I'm not familiar with supervisord. I would expect the print output to show up in your stdout_logfile ... but only after a restart of supervisord (or your Kallithea service).

Do you see other output in the log? What?
Perhaps instead try
log.error('Got ldap DN response %s: %r', user_dn, ldap_attrs)

Perhaps also try temporarily running gearbox in the foreground as the Kallithea user, just for testing.

(Others with a working AD/LDAP setup can perhaps also help out testing.)

/Mads



On 3/5/20 5:41 PM, Reuben Popp wrote:
Okay, so I added that line, along with an additional line above it to print my name as a placeholder, but I'm not seeing this in the stdout file (I'm running kallithea using supervisord).  Is there something else I need to do or add to my.ini?

Thanks again

On Thu, Mar 5, 2020 at 9:48 AM Mads Kiilerich <[email protected] <mailto:[email protected]>> wrote:

    On 3/5/20 4:29 PM, Reuben Popp wrote:
    Good morning Mads (or afternoon as the case may be where you're at).

    My apologies that the report was so sparse.  When I wrote it, I
    was neck deep in the middle of trying to get things set up for
    our architects to trial Kallithea.

    Yes, this was the default branch downloaded from the bitbucket
    mirror on February 25th.

    My original report and fix were incorrect.  With it in place,
    what I noticed was that while an Active Directory account could
    log in, it would prevent me from logging in using the (local)
    kallithea admin account.  My best guess here, being a relatively
    new python noob is that in the case of the kallithea admin
    account, the email was a string literal, which would then fail
    because there was no decode() method.  On the other hand, it
    would work for a byte string such as that coming from AD.

    That said, the following works for both AD and the local
    kallithea account:

    --- lib/helpers.py  2020-02-25 11:18:44.000000000 -0600

    +++ lib/helpers.py.new 2020-03-05 09:11:30.394700849 -0600

    @@ -951,6 +951,9 @@

         if email_address == _def:

             return default

    +    if isinstance(email_address, bytes):

    +        email_address = email_address.decode('utf-8')

    +

         parsed_url = urllib.parse.urlparse(url.current(qualified=True))

         url = (c.visual.gravatar_url or User.DEFAULT_GRAVATAR_URL) \

                    .replace('{email}', email_address) \


    One thing of note though, and I think this is a deeper issue, as
    you said, and that's when I look at any AD user account in
    kallithea, each field (eg, first, last, etc) is enclosed in the
    byte (?) field delimiter.  eg: b'Reuben' b'Popp'


    Yes, the problem seems to be that values retrieved from LDAP are
    byte encoded. They should be decoded in auth_ldap. But probably
    only some of the values. I would thus still need



        Can you try this and report back when it prints out when you
        log in
        using AD/LDAP?

        --- kallithea/lib/auth_modules/auth_ldap.py
        +++ kallithea/lib/auth_modules/auth_ldap.py
        @@ -326,6 +326,7 @@ class KallitheaAuthPlugin(auth_modules.K
                      aldap = AuthLdap(**kwargs)
                      (user_dn, ldap_attrs) =
        aldap.authenticate_ldap(username,
        password)
                      log.debug('Got ldap DN response %s', user_dn)
        +            print(ldap_attrs)

                      def get_ldap_attr(k):
                          return ldap_attrs.get(settings.get(k), [''])[0]


    /Mads



_______________________________________________
kallithea-general mailing list
[email protected]
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general

Reply via email to