Hi Reuben, El jue., 5 mar. 2020 a las 16:48, Mads Kiilerich (<[email protected]>) escribió: > > On 3/5/20 4:29 PM, Reuben Popp wrote: > > Good morning Mads (or afternoon as the case may be where you're at). > > My apologies that the report was so sparse. When I wrote it, I was neck deep > in the middle of trying to get things set up for our architects to trial > Kallithea. > > Yes, this was the default branch downloaded from the bitbucket mirror on > February 25th. > > My original report and fix were incorrect. With it in place, what I noticed > was that while an Active Directory account could log in, it would prevent me > from logging in using the (local) kallithea admin account. My best guess > here, being a relatively new python noob is that in the case of the kallithea > admin account, the email was a string literal, which would then fail because > there was no decode() method. On the other hand, it would work for a byte > string such as that coming from AD. > > That said, the following works for both AD and the local kallithea account: > > --- lib/helpers.py 2020-02-25 11:18:44.000000000 -0600 > > +++ lib/helpers.py.new 2020-03-05 09:11:30.394700849 -0600 > > @@ -951,6 +951,9 @@ > > if email_address == _def: > > return default > > > > + if isinstance(email_address, bytes): > > + email_address = email_address.decode('utf-8') > > + > > parsed_url = urllib.parse.urlparse(url.current(qualified=True)) > > url = (c.visual.gravatar_url or User.DEFAULT_GRAVATAR_URL) \ > > .replace('{email}', email_address) \ > > > One thing of note though, and I think this is a deeper issue, as you said, > and that's when I look at any AD user account in kallithea, each field (eg, > first, last, etc) is enclosed in the byte (?) field delimiter. eg: > b'Reuben' b'Popp' > > > Yes, the problem seems to be that values retrieved from LDAP are byte > encoded. They should be decoded in auth_ldap. But probably only some of the > values. I would thus still need > > > >> Can you try this and report back when it prints out when you log in >> using AD/LDAP? >> >> --- kallithea/lib/auth_modules/auth_ldap.py >> +++ kallithea/lib/auth_modules/auth_ldap.py >> @@ -326,6 +326,7 @@ class KallitheaAuthPlugin(auth_modules.K >> aldap = AuthLdap(**kwargs) >> (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, >> password) >> log.debug('Got ldap DN response %s', user_dn) >> + print(ldap_attrs) >> >> def get_ldap_attr(k): >> return ldap_attrs.get(settings.get(k), [''])[0] >> >
I also encountered an LDAP-related issue with the new Python-3-based Kallithea, also found that the LDAP attributes are actually bytes and need to be converted, and propose this fix: https://kallithea-scm.org/repos/kallithea-incoming/changeset/e1f598d40c38d22fb32da091ca62fa5e7a951c3f Could you check if it solves your problem too, without the local change you made before? Thanks, Thomas _______________________________________________ kallithea-general mailing list [email protected] https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
