Hello everyone, this is my first post to the maillingList of Invenio. I've battling with Invenio for some weeks, all well and fine until i came across the LDAP authentication step. I've been following the guide of Miguel at http://www.leccionespracticas.com/cds-invenio/cds-invenio-configuring-ldap-to-login-into-repository/to configure the LDAP py.
> The connection with the server is succesful but i receive a bind user
> error.
> 2013-01-25 07:46:04 -> OPERATIONS_ERROR: {'info': '000004DC: LdapErr:
> DSID-0C0906E8, comment: In order to perform this operation a successful
> bind must be completed on the connection., data 0, v1db1', 'desc':
> 'Operations error'} (ldapobject.py:96:_ldap_call)
Searching for answers was futile because there are now errors like this on
Invenio only other platforms based on python.
There is no error for accessing the LDAP server, the server is reachable by
Invenio, no error of bad account or password, the accounts have no mail
entry on the LDAP server and the same server is used to authenticate users
on a Moodle site and it works.
The error log is quite long so i will attach it (if someone will be kind
enough to rip some minutes from his/hers free time) as well as the python
source for LDA auth.
Thank you in advance, hope someone has a clue to this strange error in
Invenio.
PS: i am almost sure that is a misconfiguration
--
-------------------------
Mureşan Bogdan
Inginer de sistem
Facultatea de Ştiinţe Politice, Administrative şi ale Comunicării - Cluj
Napoca
(004) 0788 94 11 65
(004) 0737 25 88 33
-------------------------
This exception has already been seen 15 times
last time it was seen: 2013-01-25 07:46:04
last time it was notified: 2013-01-25 06:57:35
* 2013-01-25 07:46:04 -> OPERATIONS_ERROR: {'info': '000004DC: LdapErr:
DSID-0C0906E8, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v1db1', 'desc': 'Operations
error'} (ldapobject.py:96:_ldap_call)
** User details
agent: Mozilla/5.0 (Windows NT 6.1;
rv:18.0) Gecko/20100101 Firefox/18.0
email: guest
group: []
guest: 1
nickname:
precached_canseehiddenmarctags: False
precached_permitted_restricted_collections: []
precached_useadmin: False
precached_usealerts: False
precached_useapprove: False
precached_usebaskets: False
precached_usegroups: False
precached_useloans: False
precached_usemessages: False
precached_usepaperattribution: False
precached_usepaperclaim: False
precached_usestats: False
precached_viewclaimlink: False
precached_viewsubmissions: False
referer:
<http://server.ro/libtest/youraccount/login?ln=en&referer=http%3A//server.ro/libtest/youraccount/login%3F>
remote_host:
remote_ip: 192.168.1.199
session: a8c19fd4c6b9fb4713935dd8c1133471
uid: 0
uri: </youraccount/login?>
** Traceback details
Traceback (most recent call last):
File
"/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler_wsgi.py",
line 506, in application
ret = invenio_handler(req)
File
"/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler.py", line
362, in _profiler
return _handler(req)
File
"/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler.py", line
424, in _handler
return root._traverse(req, path, False, guest_p)
File
"/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler.py", line
239, in _traverse
return obj._traverse(req, path, do_head, guest_p)
File
"/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler.py", line
252, in _traverse
result = _check_result(req, obj(req, form))
File
"/usr/local/lib/python2.6/dist-packages/invenio/websession_webinterface.py",
line 861, in login
(iden, args['p_un'], args['p_pw'], msgcode) = webuser.loginUser(req,
args['p_un'], args['p_pw'], args['login_method'])
File "/usr/local/lib/python2.6/dist-packages/invenio/webuser.py", line 568,
in loginUser
result = CFG_EXTERNAL_AUTHENTICATION[login_method].auth_user(p_email, p_pw,
req)
File
"/usr/local/lib/python2.6/dist-packages/invenio/external_authentication_ldap.py",
line 139, in auth_user
return self._ldap_try(_check)
File
"/usr/local/lib/python2.6/dist-packages/invenio/external_authentication_ldap.py",
line 90, in _ldap_try
return command(connection)
File
"/usr/local/lib/python2.6/dist-packages/invenio/external_authentication_ldap.py",
line 116, in _check
query)
File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 502, in
search_s
return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 496, in
search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 422, in
result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 426, in
result2
res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 432, in
result3
ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in
_ldap_call
result = func(*args,**kwargs)
OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In order
to perform this operation a successful bind must be completed on the
connection., data 0, v1db1', 'desc': 'Operations error'}
** Stack frame details
Frame _ldap_call in /usr/lib/python2.6/dist-packages/ldap/ldapobject.py at line
107
-------------------------------------------------------------------------------
104 except LDAPError,e:
105 if __debug__ and self._trace_level>=2:
106 self._trace_file.write('=> LDAPError - %s: %s\n' %
(e.__class__.__name__,str(e)))
----> 107 raise
108 else:
109 if __debug__ and self._trace_level>=2:
110 if not diagnostic_message_success is None:
-------------------------------------------------------------------------------
self = '<ldap.ldapobject.SimpleLDAPObject instance at
0x7fd9d0b893b0>'
args = '(1, 1, -1)'
e = "OPERATIONS_ERROR({'info': '000004DC: LdapErr:
DSID-0C0906E8, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v1db1', 'desc': 'Operations
error'},)"
func = '<built-in method result3 of LDAP object at
0x7fd9cfa36580>'
kwargs = '{}'
Frame result3 in /usr/lib/python2.6/dist-packages/ldap/ldapobject.py at line 432
-------------------------------------------------------------------------------
429 def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None):
430 if timeout is None:
431 timeout = self.timeout
----> 432 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
433 if ldap_result is None:
434 rtype, rdata, rmsgid, decoded_serverctrls =
(None,None,None,None)
435 else:
-------------------------------------------------------------------------------
msgid = '1'
all = '1'
self = '<ldap.ldapobject.SimpleLDAPObject instance at
0x7fd9d0b893b0>'
timeout = '-1'
Frame result2 in /usr/lib/python2.6/dist-packages/ldap/ldapobject.py at line 426
-------------------------------------------------------------------------------
423 return res_type,res_data
424
425 def result2(self,msgid=ldap.RES_ANY,all=1,timeout=None):
----> 426 res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)
427 return res_type, res_data, res_msgid
428
429 def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None):
-------------------------------------------------------------------------------
msgid = '1'
all = '1'
self = '<ldap.ldapobject.SimpleLDAPObject instance at
0x7fd9d0b893b0>'
timeout = '-1'
Frame result in /usr/lib/python2.6/dist-packages/ldap/ldapobject.py at line 422
-------------------------------------------------------------------------------
419 If a timeout occurs, a TIMEOUT exception is raised, unless
420 polling (timeout = 0), in which case (None, None) is
returned.
421 """
----> 422 res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
423 return res_type,res_data
424
425 def result2(self,msgid=ldap.RES_ANY,all=1,timeout=None):
-------------------------------------------------------------------------------
msgid = '1'
all = '1'
self = '<ldap.ldapobject.SimpleLDAPObject instance at
0x7fd9d0b893b0>'
timeout = '-1'
Frame search_ext_s in /usr/lib/python2.6/dist-packages/ldap/ldapobject.py at
line 496
-------------------------------------------------------------------------------
493
494 def
search_ext_s(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0):
495 msgid =
self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
----> 496 return self.result(msgid,all=1,timeout=timeout)[1]
497
498 def
search(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0):
499 return
self.search_ext(base,scope,filterstr,attrlist,attrsonly,None,None)
-------------------------------------------------------------------------------
attrlist = 'None'
serverctrls = 'None'
timeout = '-1'
msgid = '1'
self = '<ldap.ldapobject.SimpleLDAPObject instance at
0x7fd9d0b893b0>'
filterstr = "'(|(samaccountname=ba2370))'"
attrsonly = '0'
base = "'ou=Stud,dc=student,dc=server,dc=ro'"
clientctrls = 'None'
scope = '2'
sizelimit = '0'
Frame search_s in /usr/lib/python2.6/dist-packages/ldap/ldapobject.py at line
502
-------------------------------------------------------------------------------
499 return
self.search_ext(base,scope,filterstr,attrlist,attrsonly,None,None)
500
501 def
search_s(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0):
----> 502 return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
503
504 def
search_st(self,base,scope,filterstr='(objectClass=*)',attrlist=None,attrsonly=0,timeout=-1):
505 return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout)
-------------------------------------------------------------------------------
attrlist = 'None'
self = '<ldap.ldapobject.SimpleLDAPObject instance at
0x7fd9d0b893b0>'
filterstr = "'(|(samaccountname=ba2370))'"
attrsonly = '0'
base = "'ou=Stud,dc=student,dc=server,dc=ro'"
scope = '2'
Frame _check in
/usr/local/lib/python2.6/dist-packages/invenio/external_authentication_ldap.py
at line 116
-------------------------------------------------------------------------------
113 def _check (connection):
114 users =
connection.search_s(CFG_EXTERNAL_AUTH_LDAP_CONTEXT,
115 ldap.SCOPE_SUBTREE,
----> 116 query)
117
118 # We pick the first result, as all the data we are
interested
119 # in should be the same in all the entries.
-------------------------------------------------------------------------------
query = "'(|(samaccountname=ba2370))'"
connection = '<ldap.ldapobject.SimpleLDAPObject instance at
0x7fd9d0b893b0>'
password = "'<*****>'"
Frame _ldap_try in
/usr/local/lib/python2.6/dist-packages/invenio/external_authentication_ldap.py
at line 92
-------------------------------------------------------------------------------
89 connection = ldap.initialize(server)
90 return command(connection)
91 except ldap.SERVER_DOWN, error_message:
----> 92 continue
93 raise InvenioWebAccessExternalAuthError
94
95
-------------------------------------------------------------------------------
connection = '<ldap.ldapobject.SimpleLDAPObject instance at
0x7fd9d0b893b0>'
command = '<function _check at 0x7fd9ceaf3320>'
self =
'<invenio.external_authentication_ldap.ExternalAuthLDAP instance at
0x7fd9cf054c20>'
server = "'ldap://192.168.1.22'"
Frame auth_user in
/usr/local/lib/python2.6/dist-packages/invenio/external_authentication_ldap.py
at line 139
-------------------------------------------------------------------------------
136 return None
137 return user_info[CFG_EXTERNAL_AUTH_LDAP_MAIL_ENTRY][0]
138
----> 139 return self._ldap_try(_check)
140
141 def user_exists(self, email, req=None):
142 """Check the external authentication system for existance of
email.
-------------------------------------------------------------------------------
username = "'ba2370'"
_check = '<function _check at 0x7fd9ceaf3320>'
self =
'<invenio.external_authentication_ldap.ExternalAuthLDAP instance at
0x7fd9cf054c20>'
req =
'<invenio.webinterface_handler_wsgi.SimulatedModPythonRequest object at
0x7fd9d0b87090>'
query = "'(|(samaccountname=ba2370))'"
attrib = "'samaccountname'"
password = "'<*****>'"
Frame loginUser in /usr/local/lib/python2.6/dist-packages/invenio/webuser.py at
line 585
-------------------------------------------------------------------------------
582 return (None, p_email, p_pw, 15)
583 except InvenioWebAccessExternalAuthError:
584 register_exception(req=req, alert_admin=True)
----> 585 raise
586 if p_email: # Authenthicated externally
587 res = run_sql("SELECT id_user FROM userEXT WHERE id=%s
and method=%s", (p_extid, login_method))
588 if res:
-------------------------------------------------------------------------------
p_email = "'ba2370'"
req =
'<invenio.webinterface_handler_wsgi.SimulatedModPythonRequest object at
0x7fd9d0b87090>'
p_pw = "'<*****>'"
login_method = "'LDAP'"
p_un = "'ba2370'"
Frame login in
/usr/local/lib/python2.6/dist-packages/invenio/websession_webinterface.py at
line 861
-------------------------------------------------------------------------------
858 language=args['ln'],
859 lastupdated=__lastupdated__,
860 navmenuid='youraccount')
----> 861 (iden, args['p_un'], args['p_pw'], msgcode) =
webuser.loginUser(req, args['p_un'], args['p_pw'], args['login_method'])
862 else:
863 # Fake parameters for p_un & p_pw because SSO takes them
from the environment
864 (iden, args['p_un'], args['p_pw'], msgcode) =
webuser.loginUser(req, '', '', CFG_EXTERNAL_AUTH_USING_SSO)
-------------------------------------------------------------------------------
remember_me = 'False'
p_un = "'ba2370'"
req =
'<invenio.webinterface_handler_wsgi.SimulatedModPythonRequest object at
0x7fd9d0b87090>'
p_pw = "'<*****>'"
login_method = "'LDAP'"
form = "{'p_un': [Field('p_un', 'ba2370')], 'p_pw':
[Field('p_pw', '<*****>')], 'login_method': [Field('login_method', 'LDAP')],
'ln': [Field('ln', 'en')], 'referer': [Field('referer',
'http://server.ro/libtest/youraccount/login?')], 'action': [Field('action',
'login')]}"
ln = "'en'"
self =
'<invenio.websession_webinterface.WebInterfaceYourAccountPages object at
0x7fd9d0b7e490>'
args = "{'remember_me': False, 'p_un': 'ba2370',
'p_pw': '<*****>', 'login_method': 'LDAP', 'ln': 'en', 'referer':
'http://server.ro/libtest/youraccount/login?', 'action': 'login'}"
referer = "'http://server.ro/libtest/youraccount/login?'"
cookie = "'login'"
_ = '<bound method GNUTranslations.gettext of
<gettext.GNUTranslations instance at 0x7fd9ced8f950>>'
uid = '0'
Frame _traverse in
/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler.py at line
252
-------------------------------------------------------------------------------
249 req.uri not in CFG_NO_LANG_RECOGNITION_URIS:
250 ln = get_preferred_user_language(req)
251 form.add_field('ln', ln)
----> 252 result = _check_result(req, obj(req, form))
253 return result
254
255 def __call__(self, req, form):
-------------------------------------------------------------------------------
obj = '<bound method
WebInterfaceYourAccountPages.login of
<invenio.websession_webinterface.WebInterfaceYourAccountPages object at
0x7fd9d0b7e490>>'
name = "'login'"
form = "{'p_un': [Field('p_un', 'ba2370')], 'p_pw':
[Field('p_pw', '<*****>')], 'login_method': [Field('login_method', 'LDAP')],
'ln': [Field('ln', 'en')], 'referer': [Field('referer',
'http://server.ro/libtest/youraccount/login?')], 'action': [Field('action',
'login')]}"
guest_p = '1'
req =
'<invenio.webinterface_handler_wsgi.SimulatedModPythonRequest object at
0x7fd9d0b87090>'
component = "'login'"
do_head = 'False'
path = '[]'
self =
'<invenio.websession_webinterface.WebInterfaceYourAccountPages object at
0x7fd9d0b7e490>'
Frame _traverse in
/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler.py at line
239
-------------------------------------------------------------------------------
236 # renderer. We even pass it the parsed form arguments.
237 if path:
238 if hasattr(obj, '_traverse'):
----> 239 return obj._traverse(req, path, do_head, guest_p)
240 else:
241 raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
242
-------------------------------------------------------------------------------
obj =
'<invenio.websession_webinterface.WebInterfaceYourAccountPages object at
0x7fd9d0b7e490>'
name = "'youraccount'"
guest_p = '1'
req =
'<invenio.webinterface_handler_wsgi.SimulatedModPythonRequest object at
0x7fd9d0b87090>'
component = "'youraccount'"
do_head = 'False'
path = "['login']"
self =
'<invenio.webinterface_layout.WebInterfaceInvenio object at 0x7fd9d0b7ea50>'
Frame _handler in
/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler.py at line
446
-------------------------------------------------------------------------------
443 if 'debug' in args:
444 remote_debugger.error_msg(args['debug'])
445 register_exception(req=req, alert_admin=True)
----> 446 raise
447
448 # Serve an error by default.
449 raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
-------------------------------------------------------------------------------
allowed_methods = "('GET', 'POST', 'HEAD', 'OPTIONS', 'PUT')"
g = 'None'
guest_p = '1'
req =
'<invenio.webinterface_handler_wsgi.SimulatedModPythonRequest object at
0x7fd9d0b87090>'
uri = "'/youraccount/login'"
path = "['youraccount', 'login']"
root =
'<invenio.webinterface_layout.WebInterfaceInvenio object at 0x7fd9d0b7ea50>'
bad_msie = 'None'
Frame _profiler in
/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler.py at line
362
-------------------------------------------------------------------------------
359 raise Exception('Debugging requested, but no
debugger registered: "%s"' % args['debug'])
360 return _handler(req)
361 else:
----> 362 return _handler(req)
363
364 def _handler(req):
365 """ This handler is invoked by mod_python with the apache
request."""
-------------------------------------------------------------------------------
_handler = '<function _handler at 0x7fd9d0b50c08>'
args = '{}'
req =
'<invenio.webinterface_handler_wsgi.SimulatedModPythonRequest object at
0x7fd9d0b87090>'
Frame application in
/usr/local/lib/python2.6/dist-packages/invenio/webinterface_handler_wsgi.py at
line 523
-------------------------------------------------------------------------------
520 else:
521 req.flush()
522 except:
----> 523 register_exception(req=req, alert_admin=True)
524 if not req.response_sent_p:
525 req.status = HTTP_INTERNAL_SERVER_ERROR
526 req.headers_out['content-type'] = 'text/html'
-------------------------------------------------------------------------------
start_response = '<built-in method start_response of
mod_wsgi.Adapter object at 0x7fd9ceaf7468>'
environ = "{'mod_wsgi.listener_port': '80',
'HTTP_X_FORWARDED_SERVER': 'server.ro', 'HTTP_COOKIE':
'__utma=147790262.607131628.1358675457.1359100975.1359113970.6;
__utmz=147790262.1358675457.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmc=147790262; INVENIOSESSIONstub=NO;
INVENIOSESSION=23a8ae3517c66f66fd92e0f7e8a3bc04;
MoodleSessionmdlpad=kdj7o98uk7u4gjm9qqq5g4i5j6; _icl_current_language=ro',
'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5', 'SERVER_SOFTWARE': 'Apache',
'SCRIPT_NAME': '', 'mod_ [...]
req =
'<invenio.webinterface_handler_wsgi.SimulatedModPythonRequest object at
0x7fd9d0b87090>'
possible_handler = 'None'
possible_module = 'None'
copy-of-external_authentication_ldap.py
Description: Binary data
