search

devpi / devpi-ldap

Plugin for devpi-server which provides LDAP authentication.
36 stars 20 forks source link

group_search returning no results #23

Closed Trozz closed 2 years ago

Trozz commented 8 years ago

when performing devpi-ldap ldap.conf user0 no groups are returned.

if I perform the same search using ldapsearch it works without issues

ldapsearch -x -h LDAP.server -p 389 -s sub "(&(uniqueMember=cn=user0,ou=Users,o=XXX))"

ldap.conf


---
devpi-ldap:
  url: ldap://LDAP.server
  user_template: CN={username},ou=Users,o=XXX
  group_search:
    base: ou=Groups,o=XXX
    filter: (&(uniqueMember={userdn}))
    attribute_name: CN
2015-12-03 08:51:04,927 DEBUG EXTENDED:ldap message sent via <ldap://LDAP.server - cleartext - user: CN=user0,ou=Users,o=XXX - bound - open - <local: 10.0.0.1:36355 - remote: 10.0.0.2:389> - tls not started - listening - SyncStrategy>:
>>LDAPMessage:
>> messageID=2
>> protocolOp=ProtocolOp:
>>  searchRequest=SearchRequest:
>>   baseObject=ou=Groups,o=XXX
>>   scope='wholeSubtree'
>>   derefAliases='derefAlways'
>>   sizeLimit=0
>>   timeLimit=0
>>   typesOnly='False'
>>   filter=Filter:
>>    and=And:
>>     Filter:
>>      equalityMatch=EqualityMatch:
>>       attributeDesc=uniqueMember
>>       assertionValue=CN=user0,ou=Users,o=XXX
>>   attributes=AttributeSelection:
>>    cn
2015-12-03 08:51:04,928 DEBUG NETWORK:sent 103 bytes via <ldap://LDAP.server - cleartext - user: CN=user0,ou=Users,o=XXX - bound - open - <local: 10.0.0.1:36355 - remote: 10.0.0.2:389> - tls not started - listening - SyncStrategy>
2015-12-03 08:51:05,013 DEBUG NETWORK:received 14 bytes via <ldap://LDAP.server - cleartext - user: CN=user0,ou=Users,o=XXX - bound - open - <local: 10.0.0.1:36355 - remote: 10.0.0.2:389> - tls not started - listening - SyncStrategy>
2015-12-03 08:51:05,013 DEBUG NETWORK:received 1 ldap messages via <ldap://LDAP.server - cleartext - user: CN=user0,ou=Users,o=XXX - bound - open - <local: 10.0.0.1:36355 - remote: 10.0.0.2:389> - tls not started - listening - SyncStrategy>
2015-12-03 08:51:05,015 DEBUG EXTENDED:ldap message received via <ldap://LDAP.server - cleartext - user: CN=user0,ou=Users,o=XXX - bound - open - <local: 10.0.0.1:36355 - remote: 10.0.0.2:389> - tls not started - listening - SyncStrategy>:
<<LDAPMessage:
<< messageID=2
<< protocolOp=ProtocolOp:
<<  searchResDone=SearchResultDone:
<<   resultCode='success'
<<   matchedDN=
<<   diagnosticMessage=
2015-12-03 08:51:05,015 DEBUG BASIC:done SEARCH operation, result <False>
2015-12-03 08:51:05,015 ERROR NOCTX Search failed (&(uniqueMember=CN=user0,ou=Users,o=XXX)) {'filter': '(&(uniqueMember={userdn}))', 'base': 'ou=Groups,o=XXX', 'attribute_name': 'cn'}: {'dn': '', 'referrals': None, 'description': 'success', 'result': 0, 'message': '', 'type': 'searchResDone'}
Result: {"groups": [], "status": "ok"}
Authentication successful, the user is member of the following groups:
VicenteIranzoMaestre commented 6 years ago

I think that the problem is the group_search filter you entered. In fact, your ldapsearch didn't find any groups for this user.

devpi-ldap: url: ldap://LDAP.server user_template: CN={username},ou=Users,o=XXX group_search: base: ou=Groups,o=XXX filter: (&(objectClass=groupOfUniqueMembers)(uniqueMember={userdn})) attribute_name: CN