OpenERP Community Backports (Addons)

users_ldap: Unable to connect to Active Directory containing non-ASCII characters

  1. Series 7.0
  2. Bug #1079476
Bug #1079476 reported by Li Wee, Ong
40
This bug affects 7 people
Affects Status Importance Assigned to Milestone
Odoo Addons (MOVED TO GITHUB)
Confirmed
Medium
OpenERP R&D Addons Team 1
OpenERP Community Backports (Addons)
Status tracked in 7.0
7.0
In Progress
Medium
OpenERP Community Backports

Bug Description

When connecting to Active Directory containing non-ASCII characters, the following errors occurs ...

Server Traceback (most recent call last):
  File "/opt/openerp/server/openerp/addons/web/common/http.py", line 592, in send
    result = openerp.netsvc.dispatch_rpc(service_name, method, args)
  File "/opt/openerp/server/openerp/netsvc.py", line 360, in dispatch_rpc
    result = ExportService.getService(service_name).dispatch(method, params)
  File "/opt/openerp/server/openerp/service/web_services.py", line 384, in dispatch
    return fn(*params)
  File "/opt/openerp/server/openerp/service/web_services.py", line 396, in exp_authenticate
    return res_users.authenticate(db, login, password, user_agent_env)
  File "/opt/openerp/server/openerp/addons/base/res/res_users.py", line 456, in authenticate
    uid = self.login(db, login, password)
  File "/opt/openerp/server/openerp/addons/users_ldap/users_ldap.py", line 254, in login
    entry = ldap_obj.authenticate(conf, login, password)
  File "/opt/openerp/server/openerp/addons/users_ldap/users_ldap.py", line 100, in authenticate
    results = self.query(conf, filter)
  File "/opt/openerp/server/openerp/addons/users_ldap/users_ldap.py", line 144, in query
    filter, retrieve_attributes, timeout=60)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 505, in search_st
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 495, in search_ext_s
    msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 491, in search_ext
    timeout,sizelimit,
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 3-4: ordinal not in range(128)

This behaviour happens in both 6.1 and 7.0.
In my case, the ldap_base string contains non-ascii characters and I used "encode('utf-8')" as a quick fix.

Original code in users_ldap.py

results = conn.search_st(conf['ldap_base'], ldap.SCOPE_SUBTREE, filter, retrieve_attributes, timeout=60)

Modified code in users_ldap.py

results = conn.search_st(conf['ldap_base'].encode('utf-8'), ldap.SCOPE_SUBTREE, filter, retrieve_attributes, timeout=60)

This fix only works for 6.1.
Using this fix for 7.0, a different error relating to database insertion (creating new user) occurs.

Related branches

lp:~dreis-pt/ocb-addons/7.0-bug1079476-dr
On hold for merging into lp:ocb-addons
Stefan Rijnhart (Opener): Needs Fixing
OpenERP Community Backports: Pending requested
Diff: 21 lines (+2/-2)
1 file modified
auth_ldap/users_ldap.py (+2/-2)
Revision history for this message
Li Wee, Ong (liwee-ong) wrote :

The same fix is also working for 7.0 now ... not sure why it didn't work initially.

Revision history for this message
Daniel Reis (dreis-pt) wrote :

Just reproduced this problem in 6.1.
The fix above didn't work for me.

The patch I used was, in users_ldap,pt, class CompanyLDAP, method authenticate():

replace
                conn = self.connect(conf)
                conn.simple_bind_s(dn, password)
                conn.unbind()

with
                conn = self.connect(conf)
                conn.simple_bind_s(dn, password.encode("utf-8") )
                conn.unbind()

Revision history for this message
Daniel Reis (dreis-pt) wrote :

This issue is also present at trunk.

Revision history for this message
martin (riess82) wrote :

For me, the following worked:

Changes in users_ldap.py:

                conn = self.connect(conf)
                conn.simple_bind_s(dn, password.encode("utf-8"))
                conn.unbind()

and:

            conn.simple_bind_s(conf['ldap_binddn'] or '',
                               conf['ldap_password'].encode('utf-8') or '')
            results = conn.search_st(conf['ldap_base'].encode('utf-8'), ldap.SCOPE_SUBTREE,
                                     filter, retrieve_attributes, timeout=60)

Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

The python-ldap library has some legacy code that predates the unicode introduction in Python, and all its methods expect bytestrings parameters only (utf-8 encoded for LDAPv3).
All the parameters that are taken from the OpenERP database need to be utf-8 encoded before being passed to the LDAP functions (by default the database returns unicode values)

Thanks for reporting!

Changed in openobject-addons:
assignee: nobody → OpenERP R&D Addons Team 1 (openerp-dev-addons1)
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Alexandre Allouche (alexandre-allouche) wrote :

Hello everyone,

I don't see any active branch on this fix. As it has been confirmed, shall we expect a core team to work on this?
Olivier, your comment is perfectly relevant so, if needed, I can ask my team to propose a patch.

Regards

Revision history for this message
Daniel Reis (dreis-pt) wrote :

Just stumbled upon this bug again, on v7 :-P

Daniel Reis (dreis-pt)
Changed in ocb-addons:
importance: Undecided → Medium
Christophe CHAUVET (christophe-chauvet)
Changed in ocb-addons:
assignee: nobody → OpenERP Community Backports Team (ocb)
status: New → Confirmed
Revision history for this message
Stefan Rijnhart (Opener) (stefan-opener) wrote :

Hi Daniel,

I'm removing OCB-addons as an affected project for this bug as per project policy. Of course the bug affects ocb-addons by definition as well as openobject-addons but we only want to track bugs that we fix in OCB-specific changes. Therefore, you should only add bugs to the project that you are going to propose a solution for.

Thanks,
Stefan.

Revision history for this message
Stefan Rijnhart (Opener) (stefan-opener) wrote :

Oh wait, I see that you only proposed to ocb-addons, but not to openobject-addons. You'd need to backport the fix to openobject-addons then, once you are satisfied with the ocb one.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.