'Settings' object has no attribute 'NORECAPTCHA_SITE_KEY'

[Brerras]

Hello , Can you help me please with the following error Error start with : AttributeError at / 'Settings' object has no attribute 'NORECAPTCHA_SITE_KEY' Request Method: GET Request URL: http://pyadselfservice/ Django Version: 1.10.5 Exception Type: AttributeError Exception Value: 'Settings' object has no attribute 'NORECAPTCHA_SITE_KEY' Exception Location: /usr/local/lib/python3.5/dist-packages/django/conf/__init__.py in __getattr__, line 54 Python Executable: /usr/bin/python3 Python Version: 3.5.2 Python Path: ['/opt/django-pyadselfservice/pyadselfservice', '/usr/lib/python35.zip', '/usr/lib/python3.5', '/usr/lib/python3.5/plat-i386-linux-gnu', '/usr/lib/python3.5/lib-dynload', '/usr/local/lib/python3.5/dist-packages', '/usr/lib/python3/dist-packages']

thank you

[kanayak123]

Hi Brerras,

You haven't configured Google reCaptcha site and secret keys under line 142 and 144 in pyadselfservice/settings.py

RECAPTCHA_PUBLIC_KEY =  #The Site key from Google recaptcha
RECAPTCHA_PRIVATE_KEY = #The Secret key here from Google recaptcha

Please refer to section 3 and 4 in this documentation. I suggest you first read through the entire documentation and be ready with all the details that are needed to function pyadselfservice.

Alternatively (which is not a secure way of doing this), if you do not want Google reCaptcha validation, you can disable it by commenting out line 30 in /validateuser/forms.py # captcha = NoReCaptchaField(label='')

[Brerras]

Hello again , Thank you for your answer kanayak123 . Just i add 2 line with NORECAPTCHA_SECRET_KEY NORECAPTCHA_SITE_KEY and one more with PYADSELFSERVICE_DCPORT

i dont know if this is correct but I will try .

i will notify you for the status .

thank you

[Brerras]

after this changes I can see the site without errors and I try to change my password but with no luck. when I saw the logs I can find my user attributes Like mail , sn , user dn, etc etc.. (that means user can login to domain and check user attributes)

all time i receive

You have entered invalid details. Please go back and try again

I have change the values from defaults to: pager - givenName and sn

can you help me to debug this error ?

[kanayak123]

Hello there! I could replicate your issue in my dev setup. Found a bug in the code that was fixed earlier in my production server but I did not replicate it to dev server thus did not get uploaded to GIT. Sorry about that.

I have now uploaded the fix to GIT. Can you please replace just one file and let me know how it goes. Replace .validateuser/adpassreset.py file with the latest one from git.

cd /opt/pyadselfservice/pyadselfservice/validateuser
wget https://raw.githubusercontent.com/kanayak123/pyadselfservice/master/pyadselfservice/validateuser/adpassreset.py
service apache2 restart

[Brerras]

hello again, I replace the adpassreset.py but I have the same error .. :( I change all attributes to pager to make the tests .. but no luck

[kanayak123]

Hello again,

That's strange. Earlier there was a bug in validating values with special characters. But with the patch, it should've resolved. Is it possible to send me logs from debug.log and django_request.log. You may upload logs for 1 validation attempt after masking sensitive infos.

[Brerras]

Check it please . . The First request is with correct validation data the second has wrong validation data

selfpasswordresetlogs.zip

thank you

Edit: all validation fields is : sAMAccountName

[kanayak123]

The logs says the attributes pager, givenName and sn are not retrieved. The only received attributes from your DC are mail and sAMAccountName apart from few other default ones.

<{'raw_attributes': {'mail': [b'Brerras.#####@mycompany.com'], 'sAMAccountName': [b'br####'], 'cn': [b'Brerras #####']}, 'attributes': {'mail': 'Brerras.######@mycompany.com', 'sAMAccountName': 'br#####', 'cn': 'Brerras #####'}

Which version of Windows does your DC runs on? I will have to setup a lab with that version of DC if things don't resolve. Can you verify the ./pyadselfservice/settings.py and make sure below are correct?

PYADSELFSERVICE_ATTR3 = 'pager'
PYADSELFSERVICE_ATTR4 = 'givenName'
PYADSELFSERVICE_ATTR5 = 'sn'

Also, just to test verify can you use just 1 attribute sAMAccountName in all attributes and try if that works?

PYADSELFSERVICE_ATTR3 = 'sAMAccountName'
PYADSELFSERVICE_ATTR4 = 'sAMAccountName'
PYADSELFSERVICE_ATTR5 = 'sAMAccountName'

[kanayak123]

It may also mean that the AD user account that you configured in ./pyadselfservice/settings.py does not have permission to read AD attributes. Please ensure that it has read permission on AD to read attributes. Please refer to section 2 in the doc

To confirm the permission, run these commands in the python3 interpreter. Please change the username and other details as per actual.

import ldap3, ssl
username = 'Your AD Username'
server = ldap3.Server(host = 'DC IP', port = int('636'), use_ssl=True, tls = ldap3.Tls(validate=ssl.CERT_NONE))
conn = ldap3.Connection(server, 'username@mycompan.local', password = 'password', auto_bind=True)
conn.search(search_base = 'DC=mycompanyl,DC=local', search_filter = '(sAMAccountName=%s)' %username, search_scope = ldap3.SUBTREE, attributes = ['cn', 'mail', 'pager', 'givenName', 'sn'])
print(conn.entries)

You should get a print output as something like this. If not then it is most likely the permission error.

[DN: CN=Brerras ######,OU=Users,OU=######,DC=######,DC=mycompany,DC=local - STATUS: Read - READ TIME: 2017-02-23T17:21:07.497384
    cn: Brerras ######
    givenName: Brerras
    mail: Brerras.#######@mycompany.com
    pager: +1-248-1234567
    sn: M######
]

[Brerras]

Question: Also, just to test verify can you use just 1 attribute sAMAccountName in all attributes and try if that works?

The Logs have all attributes 3,4,5 = sAMAccountName. Thats why you don't see pager,sn etc....

The Answer is no

Just i test the permssion with your code . and it works fine

[kanayak123]

validateAdAttributes.zip

If you have set the settings as below, you should be able to see the pager, sn and givenName values in the logs.

PYADSELFSERVICE_ATTR3 = 'pager'
PYADSELFSERVICE_ATTR4 = 'givenName'
PYADSELFSERVICE_ATTR5 = 'sn'

If the values are retrieved correctly, there is nothing much in the code that it does. It only compares 2 values that you entered in the page and the one retrieved from AD. Since the Django is web based, it is difficult to debug backend scripts. I have created a this script which is the core part of validation. I suggest you modify this with auth infos and run it. Debug it till you get the "Success" message. Once you get the "Success" message, apply the same changes to .validateuser/adpassreset.py. Things should definitely work. Let me also know your debug results.

[Brerras]

just i complete all tests without good news .

[dn: cn=brerras mikros,ou=users,ou=xxxx,dc=xxxx,dc=domain,dc=local - status: read - read time: 2017-02-23t08:49:45.032757 cn: brerras mikros

givenname: mikros

mail: mikros.brerras@mydomain.com

pager: 1234

sn: brerras

] 1234 brerras mikros | username | mikros | brerras | 1234| Success

I make tha same changes at adpassreset.py but i receive tha same error

[kanayak123]

If you have received a success message then its a good news. It means everything is working good. I still feel there is issue in settings file. I suggest u take backup of /opt/pyadselfservice folder, wipe it completely, clone a fresh copy of pyadselfservice from GIT and then configure it from scratch. Use the new settings file from git and change only the values as required. Also, meanwhile if you upload the working script, I can assess it to see if any changes are needed in adpassreset.py.

[Brerras]

👍 Yes fixed ..

[Brerras]

just I saw maybe a bug .. If the smtp settings is not correct then you receive the following error : You have entered invalid details. Please go back and try again

Maybe you can change this error to: "Please check you smtp settings"

[kanayak123]

Thanks for letting me know Brerras. Really appreciate your patience. Yes, the message needs to be bit more specific. I will release a patch soon. Thank you for your feedback.

[kanayak123]

I have released a patch with few changes in the exception messages. It will now show the exact error for SMTP, removed irrelevant messages from GUI. Please apply the latest code.