Dear fellas, I had a really cr*ppy week because of this problem, so I'd like to report this (I couldn't find the issue track on PloneLDAP page, so I put this here) for others to help me understand what happened and maybe we can all work on improving the related products.
I think you might have read my post http://n2.nabble.com/URGENT%3A-Unicode-show-stopper-tp675858p675858.html "URGENT:Unicode show stopper" in the General Questions forum. In that post, I reported a problem which seemed to have something to do with encoding to my region. FYI, I am running a Portuguese Plone site, in a pt-br locale. Point is, I notice that the problem of UnicodeDecodeErrors seemed definitely tied to the user that was accessing the Plone site (some users always got the errors, and the other users never got the error). So in one line of investigation, I tried to establish what was the difference between the users. It seemed that the affected users had at least one group with accented characters in the group DN, and the unaffected users had groups only with "regular" (i.e. ascii compatible) characters. I started to experiment a little on the LDAP Schema and Configure tabs of the AD Plugin in ZMI, and noticed that if I removed the memberOf mapping, a different error would occur. After a few experiments (which I am not 100% what - that's the beauty of backing up before messing everything with experiments :-D), I got an error message at the getGroupsForPrincipal method in the ActiveDirectoryMultiPlugin module; so I decided to check it out. I haven't studied the code for the product (neither Plone code for that matter), so I started guessing (and that's why I would like to hear from Wichert or some other people who worked on this product, if I am making the correct guesses). I saw this: cns = [ x.split(',')[0] for x in (ldap_user.memberOf or []) ] Which seemed to me like a string splitting thing. Seems like we are getting the memberOf collection (which is a single string for what I get) and splitting it using the comma as the separator to produce a list of cns. If I am correct, that would not work correctly, because the list separator in our AD is the semicolon (;). Most Windows instalations in Portuguese use the semicolon for list separation because the comma is our decimal separator and the point is actually our thousands separator. Also, the memberOf string returned by AD used semicolon to separate the group DNs, and comma to separate the DN elements. Here is what a memberOf string looks like in our installation (the example is for a user with two groups - I changed the letters and digits for confidentiality issues): CN=Alfa_QWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd;CN=ZXCV66_POIUYT_LKJHG_QAZXSWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd I thought that my guess would explain why the unicode errors: the users with strange chars in the DNs would probably get the name value pairs messed up and the value of a pair would be incorrectly used as a name. That would make Plone try to look for some users' group using the non-ascii part as a identifier or something. So, I changed the x.split(',') for x.split(';') in the file and everything worked. But one thing that I can't understand is why the problem suddenly appeared after some weeks of working a 100% fine site. Maybe some user inserted some non ascii char in a content type short name ? I dunno. Please notice that I am not here to report a solution for the problem. I am trying to validate my reasoning. If there is something correct in my guesswork, I might be contributing for the improvement of the LDAP product. If I am wrong, I would appreciate anyone to point my mistake because that case means I tried to fix something but might have broken something else. After all, I can't test extensively my fix now - not many users working at Friday 8:30PM. Well, anyway I would appreciate any comment on my message. Have a nice weekend you all, Alberto -- View this message in context: http://n2.nabble.com/LDAPMultiPlugins-developers%3A-please-read-this---possible-localization-problem-tp777592p777592.html Sent from the Product Developers mailing list archive at Nabble.com. _______________________________________________ Product-Developers mailing list [email protected] http://lists.plone.org/mailman/listinfo/product-developers
