| Request | LDAP User Folder -- question -- by Hans-Juergen Sell |
| Posted on | May 9, 2005 10:29 am |
| Subscribe |
| Comment by SELL Hans-Juergen FGTW on May 17, 2005 9:17 am | |
|
Problem is solved! Thanks a lot! It takes of course considerable long time - the same as before, about half a minute - until the exception is sent back from the ldap server but then the correct page with the text field shows up. This was at least a step to enhance the robustness of the ldapuserfolder. For your information: at the moment the LDAP server is from netscape running on a sun machine. Thank you again. I will keep you informed in case of unexpected problems. Hans-Juergen Sell |
|
|
|
| Comment by Jens Vagelpohl on May 16, 2005 11:20 am | |
|
There's a fix now that will also catch the ldap.ADMINLIMIT_EXCEEDED exception, which I have never seen from OpenLDAP by the way, and present the correct text field: http://cvs.dataflake.org/LDAPUserFolder/LDAPUserFolder.py.diff?r1=1.159&r2=1.160 Please update to the latest CVS code and please also give me some feedback and let me know if your problems are solved. Be aware that there are also other changes, especially the logging system, since you last downloaded the CVS code. |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 12, 2005 11:15 am | |
|
Meanwhile I'm convinced that the error message "Administrative limit exceeded" is a regular LDAP error message. The explanation to that error message is Errno: 11, description: LDAP_ADMINLIMIT_EXCEEDED: Indicates that an LDAP server limit set by an administrative authority has been exceeded. This says me that we need to say the LDAPUserFolder not to ask for the list but to show up that form (that I have in mind from the past) to insert manually the uid for the user that should have local roles here. Do you agree? Do you know the limit where zope switches to this form? |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 12, 2005 11:00 am | |
|
(2) May 12 16:02:10: getAttributesOfAllObjects: Cannot find any users ({'info': '', 'desc': 'Administrative limit exceeded'}) This looks like a problem with permission with a request to the LDAP!? But I tried this also assigning a manager DN with the corresponding password for the LDAP server. The error log was the same in any case. -----Ursprüngliche Nachricht----- Von: JTracker [mailto:jtracker@dataflake.org] Gesendet: Donnerstag, 12. Mai 2005 16:35 An: SELL Hans-Juergen FGTW Betreff: [Tracker] LDAP User Folder followup: "No local roles possible with LDAP-UserFolder" (issue_00441) Issue followup (Comment) by Jens Vagelpohl (jens@dataflake.org): "No local roles possible with LDAP-UserFolder" http://www.dataflake.org/tracker/issue_00441 ---------- > Anyway, as I said before for this code the logging is delegated to > zLOG and is written out into the event.log file that Zope creates. If > you take a look you should see messages from the LDAPUserFolder in > there, depending on the log level you have chosen in your zope.conf > event log configuration. Look for "getAttributesOfAllObjects" and if > you find lines with that please paste them here. That is my suggestion (for the third time now). Look at that log. ---------- Sent automatically by JTracker "Report Bugs" at http://www.dataflake.org/tracker |
|
|
|
| Comment by Jens Vagelpohl on May 12, 2005 10:35 am | |
|
> Anyway, as I said before for this code the logging is delegated to > zLOG and is written out into the event.log file that Zope creates. If > you take a look you should see messages from the LDAPUserFolder in > there, depending on the log level you have chosen in your zope.conf > event log configuration. Look for "getAttributesOfAllObjects" and if > you find lines with that please paste them here. That is my suggestion (for the third time now). Look at that log. |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 12, 2005 10:31 am | |
|
I tried both. The 2.5-tarball and the cvs-head. In both cases trying to access the link 'local roles' in the security tab of a folder (via ZMI) ends-up with the same error message: Error Type: KeyError Error Value: 'uid' And the traceback (cvs-head): Traceback (innermost last): Module ZPublisher.Publish, line 101, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 39, in call_object Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module App.special_dtml, line 175, in _exec Module DocumentTemplate.DT_Try, line 140, in render Module DocumentTemplate.DT_Try, line 149, in render_try_except Module DocumentTemplate.DT_In, line 623, in renderwob Module AccessControl.Role, line 325, in get_valid_userids Module AccessControl.User, line 965, in user_names Module Products.LDAPUserFolder.LDAPUserFolder, line 609, in getUserNames KeyError: 'uid' And the traceback (2.5-released, tarball): Traceback (innermost last): Module ZPublisher.Publish, line 101, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 39, in call_object Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module App.special_dtml, line 175, in _exec Module DocumentTemplate.DT_Try, line 140, in render Module DocumentTemplate.DT_Try, line 149, in render_try_except Module DocumentTemplate.DT_In, line 623, in renderwob Module AccessControl.Role, line 325, in get_valid_userids Module AccessControl.User, line 965, in user_names Module Products.LDAPUserFolder.LDAPUserFolder, line 629, in getUserNames KeyError: 'uid' As a first selection I will choose the released version because I do not have to delete users that a nomore in the LDAP server at the moment and I will have a minimum of risk for secondary problems. But at all local roles can not be assigned now. With 2.4 not because of the error with non-integers and with 2.5 not because of the keyerror 'uid'. Do you have any suggestions? Hans-Juergen Sell -----Ursprüngliche Nachricht----- Von: JTracker [mailto:jtracker@dataflake.org] Gesendet: Donnerstag, 12. Mai 2005 15:18 An: SELL Hans-Juergen FGTW Betreff: [Tracker] LDAP User Folder followup: "No local roles possible with LDAP-UserFolder" (issue_00441) Issue followup (Comment) by Jens Vagelpohl (jens@dataflake.org): "No local roles possible with LDAP-UserFolder" http://www.dataflake.org/tracker/issue_00441 ---------- > OK, I could do this, but then the bug fixing what you did honestly > for me > wouldn't be included (deleting a user from the 'users' when it is > nomore in > the LDAP server). OK, that's a good reason to use CVS HEAD, you just need to be aware that the code hasn't seen a lot of testing, that's all. By virtue of being "unreleased" it hasn't been looked at and used by many people, so as the saying goes, "your mileage may vary". Anyway, as I said before for this code the logging is delegated to zLOG and is written out into the event.log file that Zope creates. If you take a look you should see messages from the LDAPUserFolder in there, depending on the log level you have chosen in your zope.conf event log configuration. Look for "getAttributesOfAllObjects" and if you find lines with that please paste them here. ---------- Sent automatically by JTracker "Report Bugs" at http://www.dataflake.org/tracker |
|
|
|
| Comment by Jens Vagelpohl on May 12, 2005 9:18 am | |
|
> OK, I could do this, but then the bug fixing what you did honestly > for me > wouldn't be included (deleting a user from the 'users' when it is > nomore in > the LDAP server). OK, that's a good reason to use CVS HEAD, you just need to be aware that the code hasn't seen a lot of testing, that's all. By virtue of being "unreleased" it hasn't been looked at and used by many people, so as the saying goes, "your mileage may vary". Anyway, as I said before for this code the logging is delegated to zLOG and is written out into the event.log file that Zope creates. If you take a look you should see messages from the LDAPUserFolder in there, depending on the log level you have chosen in your zope.conf event log configuration. Look for "getAttributesOfAllObjects" and if you find lines with that please paste them here. |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 12, 2005 8:56 am | |
|
OK, I could do this, but then the bug fixing what you did honestly for me wouldn't be included (deleting a user from the 'users' when it is nomore in the LDAP server). Then I should take the 2.5-tarball and ... exchange some to be defined file, isn't it. -----Ursprüngliche Nachricht----- Von: JTracker [mailto:jtracker@dataflake.org] Gesendet: Donnerstag, 12. Mai 2005 14:46 An: SELL Hans-Juergen FGTW Betreff: [Tracker] LDAP User Folder followup: "No local roles possible with LDAP-UserFolder" (issue_00441) Issue followup (Comment) by Jens Vagelpohl (jens@dataflake.org): "No local roles possible with LDAP-UserFolder" http://www.dataflake.org/tracker/issue_00441 ---------- cvs.dataflake.org is not where released versions reside, it is (as the name implies) the CVS repository. It is certainly possible to get exactly version 2.5 there by using the correct CVS tag, which is LDAPUserFolder_2_5, but in general software releases should only ever be downloaded from their documented location: http://www.dataflake.org/software/ldapuserfolder/ Please have that colleague download version 2.5 from there and use that instead. You're currently running potentially unstable CVS HEAD code, and I doubt that is something you want to do. Speaking about that CVS version, all logging after version 2.5 is done using the standard zLOG module. For the new logging you will find its output in the Zope event log. Grep for LDAPUserFolder and you might find the log message containing "getAttributesOfAllObjects" there which also contains a small error description why the call failed. This is exactly the same output that you would have found on the "Log" tab, so it will already contain important clues to your problem. ---------- Sent automatically by JTracker "Report Bugs" at http://www.dataflake.org/tracker |
|
|
|
| Comment by Jens Vagelpohl on May 12, 2005 8:46 am | |
|
cvs.dataflake.org is not where released versions reside, it is (as the name implies) the CVS repository. It is certainly possible to get exactly version 2.5 there by using the correct CVS tag, which is LDAPUserFolder_2_5, but in general software releases should only ever be downloaded from their documented location: http://www.dataflake.org/software/ldapuserfolder/ Please have that colleague download version 2.5 from there and use that instead. You're currently running potentially unstable CVS HEAD code, and I doubt that is something you want to do. Speaking about that CVS version, all logging after version 2.5 is done using the standard zLOG module. For the new logging you will find its output in the Zope event log. Grep for LDAPUserFolder and you might find the log message containing "getAttributesOfAllObjects" there which also contains a small error description why the call failed. This is exactly the same output that you would have found on the "Log" tab, so it will already contain important clues to your problem. |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 12, 2005 8:36 am | |
|
The version is indicated as 2.5. A colleague from the IT services downloaded the tarball from cvs.dataflake.org with the assignment 'LDAPUserFolder' as the modulname. Due to our security policy I can not do it by myself. The changes.txt includes the update due to my request, so I concluded this should be the right branch. Hans-Juergen Sell |
|
|
|
| Comment by Jens Vagelpohl on May 12, 2005 8:30 am | |
|
I'm confused now. If you don't have the Log tab then that means you're not running version 2.5 but you're running CVS HEAD. What exactly are you running? |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 12, 2005 8:23 am | |
|
I'm missing the log tab in the ZMI of the LDAPUserFolder. I'm logged in as a manager. Under this role I also did the deleting, creation and configuration of the LDAPUserFolder. I assume this is equivalent to the emergency user that I didn't have created upto now. |
|
|
|
| Comment by Jens Vagelpohl on May 12, 2005 8:07 am | |
|
There should be a log message in the LDAPUserFolder log itself when this happens (-> LDAPUserFolder instance "Log" tab in the ZMI), a message starting with "getAttributesOfAllObjects". Is there one? |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 12, 2005 7:55 am | |
|
I did it like this. The error still occurs but with an other message and with the following traceback: Traceback (innermost last): Module ZPublisher.Publish, line 101, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 39, in call_object Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module App.special_dtml, line 175, in _exec Module DocumentTemplate.DT_Try, line 140, in render Module DocumentTemplate.DT_Try, line 149, in render_try_except Module DocumentTemplate.DT_In, line 623, in renderwob Module AccessControl.Role, line 325, in get_valid_userids Module AccessControl.User, line 965, in user_names Module Products.LDAPUserFolder.LDAPUserFolder, line 609, in getUserNames KeyError: 'uid' Hans-Juergen Sell |
|
|
|
| Comment by Jens Vagelpohl on May 11, 2005 5:07 am | |
|
A correct upgrade should be done this way: - Log in as the emergency user - delete the current LDAPUserFolder instance - update the software and restart Zope - log in as emergency user again - create a new LDAPUserFolder instance The need to delete and recreate the LDAPUserFolder is mentioned in the README. jens |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 11, 2005 2:03 am | |
|
I decided to rollback with a backup. Sorry for calling for help so fast but the LDAPUserfolder problem still remains. I will try it again with 2.5 and will keep you in touch. Hans-Juergen Sell |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 11, 2005 1:43 am | |
|
I tested the version 2.5 and experienced a similar error. Now it does not resolve the variable uid in the methode getUserName... Then I replaced it again with the old 2.4 and this caused might be real trouble. Now I can not access folders that contain an LDAPUserFolder with the following traceback: Traceback (innermost last): Module ZPublisher.Publish, line 92, in publish Module ZPublisher.BaseRequest, line 421, in traverse Module ZPublisher.BaseRequest, line 497, in old_validation AttributeError: __getitem__ I'm afraid this action destroyed something basic to the zope database. Even if I recognize that this problem left the 'LDAPUserFOlder' field I would really appreciate help to recover the data on the server. Hans-Juergen Sell -----Ursprüngliche Nachricht----- Von: JTracker [mailto:jtracker@dataflake.org] Gesendet: Dienstag, 10. Mai 2005 09:06 An: SELL Hans-Juergen FGTW Betreff: [Tracker] LDAP User Folder followup: "No local roles possible with LDAP-UserFolder" (issue_00441) Issue followup (Resolve) by Jens Vagelpohl (jens@dataflake.org): "No local roles possible with LDAP-UserFolder" http://www.dataflake.org/tracker/issue_00441 ---------- You need to upgrade to a newer version to solve this problem. ---------- Sent automatically by JTracker "Report Bugs" at http://www.dataflake.org/tracker |
|
|
|
| Resolve by Jens Vagelpohl on May 10, 2005 3:06 am | |
|
You need to upgrade to a newer version to solve this problem. |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 10, 2005 2:01 am | |
|
Thanks for this hint. I still missed it. Here the traceback: Traceback (innermost last): Module ZPublisher.Publish, line 101, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 39, in call_object Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module App.special_dtml, line 175, in _exec Module DocumentTemplate.DT_Try, line 140, in render Module DocumentTemplate.DT_Try, line 149, in render_try_except Module DocumentTemplate.DT_In, line 623, in renderwob Module AccessControl.Role, line 325, in get_valid_userids Module AccessControl.User, line 965, in user_names Module Products.LDAPUserFolder.LDAPUserFolder, line 608, in getUserNames TypeError: list indices must be integers Hans-Juergen Sell -----Ursprüngliche Nachricht----- Von: JTracker [mailto:jtracker@dataflake.org] Gesendet: Montag, 9. Mai 2005 18:44 An: SELL Hans-Juergen FGTW Betreff: [Tracker] LDAP User Folder followup: "No local roles possible with LDAP-UserFolder" (issue_00441) Issue followup (Comment) by Jens Vagelpohl (jens@dataflake.org): "No local roles possible with LDAP-UserFolder" http://www.dataflake.org/tracker/issue_00441 ---------- > Zope version is 2.7 and LDAPUserFolder has version 2.4. As I can > see, there > is no traceback. When I hit the link 'local roles' in the security > tab of > the respective folder it takes some time (a minute) and ends up > with the > error message: There is always a traceback. Please look at the site error log object at the root of your Zope site. It is there by default and shows full tracebacks. It is a very handy debugging tool. jens ---------- Sent automatically by JTracker "Report Bugs" at http://www.dataflake.org/tracker |
|
|
|
| Comment by Jens Vagelpohl on May 9, 2005 12:43 pm | |
|
> Zope version is 2.7 and LDAPUserFolder has version 2.4. As I can > see, there > is no traceback. When I hit the link 'local roles' in the security > tab of > the respective folder it takes some time (a minute) and ends up > with the > error message: There is always a traceback. Please look at the site error log object at the root of your Zope site. It is there by default and shows full tracebacks. It is a very handy debugging tool. jens |
|
|
|
| Comment by SELL Hans-Juergen FGTW on May 9, 2005 12:39 pm | |
|
Zope version is 2.7 and LDAPUserFolder has version 2.4. As I can see, there is no traceback. When I hit the link 'local roles' in the security tab of the respective folder it takes some time (a minute) and ends up with the error message: ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Site Error An error was encountered while publishing this resource. Error Type: TypeError Error Value: list indices must be integers ---------------------------------------------------------------------------- ---- Troubleshooting Suggestions The URL may be incorrect. The parameters passed to this resource may be incorrect. A resource that this resource relies on may be encountering an error. For more detailed information about the error, please refer to the error log. If the error persists please contact the site maintainer. Thank you for your patience. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ In case there is no LDAPUserFolder above in the hierarchy there is a sudden response with the well known web form. Obviosly the LDAPUserFolder does not respond in the required way. Some weeks ago when it works well it takes also some time until the process recognized that the data from the LDAP server are too numerous to show them all up and the from had the well known text frame for manual input of the user assigned for the local role. Hans-Juergen Sell -----Ursprüngliche Nachricht----- Von: JTracker [mailto:jtracker@dataflake.org] Gesendet: Montag, 9. Mai 2005 17:09 An: SELL Hans-Juergen FGTW Betreff: [Tracker] LDAP User Folder followup: "No local roles possible with LDAP-UserFolder" (issue_00441) Issue followup (Comment) by Jens Vagelpohl (jens@dataflake.org): "No local roles possible with LDAP-UserFolder" http://www.dataflake.org/tracker/issue_00441 ---------- Hallo Hans-Jürgen, I cannot replicate this problem. If you have a traceback, you *must* send it along in full, otherwise I cannot help. Also, more precise information about what versions (Python, Zope, LDAPUserFolder) are involved would help. jens ---------- Sent automatically by JTracker "Report Bugs" at http://www.dataflake.org/tracker |
|
|
|
| Comment by Jens Vagelpohl on May 9, 2005 11:08 am | |
|
Hallo Hans-Jürgen, I cannot replicate this problem. If you have a traceback, you *must* send it along in full, otherwise I cannot help. Also, more precise information about what versions (Python, Zope, LDAPUserFolder) are involved would help. jens |
|
|
|
| Initial Request by Hans-Juergen Sell on May 9, 2005 10:29 am | |
|
when the acl-users folder is a LDAPUserFolder I can not access the local roles interface in the security tab of the zope management interface. This works well until ... now. The error message sent back is : Error Type: TypeError / Error Value: list indices must be integers. IT people from the LDAP side told me nothing has been changed. I initiated also a test folder with a clean LDAPUserfolder. Any idea what this behavior can be cause. |
