': 97, 'msgid': 3, 'result': 48, 'desc': 'Inappropriate authentication', 'ctrls': []},)\n","stream":"stderr","time":"2020-09-25T23:15:59.828941005Z"}

ansible / awx