Description of problem: I have another LDAP server (currently :-), and when I tried to configure LDAP authentication against it, I got back this error message: The values for the following properties were invalid: name I traced through the code, and I see that I'm getting authenticated ok against the LDAP server, but when we are trying to create the ldap user in pulp, an exception is thrown in create_user in pulp/platform/src/pulp/server/managers/auth/user/cud.py I have a gecos field in ldap, so I added some debugging in that function to see what was getting in. <some values changed for google purposes> 2013-08-04 00:44:49,192 pulp.server.auth.ldap_connection:INFO: Found user with id myusername 2013-08-04 00:44:49,194 pulp.server.auth.ldap_connection:INFO: Found user with id myusername with matching credentials 2013-08-04 00:44:49,194 pulp.server.managers.auth.user.cud:INFO: Login myusername 2013-08-04 00:44:49,194 pulp.server.managers.auth.user.cud:INFO: Password None 2013-08-04 00:44:49,195 pulp.server.managers.auth.user.cud:INFO: Name ['Mr Givenname Familyname'] 2013-08-04 00:44:49,195 pulp.server.managers.auth.user.cud:INFO: Roles None 2013-08-04 00:44:49,195 pulp.server.webservices.middleware.exception:ERROR: Invalid properties: ['name'] My guess (since I don't know python, let alone this code), is that we are one level above in an array structure than where we expected? If so, it will need to be fixed in _add_from_ldap in pulp/platform/src/pulp/server/auth/ldap_connection.py Version-Release number of selected component (if applicable): 2.1 How reproducible: Always Steps to Reproduce: 1. Configure ldap 2. Restart httpd 3. Try to authenticate using pulp-admin 4. Fail Curious does it work for any other people? Actual results: Fail to authenticate (it is actually the setup of the pulp account which is failing) Expected results: pulp-admin lets me run my command Additional info:
There's something wrong with the check function in /usr/lib/python2.6/site-packages/pulp/servermanagers/auth/user/cud.py. Comment out lines 70 and 71 and the authentication appears to succeed. The user is created, at the least. /usr/lib/python2.6/site-packages/pulp/servermanagers/auth/user/cud.py # if invalid_type(name, basestring): # invalid_values.append('name')
Tim, Thanks for all the details in the bug report. I checked our code and it does look like our parsing of LDAP gecos field maybe wrong. A user in pulp has a 'name' attribute which stores full name of the user. For LDAP users, we parse gecos field (expecting it to be of type basestring) and use it as the 'name' of given user. It looks like what we are receiving in the gecos field in this case is an array and not a string, resulting in an invalid value error. When you are adding LDAP users, if you can pass just the name of the user instead of an array with the name inside it, it will authenticate and authorize without any issues. I will also look some more and see whether a standard format of gecos field in LDAP is an array. If that is the case, it makes sense for us to fix this on our side.
Looked some more and it looks like usually, gecos attribute is a string with user's full name, but it can sometimes contain a list with multiple entries. No matter what, Pulp should have an additional check in there to make sure it is a string before adding it to user's name attribute. Aligning it to an earlier release to get it done sooner.
commit f459b67e1fe765d9d68bada4c0e13732135c5d6f Author: Sayli Karmarkar <skarmark> Date: Wed Aug 28 01:00:42 2013 -0700 fixed broken ldap authorisation when gecos field contains a list instead of a string with user's fullname
Merged.
build: 2.3.0-0.10.alpha
verified running the following script passed [root@preethi ~]# python populate_users_new.py See populate.log for descriptive output. [root@preethi ~]# [root@preethi ~]# pulp-admin auth user list +----------------------------------------------------------------------+ Users +----------------------------------------------------------------------+ Login: admin Name: admin Login: pulpuser1 Name: pulpuser1
Pulp 2.3 released.