search

nickw444 / flask-ldap3-login

LDAP3 Logins for Flask/Flask-Login
http://flask-ldap3-login.readthedocs.org/en/latest/
MIT License
73 stars 38 forks source link

result.user_groups TypeError: 'NoneType' object is not callable #72

Closed AlKult closed 5 years ago

AlKult commented 5 years ago

Hi,

The authentication itself works fine, but the application appears to be failing down the road.

File "/foo/bar/lib/python3.6/site-packages/flask_ldap3_login/forms.py", line 45, in validate_ldap result.user_groups TypeError: 'NoneType' object is not callable

In order to troubleshoot this, I created the following script:

from flask_ldap3_login import LDAP3LoginManager

config = dict()

user = 'myuser'
password = 'mypassword'

config['LDAP_HOST'] = 'ldap.corp.dummy.local'
config['LDAP_BASE_DN'] = 'DC=corp,DC=dummy,DC=local'
config['LDAP_USER_DN'] = 'OU=Standard,OU=Users,OU=BR,OU=corp'
config['LDAP_GROUP_DN'] = 'OU=Corp-Groups,OU=Roles,OU=Groups,OU=BR,OU=corp'
config['LDAP_USER_RDN_ATTR'] = 'cn'
config['LDAP_USER_LOGIN_ATTR'] = 'sAMAccountName'
config['LDAP_BIND_USER_DN'] = 'CN=BindAccount,OU=Service,OU=Users,OU=BR,OU=corp,DC=corp,DC=dummy,DC=local'
config['LDAP_BIND_USER_PASSWORD'] = '<bind password>'
ldap_manager = LDAP3LoginManager()
ldap_manager.init_config(config)

response = ldap_manager.authenticate(user, password)
print(response.status, response.user_groups, len(response.user_info['memberOf']))

When I run it, it returns the following:

AuthenticationResponseStatus.success [] 40

That is, the authentication is successful, but response.user_groups is empty. response.user_info returns loads of info from the AD, and the groups are contained in 'memberOf' within it. How do I fix this? Is there any way to tell it where in user info to search for user groups for? Or is this something else?

Best regards, Albert.

nickw444 commented 5 years ago

I think this is a duplicate of https://github.com/nickw444/flask-ldap3-login/issues/57, with the solution here

In order to fix this problem I had to import my User model into my init file. This automagically sets the _save_user callback.

AlKult commented 5 years ago

I think this is a duplicate of #57, with the solution here

In order to fix this problem I had to import my User model into my init file. This automagically sets the _save_user callback.

I've imported my User model into my init file, but it's made no dfference, I'm afraid. The error is exactly the same.

Best regards, Albert.

AlKult commented 5 years ago

OK, my bad. I didn't realise this module had to save verified credentials somewhere (it was not optional, that is), so even though the User module was loaded, there was no logic to save credentials coming from the ldap module. As soon as I've fixed the logic, it started to work.