plone_ldapinspector broken with UnicodeDecodeError

[pbauer]

When inspecting the data for the following user (that is node.attrs.items()):

[(u'distinguishedName', u'CN=sg-Admin,OU=operun,DC=kbo,DC=ads'),
 (u'sAMAccountType', u'268435456'),
 (u'cn', u'sg-Admin'),
 (u'name', u'sg-Admin'),
 (u'objectCategory', u'CN=Group,CN=Schema,CN=Configuration,DC=kbo,DC=ads'),
 (u'objectClass', [u'top', u'group']),
 (u'objectGUID', 'R<\r\x13\xd7l\x19A\x9a\x0c\xec\x88\xabQ\xc7M'),
 (u'sAMAccountName', u'sg-Admin'),
 (u'whenChanged', u'20171205171658.0Z'),
 (u'member', [u'CN=John Doe,OU=operun,DC=kbo,DC=ads']),
 (u'objectSid', '\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\xd9\xad\xc7\x85S\xc0\xf0$_^\xb0\xeds\x04\x00\x00'),
 (u'whenCreated', u'20171120161642.0Z'),
 (u'uSNCreated', u'37059'),
 (u'mail', u'sg-admin@kbo.ads'),
 (u'groupType', u'-2147483646'),
 (u'uSNChanged', u'86058'),
 (u'instanceType', u'4'),
 (u'dSCorePropagationData', u'16010101000000.0Z'),
 (u'description', u'Description of sg-Admin')]

I get a traceback because of the values in objectGUID and objectSid:

Traceback (innermost last):
  Module ZPublisher.Publish, line 138, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module Products.PDBDebugMode.runcall, line 70, in pdb_runcall
  Module ZPublisher.Publish, line 48, in call_object
  Module pas.plugins.ldap.plonecontrolpanel.inspector, line 63, in node_attributes
  Module json, line 243, in dumps
  Module json.encoder, line 207, in encode
  Module json.encoder, line 270, in iterencode
UnicodeDecodeError: 'utf8' codec can't decode byte 0xd7 in position 4: invalid continuation byte

The method safe_encode seems to need some improving.

[pbauer]

It works when it is like this:

from Products.CMFPlone.utils import safe_unicode

def safe_encode(val):
    return safe_unicode(val).encode('utf-8')

[santonelli]

For reference, here is a screenshot of the corresponding attributes:

[rnixx]

Hi,

the problem is not the safe_encode function, but the binary attribute not listed as such in node.ext.ldap.

Schould be fixed via https://github.com/bluedynamics/node.ext.ldap/commit/15cf2988be07f97a00c37714666739448370e19b

If you encounter similar problems with other attributes/schemas, check whether attributes are declared as binary attributes and define them here https://github.com/bluedynamics/node.ext.ldap/blob/master/src/node/ext/ldap/properties.py#L14

Please let me know if the commit fixes your problem, then I'll drop a release. Thanks.

[pbauer]

Thanks! I had the feeling that is was a issue in node.ext.ldap. I still think that safe_encode should always return jsonable data, otherwise it is not really 'safe' :wink:

Also: objectGUID is also binary and missing in https://github.com/bluedynamics/node.ext.ldap/commit/15cf2988be07f97a00c37714666739448370e19b

[rnixx]

here you go! https://github.com/bluedynamics/node.ext.ldap/commit/d336659bb332a67fc89c1f1fc3adb1afb893f075

[pbauer]

Excellent! We'll try that soon and get back to you.

[dmunicio]

I have tried pas.plugins.ldap 1.5.3 with node.ext.ldap 1.0b7 and it is still broken:

Traceback (innermost last):
  Module ZPublisher.Publish, line 138, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module ZPublisher.Publish, line 48, in call_object
  Module pas.plugins.ldap.plonecontrolpanel.inspector, line 50, in node_attributes
  Module node.ext.ldap._node, line 457, in node_by_dn
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 10: ordinal not in range(128)

It happens when the dn contains special characters (á, ñ, etc.)

[rnixx]

@dmunicio thanks, this bug belongs to node.ext.ldap. May you be so kind and provide a ldif example snippet?

[dmunicio]

Sorry I can't provide ldiff example because the users are real and that information is confidential. This is an example of the URL : http://mydomain.local/@@plone_ldapnodeattributes?dn=CN%3DSurname1+Fern%C3%A1n%5C%2C+Jose%2COU%3DMyBuilding%2COU%3DMyCity%2COU%3DUserss%2COU%3DMyDepartment%2CDC%3DMyOrg%2CDC%3Dlocal&base=users&_=0123456789012