On 3/5/20 4:29 PM, Reuben Popp wrote:
Good morning Mads (or afternoon as the case may be where you're at).
My apologies that the report was so sparse. When I wrote it, I was
neck deep in the middle of trying to get things set up for our
architects to trial Kallithea.
Yes, this was the default branch downloaded from the bitbucket mirror
on February 25th.
My original report and fix were incorrect. With it in place, what I
noticed was that while an Active Directory account could log in, it
would prevent me from logging in using the (local) kallithea admin
account. My best guess here, being a relatively new python noob is
that in the case of the kallithea admin account, the email was a
string literal, which would then fail because there was no decode()
method. On the other hand, it would work for a byte string such as
that coming from AD.
That said, the following works for both AD and the local kallithea
account:
--- lib/helpers.py 2020-02-25 11:18:44.000000000 -0600
+++ lib/helpers.py.new 2020-03-05 09:11:30.394700849 -0600
@@ -951,6 +951,9 @@
if email_address == _def:
return default
+ if isinstance(email_address, bytes):
+ email_address = email_address.decode('utf-8')
+
parsed_url = urllib.parse.urlparse(url.current(qualified=True))
url = (c.visual.gravatar_url or User.DEFAULT_GRAVATAR_URL) \
.replace('{email}', email_address) \
One thing of note though, and I think this is a deeper issue, as you
said, and that's when I look at any AD user account in kallithea, each
field (eg, first, last, etc) is enclosed in the byte (?) field
delimiter. eg: b'Reuben' b'Popp'
Yes, the problem seems to be that values retrieved from LDAP are byte
encoded. They should be decoded in auth_ldap. But probably only some of
the values. I would thus still need
Can you try this and report back when it prints out when you log in
using AD/LDAP?
--- kallithea/lib/auth_modules/auth_ldap.py
+++ kallithea/lib/auth_modules/auth_ldap.py
@@ -326,6 +326,7 @@ class KallitheaAuthPlugin(auth_modules.K
aldap = AuthLdap(**kwargs)
(user_dn, ldap_attrs) =
aldap.authenticate_ldap(username,
password)
log.debug('Got ldap DN response %s', user_dn)
+ print(ldap_attrs)
def get_ldap_attr(k):
return ldap_attrs.get(settings.get(k), [''])[0]
/Mads
_______________________________________________
kallithea-general mailing list
[email protected]
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
