> On May 31, 2015, at 11:06 PM, Cooke, Mark <[email protected]> wrote: > >> On May 26, 2015, at 12:09 PM, RjOllos <[email protected]> wrote: >> >> On Tuesday, May 26, 2015 at 2:26:31 AM UTC-4, Cooke, Mark wrote: >> >> > On May 22, 2015 3:02 PM, "Josh Santangelo" >> <[email protected] <javascript:> > wrote: >> > > >> > > >> > >> On May 21, 2015, at 8:53 PM, RjOllos <[email protected] >> <javascript:> > wrote: >> > >> >> > >> On Thursday, May 21, 2015 at 2:23:50 PM UTC-7, Josh >> Santangelo wrote: >> > >>> >> > >>> I ran the 1.0.6 MSI, but it seemed to break LDAP >> authentication. When I >> > browse to trac I see: >> > >>> >> > >>> Traceback (most recent call last): >> > >>> File "C:\Python27\lib\site-packages\trac\web\api.py", >> line 559, in >> > send_error >> > >>> data, 'text/html') >> > >>> File "C:\Python27\lib\site- >> packages\trac\web\chrome.py", line 1063, in >> > render_template >> > >>> template = self.load_template(filename, >> method=method) >> > >>> File "C:\Python27\lib\site- >> packages\trac\web\chrome.py", line 1017, in >> > load_template >> > >>> self.get_all_templates_dirs(), >> auto_reload=self.auto_reload, >> > >>> File "C:\Python27\lib\site- >> packages\trac\web\chrome.py", line 725, in >> > get_all_templates_dirs >> > >>> for provider in self.template_providers: >> > >>> File "C:\Python27\lib\site-packages\trac\core.py", line >> 78, in >> > extensions >> > >>> components = [component.compmgr[cls] for cls in >> classes] >> > >>> File "C:\Python27\lib\site-packages\trac\core.py", line >> 204, in >> > __getitem__ >> > >>> component = cls(self) >> > >>> File "C:\Python27\lib\site-packages\trac\core.py", line >> 140, in >> > __call__ >> > >>> self.__init__() >> > >>> File "build\bdist.win32\egg\acct_mgr\web_ui.py", line >> 75, in __init__ >> > >>> self._write_check(log=True) >> > >>> File "build\bdist.win32\egg\acct_mgr\web_ui.py", line >> 79, in >> > _write_check >> > >>> writable = >> self.acctmgr.get_all_supporting_stores('set_password') >> > >>> File "build\bdist.win32\egg\acct_mgr\api.py", line 348, >> in >> > get_all_supporting_stores >> > >>> for store in self.password_stores: >> > >>> File "C:\Python27\lib\site-packages\trac\config.py", >> line 777, in >> > __get__ >> > >>> option=tag.tt <http://tag.tt/> ("[%s] %s" % >> (self.section, self.name <http://self.name/> )))) >> > >>> ConfigurationError: Cannot find implementation(s) of the >> > <tt>IPasswordStore</tt> interface named >> <tt>LdapAuthStore</tt>. Please check >> > that the Component is enabled or update the option >> <tt>[account-manager] >> > password_store</tt> in trac.ini. >> > >>> >> > >>> I backed up my Python directory before the install, and >> restoring it >> > seems to have restored things back to working. >> > >>> >> > >> >> > >> Trac 1.0.2 and later enforces that Components specified in >> the trac.ini >> > configuration file must be loaded. Often users find that when >> upgrading they >> > had errors in their configuration that passed silently prior >> to the upgrade. >> > >> >> > >> Your [account-manager] password_store setting includes >> LdapAuthStore, but >> > the plugin is either not installed, not loading correctly due >> to an error, or >> > not enabled. LdapAuthStore is provided by LdapAuthStorePlugin >> (1). Perhaps >> > you aren't actually using that store? In that case you can >> just removed >> > LdapAuthStore from password_store. But if you are using the >> plugin, and the >> > plugin is installed and enabled, then we need to determine >> why it's not >> > loading. See TracTroubleshooting (2). It would also be useful >> to confirm, >> > before trying the upgrade again, if it is loading in Trac >> 1.0.2. You can do >> > that by inspecting the debug level log, as described in >> TracTroubleshooting. >> > > >> > > >> > > Thanks, it seems your suspicions about the plugin not >> loading are correct, >> > according to the log, which I’ve pasted below. I’m confused >> though, since >> > LDAP authentication does work, and has for some time. How’s >> that possible if >> > the plugin isn’t loading? I confirmed that the .egg files in >> the log are >> > indeed there. >> > > >> > > 2014-04-01 11:22:27,046 Trac[env] INFO: ------------------- >> ------------- >> > environment startup [Trac 1.0.1] ---------------------------- >> ---- >> > > 2014-04-01 11:22:27,079 Trac[loader] DEBUG: Adding plugin >> > LdapAuthStorePlugin 0.3.0 from >> c:\trac\stimulant\plugins\ldapauthstoreplugin- >> > 0.3.0-py2.7.egg >> > > 2014-04-01 11:22:27,079 Trac[loader] DEBUG: Adding plugin >> LdapPlugin >> > 0.7.0dev from c:\trac\stimulant\plugins\ldapplugin-0.7.0dev- >> py2.7.egg >> > > 2014-04-01 11:22:27,174 Trac[loader] DEBUG: Loading >> > ldapauthstore.ldap_store from >> c:\trac\stimulant\plugins\ldapauthstoreplugin- >> > 0.3.0-py2.7.egg >> > > 2014-04-01 11:22:27,181 Trac[loader] ERROR: Skipping >> > "ldapauthstore.ldap_store = ldapauthstore.ldap_store": >> > > >> > > Traceback (most recent call last): >> > > File "C:\Python27\lib\site-packages\trac\loader.py", line >> 68, in >> > _load_eggs >> > > entry.load(require=True) >> > > File "C:\Python27\lib\site-packages\setuptools-0.6c11- >> > py2.7.egg\pkg_resources.py", line 1954, in load >> > > entry = __import__(self.module_name, >> globals(),globals(), ['__name__']) >> > > File "build\bdist.win32\egg\ldapauthstore\ldap_store.py", >> line 2, in >> > <module> >> > > File "build\bdist.win32\egg\ldapplugin\__init__.py", line >> 2, in <module> >> > > File "build\bdist.win32\egg\ldapplugin\api.py", line 25, >> in <module> >> > > ImportError: No module named ldap >> > > 2014-04-01 11:22:27,181 Trac[loader] DEBUG: Loading >> ldapplugin.api from >> > c:\trac\stimulant\plugins\ldapplugin-0.7.0dev-py2.7.egg >> > > 2014-04-01 11:22:27,187 Trac[loader] ERROR: Skipping >> "ldapplugin.api = >> > ldapplugin.api": >> > > >> > > Traceback (most recent call last): >> > > File "C:\Python27\lib\site-packages\trac\loader.py", line >> 68, in >> > _load_eggs >> > > entry.load(require=True) >> > > File "C:\Python27\lib\site-packages\setuptools-0.6c11- >> > py2.7.egg\pkg_resources.py", line 1954, in load >> > > entry = __import__(self.module_name, >> globals(),globals(), ['__name__']) >> > > File "build\bdist.win32\egg\ldapplugin\__init__.py", line >> 2, in <module> >> > > File "build\bdist.win32\egg\ldapplugin\api.py", line 25, >> in <module> >> > > ImportError: No module named ldap >> > >> > -----Original Message----- >> > From: [email protected] <javascript:> [mailto:trac- >> [email protected] <javascript:> ] On >> > Behalf Of Ryan Ollos >> > >> > It looks like it's not finding the Python ldap package. You >> might be able to >> > install that from pypi. >> > >> > https://pypi.python.org/pypi/python-ldap >> <https://pypi.python.org/pypi/python-ldap> >> >> Hmm, I think we would be better to understand how LDAP auth is >> working >> before fixing something that it looks like is not needed. >> >> Are you using apache httpd? I use Trac on Windoze and use >> apache to >> authenticate against our AD forest, perhaps you do the same? >> In which >> case you do not need the Trac ldap interface at all... >> >> ~ mark c >> >> >> >> Does the Apache configuration you use populate the session info such >> as name and email address from the LDAP data store? >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Josh Santangelo >> Sent: 31 May 2015 22:45 >> To: [email protected] >> Subject: Re: [Trac] Updating Trac on Windows? >> >> Yes, I’m using Apache on Windows. I believe the original configuration was >> based on the docs here: >> https://trac-hacks.org/wiki/LdapPlugin >> >> httpd.conf looks something like: >> >> <Location /> >> Order deny,allow >> Allow from all >> AuthType Basic >> AuthName "Stimulant Trac" >> AuthBasicProvider "ldap" >> AuthLDAPURL "ldap://…"; >> AuthLDAPBindDN [email protected] >> AuthLDAPBindPassword “..." >> authzldapauthoritative Off >> require ldap-group CN=Stimulant Devops,CN=Users,DC=stimulant,DC=local >> </Location> > > This is definitely providing _authentication_ against LDAP as well as > _authorisation_ in that httpd will reject users not in the specified group. > What this does is pass the user info through to Trac in the session info > (based on the parameters specified in the LDAP URL which can include the > user's email). > > If you only need to _authorise_ users based on LDAP group membership you are > done. Do all members of "Stimulant Devops" (via the built-in "authenticated" > group) have the same rights or do you need finer grained permissions? > >> trac.ini looks something like: >> >> [ldap] >> allusers_group = Stimulant Devops >> basedn = dc=stimulant,dc=local >> bind_passwd = ... >> bind_user = cn=trac,dc=stimulant,dc=local >> enable = true >> group_rdn = ou=groups >> host = ... >> store_bind = true >> user_rdn = ou=people > > Trac is repeating work done (probably more efficiently) by httpd. > > As I only have a small number of users per repository I manage those special > cases through the usual Trac Admin interface (no plugins required) using > their network login names, forced to lower case. Personally I would remove > this plugin and the section from trac.ini.
I removed the plugin from trac.ini and authorization still seemed to work. I redid the upgrade to 1.0.6 by switching my c:\python27 to the state it was in after running the MSI. After restarting the server I saw the same error as before rendered into the browser (Cannot find implementation(s) of the <tt>IPasswordStore</tt> interface named <tt>LdapAuthStore</tt>). I commented out password_store = LdapAuthStore from trac.ini. Trac pages now load, but at the top it says "Error with navigation contributor AccountModule” The footer also still says 1.0.1. I re-ran the MSI installer, but it didn’t change anything. -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
