Description
LDAP authentication fails with Moin 1.5.8 on CentOS 4.5 with a TLS error indicating an incompatability with the default RH python-ldap module (RH's module is old).
Should Moin code to address this or should documentation be added telling RH/CentOS users how to work around this?
Steps to reproduce
- Install Moin 1.5.8 on RHEL 4 Update 5 or CentOS 4.5
- Configure for LDAP authentication
- Attempt to login
- Login fails
Example
Relevant wikiconfig.py portions:
# LDAP options added in 1.5.8
ldap_start_tls = 0 # 0 = No, 1 = Try, 2 = Required
ldap_tls_cacertdir = ''
ldap_tls_cacertfile = ''
ldap_tls_certfile = ''
ldap_tls_keyfile = ''
ldap_tls_require_cert = ldap.OPT_X_TLS_NEVER
# For debugging.
ldap_verbose = True
ldap_uri = 'ldap://odin:3268'
ldap_binddn = 'cn=Me,cn=Users,dc=esri,dc=com'
ldap_bindpw = 'pass'
ldap_base = 'DC=domain,DC=com'
ldap_scope = ldap.SCOPE_SUBTREE
# Removed per CHANGES in 1.5.8 added ldap_filter. We should do our group
# filters here.
#ldap_name_attribute = 'sAMAccountName'
ldap_filter = "(sAMAccountName=%(username)s)"
ldap_email_attribute = 'mail'
ldap_given_attribute = 'givenName'
ldap_surname_attribute = 'sn'
ldap_aliasname_attribute = 'displayName'
ldap_coding = 'utf-8'
ldap_timeout = 10
ldap_group_attr = 'memberOf'Erorr output when trying to log in:
[Mon Jun 11 16:40:04 2007] got name=ray5147 login=True logout=False
[Mon Jun 11 16:40:04 2007] LDAP: Setting misc. options...
[Mon Jun 11 16:40:04 2007] LDAP: caught an exception, traceback follows...
[Mon Jun 11 16:40:04 2007] Traceback (most recent call last):
File "/usr/lib/python2.3/site-packages/MoinMoin/auth.py", line 365, in ldap_login
if ldap.TLS_AVAIL:
AttributeError: 'module' object has no attribute 'TLS_AVAIL'
Component selection
- auth
Details
MoinMoin Version |
1.5.8 |
OS and Version |
CentOS 4.5 |
Python Version |
2.3.4 |
Server Setup |
? |
Server Details |
python-ldap 2.0.1 (RPM 2.0.1-2) |
Language you are using the wiki in (set in the browser/UserPreferences) |
English |
Workaround
So far no workaround, but going to attempt a try: except: block in auth.py.
Discussion
2007-06-11 #1
CentOS and RHEL 4 both include the python-ldap RPM v2.0.1. MoinMoin code v1.5.8 in auth.py references ldap.TLS_AVAIL. This environment variable was not added until v2.0.3 of python-ldap:
This is quite old of course, but LDAP authentication will not work on RHEL4 or !CentOS 4 as a result.
I'm not sure if the best way to deal with this is for Moin to code around the issue or for me to attempt to get RH to update their python-ldap module version (unlikely?)
At the very least, perhaps a mention could be made of this and whatever manual workaround or fix is found in the documentation.
2007-06-11 #2
This patch fixes the issue for me:
2007-06-11 #3
It was also pointed out here, that I could set ldap.TLS_AVAIL = 0 in my wikiconfig.py file. This also works, but perhaps should be documented somewhere?
Plan
- Priority:
- Assigned to:
- Status: not a moin bug, just the ldap python binding was too old. even with that, you can use the workaround (see end of discussion).