You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/05/23 19:54:58 UTC
[05/11] git commit: [#7388] add logging to help debug LDAP config
[#7388] add logging to help debug LDAP config
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/526864d6
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/526864d6
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/526864d6
Branch: refs/heads/master
Commit: 526864d61a6e8f68da80e23ca00ba90b91f204e2
Parents: a6baa40
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Fri May 23 17:51:53 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri May 23 17:53:45 2014 +0000
----------------------------------------------------------------------
Allura/allura/controllers/auth.py | 2 ++
Allura/allura/lib/plugin.py | 4 ++++
Allura/development.ini | 2 ++
3 files changed, 8 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/526864d6/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 47857f4..a0d1848 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -120,11 +120,13 @@ class AuthController(BaseController):
user_record = M.User.query.find(
{'tool_data.AuthPasswordReset.hash': hash}).first()
if not user_record:
+ log.info('Reset hash not found: {}'.format(hash))
flash('Unable to process reset, please try again')
redirect(login_url)
hash_expiry = user_record.get_tool_data(
'AuthPasswordReset', 'hash_expiry')
if not hash_expiry or hash_expiry < datetime.datetime.utcnow():
+ log.info('Reset hash expired: {} {}'.format(hash, hash_expiry))
flash('Unable to process reset, please try again')
redirect(login_url)
return user_record
http://git-wip-us.apache.org/repos/asf/allura/blob/526864d6/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 5846845..fcc3aea 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -391,10 +391,13 @@ class LdapAuthenticationProvider(AuthenticationProvider):
raise exc.HTTPUnauthorized()
def _login(self):
+ if ldap is None:
+ raise Exception('The python-ldap package needs to be installed. Run `pip install python-ldap` in your allura environment.')
from allura import model as M
user = M.User.query.get(
username=self.request.params['username'], disabled=False)
if user is None:
+ log.debug('LdapAuth: no active user {} found in local mongo, not checking LDAP'.format(self.request.params['username']))
raise exc.HTTPUnauthorized()
try:
dn = 'uid=%s,%s' % (
@@ -404,6 +407,7 @@ class LdapAuthenticationProvider(AuthenticationProvider):
con.bind_s(dn, self.request.params['password'])
con.unbind_s()
except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM):
+ log.debug('LdapAuth: could not authenticate {}'.format(user.username), exc_info=True)
raise exc.HTTPUnauthorized()
return user
http://git-wip-us.apache.org/repos/asf/allura/blob/526864d6/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index a792d44..f3e2b0c 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -81,6 +81,8 @@ auth.method = local
# auth.logout_url = /auth/logout
# auth.login_fragment_url = /auth/login_fragment
+# if using LDAP, also run `pip install python-ldap` in your Allura environment
+
auth.ldap.server = ldap://localhost
auth.ldap.suffix = ou=people,dc=localdomain
auth.ldap.admin_dn = cn=admin,dc=localdomain