Network Administration Visualized

LDAP group membership verification crashes with UnicodeDecodeError when username contains non-ASCII chars

Bug #1301794 reported by Morten Brekkevold
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Network Administration Visualized
Fix Released
High
Morten Brekkevold
Network Administration Visualized 3.15.8
3.15
Fix Released
High
Morten Brekkevold
4.0
Fix Released
High
Morten Brekkevold
Network Administration Visualized 4.0.1

Bug Description

If a user's login name contains non-ASCII characters, and the "required_group" option is set in the `ldap` section of `webfront.conf`, that user will experience a crash at login time.

The group verification step raises a UnicodeDecodeError, traceback looking like this:

Traceback (most recent call last):

  File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)

  File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 69, in sensitive_post_parameters_wrapper
    return view(request, *args, **kwargs)

  File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 92, in login
    return do_login(request)

  File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py", line 34, in sensitive_variables_wrapper
    return func(*args, **kwargs)

  File "/usr/lib/pymodules/python2.7/nav/web/webfront/views.py", line 127, in do_login
    account = auth.authenticate(username, password)

  File "/usr/lib/pymodules/python2.7/nav/web/auth.py", line 79, in authenticate
    user = ldapauth.authenticate(username, password)

  File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 151, in authenticate
    if user.is_group_member(group_dn):

  File "/usr/lib/pymodules/python2.7/nav/web/ldapauth.py", line 280, in is_group_member
    result = self.ldap.search_s(group_dn, ldap.SCOPE_BASE, filterstr)

  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 552, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)

  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 545, in search_ext_s
    msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)

  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 541, in search_ext
    timeout,sizelimit,

  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99, in _ldap_call
    result = func(*args,**kwargs)

UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 26: ordinal not in range(128)

Tags: ldap unicode
Morten Brekkevold (mbrekkevold)
Changed in nav:
status: Confirmed → In Progress
Revision history for this message
Morten Brekkevold (mbrekkevold) wrote :

fix here: https://nav.uninett.no/hg/stable/rev/08eaf8c0338c

Changed in nav:
status: In Progress → Fix Committed
Morten Brekkevold (mbrekkevold)
Changed in nav:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.