Open duncanupton opened 2 weeks ago
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey. Please be sure to review our Code of Conduct. Also, check out some of our community resources including:
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!
python-ldap module is not shipped with Salt. You need to install it with salt-pip. A system level install is insufficient. Salt does not see / load system level Python modules.
salt-pip install python-ldap
That /should/ work, but it may not. See: https://github.com/saltstack/salt/issues/65025
Once installed, it likely won't load. You'll get missing symbols. See: https://github.com/saltstack/salt/issues/64962 See: https://github.com/saltstack/relenv/pull/187
In short. LDAP is broken.
@Sxderp Seems we are probably running into issues with relenv as you mentioned. Thanks for your comment.
Description In both 3006.8 and 3006.9 when trying to use ldap authentication for salt-api there is an error we get related to python-ldap module even though python-ldap is installed. The error is in the /var/log/salt/master file.
2024-08-27 08:08:57,417 [salt.loaded.int.auth.ldap:341 ][ERROR ][326502] LDAP authentication requires python-ldap module
Setup additional settings in salt-master:
added these settings in ldap.conf in /etc/salt/master.d
I then started salt-master and salt-api I did not configure a ldap server to communicate with as the issue appears to be loading the python-ldap module. That said a customer I am working with on this issue did have an ldap server that was properly configured and they are also getting the error.
Please be as specific as possible and give set-up details.
Steps to Reproduce the behavior (Include debug logs if possible and relevant)
Run a command such as
Expected behavior A clear and concise description of what you expected to happen. ldap auth should be used by salt-api calls and we should not get this error message.
Screenshots If applicable, add screenshots to help explain your problem.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) ```yaml salt-call pip.list local: ---------- CherryPy: 18.10.0 Jinja2: 3.1.4 MarkupSafe: 2.1.2 PyJWT: 2.9.0 PyYAML: 6.0.1 SSEAPE: 8.16.1.3 certifi: 2024.7.4 cffi: 1.14.6 charset-normalizer: 3.2.0 cheroot: 8.5.2 contextvars: 2.4 croniter: 2.0.5 cryptography: 42.0.5 distro: 1.5.0 idna: 3.7 immutables: 0.15 importlib-metadata: 6.0.0 jaraco.classes: 3.2.1 jaraco.collections: 3.4.0 jaraco.functools: 2.0 jaraco.text: 3.5.1 jmespath: 1.0.1 lief: 0.15.1 looseversion: 1.0.2 more-itertools: 5.0.0 msgpack: 1.0.2 packaging: 22.0 pika: 1.3.2 pip: 23.3.2 portend: 2.4 psutil: 5.8.0 pyOpenSSL: 24.0.0 pyasn1: 0.6.0 pyasn1_modules: 0.4.0 pycparser: 2.21 pycryptodomex: 3.19.1 python-dateutil: 2.8.1 python-gnupg: 0.4.8 python-ldap: 3.4.4 pytz: 2022.1 pyzmq: 23.2.0 relenv:Additional context Add any other context about the problem here.