<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 3/5/20 4:29 PM, Reuben Popp wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAB-aZK_6PfShZA3tjXzBptHJ44U+bn5vLW+iocKiXLhZFEV4+A@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Good morning Mads (or afternoon as the case may be
where you're at).<br>
<br>
My apologies that the report was so sparse. When I wrote it, I
was neck deep in the middle of trying to get things set up for
our architects to trial Kallithea.<br>
<br>
Yes, this was the default branch downloaded from the bitbucket
mirror on February 25th.<br>
<br>
My original report and fix were incorrect. With it in place,
what I noticed was that while an Active Directory account could
log in, it would prevent me from logging in using the (local)
kallithea admin account. My best guess here, being a relatively
new python noob is that in the case of the kallithea admin
account, the email was a string literal, which would then fail
because there was no decode() method. On the other hand, it
would work for a byte string such as that coming from AD.<br>
<br>
That said, the following works for both AD and the local
kallithea account:<br>
<br>
<p class="MsoNormal">--- lib/helpers.py 2020-02-25
11:18:44.000000000 -0600</p>
<p class="MsoNormal">+++ lib/helpers.py.new 2020-03-05
09:11:30.394700849 -0600</p>
<p class="MsoNormal">@@ -951,6 +951,9 @@</p>
<p class="MsoNormal"> if email_address == _def:</p>
<p class="MsoNormal"> return default</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">+ if isinstance(email_address, bytes):</p>
<p class="MsoNormal">+ email_address =
email_address.decode('utf-8')</p>
<p class="MsoNormal">+</p>
<p class="MsoNormal"> parsed_url =
urllib.parse.urlparse(url.current(qualified=True))</p>
<p class="MsoNormal"> url = (c.visual.gravatar_url or
User.DEFAULT_GRAVATAR_URL) \</p>
<p class="MsoNormal"> .replace('{email}',
email_address) \</p>
<br>
One thing of note though, and I think this is a deeper issue, as
you said, and that's when I look at any AD user account in
kallithea, each field (eg, first, last, etc) is enclosed in the
byte (?) field delimiter. eg: b'Reuben' b'Popp'<br>
</div>
</blockquote>
<p><br>
</p>
<p>Yes, the problem seems to be that values retrieved from LDAP are
byte encoded. They should be decoded in auth_ldap. But probably
only some of the values. I would thus still need</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAB-aZK_6PfShZA3tjXzBptHJ44U+bn5vLW+iocKiXLhZFEV4+A@mail.gmail.com"><br>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Can you try this and report back when it prints out when you
log in <br>
using AD/LDAP?<br>
<br>
--- kallithea/lib/auth_modules/auth_ldap.py<br>
+++ kallithea/lib/auth_modules/auth_ldap.py<br>
@@ -326,6 +326,7 @@ class KallitheaAuthPlugin(auth_modules.K<br>
aldap = AuthLdap(**kwargs)<br>
(user_dn, ldap_attrs) =
aldap.authenticate_ldap(username, <br>
password)<br>
log.debug('Got ldap DN response %s', user_dn)<br>
+ print(ldap_attrs)<br>
<br>
def get_ldap_attr(k):<br>
return ldap_attrs.get(settings.get(k),
[''])[0]<br>
<br>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
<p>/Mads</p>
<br>
</body>
</html>