dataflake.org

Home Documentation Software Old Stuff

Can't authenticate Activedirectory users with Swedish characters in CN (Resolved)

Request LDAP User Folder -- question -- by Björn
Posted on Oct 28, 2009 3:58 pm
Subscribe

Enter your email address to receive mail on every change to this issue.

Entries (Latest first)


  Initial Request by Björn on Oct 28, 2009 3:58 pm
  I'm trying to use ldap'ish (activedirectory) authentication on my Zenoss server. I have no problem with users who doesn't have swedish character in their name. But those who do can't log in. Below is some debug info from zope event.log

---snip---
2009-10-28T16:17:59 DEBUG txn.-1269711952 new transaction
------
2009-10-28T16:17:59 DEBUG event.LDAPUserFolder _lookupuserbyattr: Binding as "ldapuser"
------
2009-10-28T16:17:59 DEBUG event.LDAPUserFolder _lookupuserbyattr: Using filter "(&(sAMAccountName=bjuser)(objectClass=top)(objectClass=person))"
------
2009-10-28T16:17:59 DEBUG event.LDAPUserFolder _lookupuserbyattr: Re-binding as "ldapuser"
------
2009-10-28T16:17:59 DEBUG event.LDAPDelegate Cannot find (objectClass=*) under CN=Bj\C3\B6rn Jonsson,OU=Users,OU=COMPANY,DC=COMPANYAD,DC=se
Traceback (most recent call last):
File "/home/zenoss/Products/LDAPUserFolder/LDAPDelegate.py", line 365, in search
res = connection.search_s(base, scope, filter, attrs)
File "/home/zenoss/Products/LDAPUserFolder/SharedResource.py", line 115, in __call__
return self._callable(*args, **kw)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 481, in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 789, in search_ext_s
return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 746, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 475, in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2
res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3
rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
result = func(*args,**kwargs)
NO_SUCH_OBJECT: {'info': "0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'OU=Users,OU=COMPANY,DC=COMPANYAD,DC=se'\n", 'matched': 'OU=Users,OU=COMPANY,DC=COMPANYAD,DC=se', 'desc': 'No such object'}
------
2009-10-28T16:17:59 DEBUG event.LDAPUserFolder _lookupuserbyattr: "CN=Björn Jonsson,OU=Users,OU=COMPANY,DC=COMPANYAD,DC=se" lookup fails bound as "ldapuser"
------
2009-10-28T16:17:59 DEBUG event.LDAPUserFolder getUserByAttr: "sAMAccountName=bjuser" not found
------
2009-10-28T16:17:59 DEBUG txn.-1269711952 commit
------
2009-10-28T16:17:59 DEBUG txn.-1269711952 new transaction
------
2009-10-28T16:17:59 DEBUG txn.-1269711952 abort
------
2009-10-28T16:17:59 DEBUG txn.-1269711952 new transaction
------
2009-10-28T16:17:59 DEBUG txn.-1269711952 commit
---snap---

I'm not sure this is a LDAPUserFolder issue, python isn't my home game. If it isn't could you please point me in the right direction and I'll continue my search.

I don't know if it's relevant but this (http://www.openldap.org/lists/openldap-bugs/200207/msg00021.html) very old post talks about using ldap_str2dn and ldap_dn2str to get around this kind of problems.