Closed ju55i closed 12 years ago
Authentication happens here. https://github.com/bluedynamics/node.ext.ldap/blob/master/src/node/ext/ldap/session.py#L91. You can step in with pdb.
Strange... The debugger doesn't start when put in before that line (or after). I'm also getting {'info': 'NDS error: no such entry (-601)', 'desc': 'No such object'} error when accessing any page. It would be great if the product would log all the queries in debug log level.
You can have the SQL statements be written to stdout
. I think it's debug="True"
in the ZCML statements that configure the engine.
SQL ... well, dont we talk about LDAP? Anyway strange. You may want to try this: http://lpetr.org/blog/archives/how-to-enable-logging-in-python-ldap by editing the node.ext.ldap egg temporary.
Oh, sorry. I saw LDAP as SQL.
Jensens has the right advice here then :-)
The problem seems to be cn=subschema query that is being made. Here's the dump from the debuging session: https://gist.github.com/0c698e78a118ffd43a68. If I understood correctly the correct way to access the schema is to query subschemaSubentry attribute from the object and that should tell the location of the schema object (cn=schema). Is this a concern of python-ldap?
this is an issue of node.ext.ldap. -> https://github.com/bluedynamics/node.ext.ldap/blob/c2e1bb73d2c84f560d41021b0dbfa3d649ee21d8/src/node/ext/ldap/schema.py#L18.
can you try with the latest node.ext.ldap changes again please?
That resolved the schema issue. Now I'm getting an error: https://gist.github.com/7f9ebdda384d557bf62a.
what version of python-ldap are you using?
What version of python-ldap do you use?
We're running python_ldap-2.3.12 with our own UTF-8 default encoding patch. System is RHEL5 which has OpenLDAP 2.3.
As far as i know we need at least a python-ldap 2.4 release. correct me if i'am wrong. i think openldap 2.3 should be fine, even if our tests are running against 2.4.26
You can integrate a python-ldap build into buildout.
to be sure I would clone node.ext.ldap, edit its ldap.cfg to use the openldap version you use and let all tests run.
Python-ldap 2.4 versions require OpenLDAP 2.4. That's the main reason we're still using 2.3.12. I guess we need to install a separate OpenLDAP 2.4 and build the newer python-ldap against it.
ok i was not aware of this. so we need to document this in the installation/requirements section of both, node.ext.ldap and pas.plugins.ldap!
how to integrate you own openldap built via buildout can be found here -> https://github.com/collective/pas.plugins.ldap/blob/master/ldap.cfg
I got this working now. I configured OpenLDAP with --disable-slapd because RHEL5 has too old BerkeleyDB and I don't really need the server part. Thanks everybody for the help!
After saving the LDAP Manager User and Passowrd in control panel I get an error: ERROR: LDAP users; {'info': 'NDS error: failed authentication (-669)', 'desc': 'Invalid credentials'}
Manager DN and password are correct and they work from the ldapsearch command.
Is there any way to debug what LDAP queries pas.plugins.ldap is actually making?