Created
January 15, 2015 12:41
-
-
Save psteinb/a822fbec3f62b35f3282 to your computer and use it in GitHub Desktop.
indico fails upon login through LDAP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| excerpt from indico.log: | |
| 2015-01-15 11:51:40,939 indico.requestHandler: INFO - Request <IndicoRequest 'https://indico.mpi-cbg.de/indico/user/login' [POST]> finished with TypeError: "bind_s() argument after * must be a sequence, not NoneType" | |
| 2015-01-15 11:52:56,844 indico.wsgi : ERROR - Connection unexpectedly closed | |
| Traceback (most recent call last): | |
| File "/usr/local/lib/python2.7/dist-packages/Flask-0.10-py2.7.egg/flask/app.py", line 1475, in full_dispatch_request | |
| rv = self.dispatch_request() | |
| File "/usr/local/lib/python2.7/dist-packages/Flask-0.10-py2.7.egg/flask/app.py", line 1461, in dispatch_request | |
| return self.view_functions[rule.endpoint](**req.view_args) | |
| File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/indico/web/flask/util.py", line 87, in wrapper | |
| return obj(None).process(params) | |
| File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/webinterface/rh/errors.py", line 65, in process | |
| self._sendReport() | |
| File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/webinterface/rh/errors.py", line 60, in _sendReport | |
| GenericMailer.send(GenericNotification(maildata), skipQueue=True) | |
| File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/common/mail.py", line 51, in send | |
| cls._send(mailData) | |
| File "/usr/local/lib/python2.7/dist-packages/indico-1.2-py2.7.egg/MaKaC/common/mail.py", line 119, in _send | |
| server=smtplib.SMTP(*Config.getInstance().getSmtpServer()) | |
| File "/usr/lib/python2.7/smtplib.py", line 249, in __init__ | |
| (code, msg) = self.connect(host, port) | |
| File "/usr/lib/python2.7/smtplib.py", line 310, in connect | |
| (code, msg) = self.getreply() | |
| File "/usr/lib/python2.7/smtplib.py", line 361, in getreply | |
| raise SMTPServerDisconnected("Connection unexpectedly closed") | |
| SMTPServerDisconnected: Connection unexpectedly closed | |
| 2015-01-15 11:55:53,354 indico.requestHandler: INFO - [pid=15532] from host 10.1.251.33 | |
| 2015-01-15 12:00:53,390 indico.upcoming_events: INFO - Regenerated upcoming event cache | |
| my LDAP indico.conf: | |
| #-------------------------- | |
| # Indico configuration file | |
| #-------------------------- | |
| # | |
| # This file is read on Apache startup. If you change any value you will need to | |
| # restart Apache afterwards to have its changes take effect. | |
| # | |
| # Lines starting with "#" are comments and they will be ignored by Indico. | |
| #------------------------------------------------------------------------------ | |
| # ZODB | |
| #------------------------------------------------------------------------------ | |
| DBConnectionParams = ('localhost', 9675) | |
| DBUserName = "" | |
| DBPassword = "" | |
| DBRealm = "" | |
| #------------------------------------------------------------------------------ | |
| # REDIS | |
| #------------------------------------------------------------------------------ | |
| # To enable redis, specify a valid redis connection string here. | |
| # Example: redis://unused:password@localhost:6379/0 | |
| # You also need to install the python redis client (pip install redis hiredis) | |
| # Note that the Redis server needs to run at least Redis 2.6 with LUA support. | |
| #RedisConnectionURL = None | |
| #------------------------------------------------------------------------------ | |
| # SECURITY | |
| #------------------------------------------------------------------------------ | |
| # Possible values of SanitizationLevel: | |
| # 0: Escape all HTML tags | |
| # 1: Raise error if styles are used | |
| # 2: Raise error if SCRIPT tag is used | |
| # 3: No input filtering is done (DANGEROUS!) | |
| SanitizationLevel = 2 | |
| # AuthenticatedEnforceSecure controls whether HTTPS should be enforced for | |
| # authentication and while logged in. | |
| AuthenticatedEnforceSecure = "yes" | |
| # Possible values of CSRFLevel: | |
| # 0: Disable all CSRF checks (DANGEROUS!) | |
| # 1: Check CSRF token for service requests | |
| # 2: Check CSRF token for service requests and cookie-based API requests | |
| # 3: The above & require an empty or valid referer for normal POST requests | |
| CSRFLevel = 2 | |
| #------------------------------------------------------------------------------ | |
| # Development | |
| #------------------------------------------------------------------------------ | |
| # You can force a certain number of (simulated) database conflicts on every | |
| # by setting ForceConflicts to the number of conflict errors you want: | |
| #ForceConflicts = 0 | |
| # | |
| # You can cause all error-like exceptions (i.e. not something like AccessError) | |
| # to be propagated outside the Indico WSGI app by enabling this option. This has | |
| # the advantage of triggering the Werkzeug debugger of the embedded server even | |
| # in case of e.g. a MaKaCError. | |
| #PropagateAllExceptions = False | |
| #------------------------------------------------------------------------------ | |
| # URLs | |
| #------------------------------------------------------------------------------ | |
| # BaseURL is the url where Indico will be accessed: | |
| BaseURL = "http://indico.mpi-cbg.de/indico" | |
| # BaseSecureURL is the HTTPS location of Indico. Set empty string if you want to use http. | |
| BaseSecureURL = "https://indico.mpi-cbg.de/indico" | |
| # If you are using a custom user authentication system (see below) uncomment | |
| # the following lines and specify the new URLs. | |
| # | |
| # LoginURL = "" | |
| # RegistrationURL = "" | |
| # Support the old mod_python-style URLs (conferenceDisplay.py?confId=123 etc.) by redirecting | |
| # them to their new URL. | |
| #RouteOldUrls = False | |
| #------------------------------------------------------------------------------ | |
| # DIRECTORIES | |
| #------------------------------------------------------------------------------ | |
| ArchiveDir = "/opt/indico/archive" | |
| BinDir = "/opt/indico/bin" | |
| ConfigurationDir = "/opt/indico/etc" | |
| DocumentationDir = "/opt/indico/doc" | |
| HtdocsDir = "/opt/indico/htdocs" | |
| LogDir = "/opt/indico/log" | |
| UploadedFilesTempDir = "/opt/indico/tmp" | |
| XMLCacheDir = "/opt/indico/cache" | |
| # You can use 'redis', 'memcached' or 'files'. The files backend caches objects in | |
| # XMLCacheDir while the Memcached backend uses one or more memcached servers. | |
| #CacheBackend = 'files' | |
| # When using memcached, provide a tuple containing 'ip:port' entries for the | |
| # memcached servers. Do not forget to firewall those servers as memcached has no | |
| # authentication at all! | |
| #MemcachedServers = ('127.0.0.1:11211',) | |
| # When using redis, provide a redis connection string for the Redis server. | |
| #RedisCacheURL = 'redis://unused:password@localhost:6379/1' | |
| #------------------------------------------------------------------------------ | |
| # SMTP | |
| #------------------------------------------------------------------------------ | |
| # SmtpServer = ('mail.mpi-cbg.de', 465) | |
| # SmtpLogin = "steinbac" | |
| # SmtpPassword = "XXXXX" | |
| # # If your SMTP server is using TLS write "yes", otherwise write "no" | |
| # SmtpUseTLS = "no" | |
| #------------------------------------------------------------------------------ | |
| # EMAIL ADDRESSES | |
| #------------------------------------------------------------------------------ | |
| # SupportEmail is the email address where all automatically generated | |
| # application errors will be sent to. | |
| SupportEmail = "[email protected]" | |
| # PublicSupportEmail is an email address that will be shown in Indico and where | |
| # users are expected to find help when they have using the website. | |
| PublicSupportEmail = "[email protected]" | |
| # NoReplyEmail is the email address showed when we do not want the users to answer | |
| # an automatically generated email. | |
| NoReplyEmail = "[email protected]" | |
| #------------------------------------------------------------------------------ | |
| # FILE UPLOAD | |
| #------------------------------------------------------------------------------ | |
| # Here you can limit the maximum size of all the uploaded files (in MB) in a | |
| # request | |
| # default: 0 (unlimited) | |
| MaxUploadFilesTotalSize = 0 | |
| # Here you can limit the maximum size of an uploaded file (in MB) | |
| # default: 0 (unlimited) | |
| MaxUploadFileSize = 0 | |
| #------------------------------------------------------------------------------ | |
| # FILE CONVERSION | |
| #------------------------------------------------------------------------------ | |
| # Indico has an interface to interact with an external file conversion system | |
| # to convert from some formats to others but right now there is no publicly | |
| # available file conversion software. | |
| # | |
| # If you are interested in this feature please contact us at: | |
| # [email protected] | |
| # | |
| # FileConverter = {"conversion_server": "localhost", "response_url": "http://localhost/conversion-finished"} | |
| #------------------------------------------------------------------------------ | |
| # STATIC FILE DELIVERY | |
| #------------------------------------------------------------------------------ | |
| # Indico supports the use of the X-Sendfile and X-Accel-Redirect headers: | |
| # | |
| # http://blog.lighttpd.net/articles/2006/07/02/x-sendfile | |
| # http://wiki.nginx.org/X-accel | |
| # | |
| # If your webserver supports this feature and you want to activate it, | |
| # you should enable it here | |
| # | |
| # X-Sendfile (apache with mod_xsendfile, lighttpd): | |
| # StaticFileMethod = 'xsendfile' | |
| # | |
| # X-Accel-Redirect (nginx): | |
| # StaticFileMethod = ('xaccelredirect', { | |
| # '/opt/indico/archive': '/.xsf/archive', | |
| # '/opt/indico/cache': '/.xsf/cache', | |
| # '/opt/indico/htdocs': '/.xsf/htdocs' | |
| # }) | |
| # Because of the way nginx works (using URLs instead of paths) you also need to map the .xsf urls to | |
| # the paths in your nginx config (for each entry in the dict above): | |
| # location /.xsf/archive/ { | |
| # internal; | |
| # alias /opt/indico/archive/; | |
| # } | |
| # DO NOT forget the "internal;" statement - it prevents users from accessing those URLs directly. | |
| #StaticFileMethod = None | |
| #------------------------------------------------------------------------------ | |
| # AUTHENTICATION | |
| #------------------------------------------------------------------------------ | |
| # Indico ships with a fully working user authentication system (Local) but you | |
| # can use an external system. | |
| # | |
| # If you want to have all users authenticate only to an external user management | |
| # system (for example: MyAuthSystem) you should write: | |
| # | |
| # AuthenticatorList = [('MyAuthSystem', {})] | |
| # | |
| # Where the second element of the tuple is a dictionary with the configuration. | |
| # | |
| # If you want to authenticate users against more than one authentication system | |
| # you can write them like this (systems will be queried about users from left | |
| # to right): | |
| # | |
| # AuthenticatorList = [('Local', {}), ('LDAP', {}), ('MyAuthSystem', {})] | |
| # | |
| # If you want to setup SSO in your authenticator you should setup the variable | |
| # SSOActive to True. | |
| # | |
| # AuthenticatorList = [('MyAuthSystem', {'SSOActive': True})] | |
| # | |
| # You can also can configure the mapping of the SSO attributes with the variable SSOMapping. An example: | |
| # | |
| # AuthenticatorList = [ ('Local', {}), | |
| # ('MyAuthSystem', {'SSOActive': True, | |
| # 'LogoutCallbackURL': 'https://example.com/wsignout', | |
| # 'SSOMapping': { 'email': 'ADFS_EMAIL', | |
| # 'login': 'ADFS_LOGIN', | |
| # 'personId': 'ADFS_PERSONID', | |
| # 'phone': 'ADFS_PHONENUMBER', | |
| # 'fax': 'ADFS_FAXNUMBER', | |
| # 'lastname': 'ADFS_LASTNAME', | |
| # 'firstname': 'ADFS_FIRSTNAME', | |
| # 'institute': 'ADFS_HOMEINSTITUTE'}, | |
| # 'ResetPasswordMessage': 'Please contact helpdesk or access this url: http://example.com' | |
| # })] | |
| # | |
| # | |
| # Please note that some authentication systems may require extra dependency libs. | |
| # For instance, for LDAP authentication, you will also need to install the python-ldap lib: | |
| # | |
| # $ pip install python-ldap | |
| # | |
| # | |
| # As an example if you want to setup the LDAP Authenticator you should define as following: | |
| # | |
| # AuthenticatorList = [('LDAP', {# by default the port is 389 if you do not specify. | |
| # 'uri': '[ldap|ldaps]://myldapserver.example.com:port', | |
| # | |
| # # use TLS (do so, if your server allows) | |
| # 'useTLS': True, | |
| # | |
| # # filter parameters for users, base DN to use | |
| # 'peopleDNQuery': ('uid={0}', 'DC=example,DC=com'), | |
| # | |
| # # filter parameters for groups, base DN to use | |
| # 'groupDNQuery': ('cn={0}', 'OU=Groups,DC=example,DC=com'), | |
| # | |
| # # SLAPD or ActiveDirectory | |
| # 'groupStyle': 'SLAPD', | |
| # | |
| # # access credentials of a user with read access | |
| # 'accessCredentials': ('CN=user,OU=Users,DC=example,DC=com','secret_password') | |
| # | |
| # # custom user filter | |
| # 'customUserFilter': "(objectCategory=user)" | |
| # } | |
| # | |
| # | |
| # The default configuration will use only Indico's authentication system. | |
| AuthenticatorList = [('LDAP', {'peopleDNQuery': ('cn={0}', 'CN=users,DC=ldap-srv1,DC=mpi-cbg,DC=de'), 'groupDNQuery': ('cn={0}', 'CN=groups,DC=ldap-srv1,DC=mpi-cbg,DC=de'), 'uri': 'ldap://10.1.2.19', 'groupStyle': 'SLAPD', 'useTLS': False})] | |
| # If you only want to allow users to login via SSO you can disable the normal login page. | |
| # DisplayLoginPage = True | |
| # Sessions are only stored for a certain time. You can modify the duration here. By setting | |
| # the lifetime to 0 the cookie will expire when the browser is closed. | |
| # SessionLifetime = 86400 * 31 | |
| #------------------------------------------------------------------------------ | |
| # OFFLINE WEBSITE PACKAGES CREATION | |
| #------------------------------------------------------------------------------ | |
| # Indico allows users to download their event so they can run it offline. | |
| # | |
| # The OfflineStore variable points to a directory that Indico will use to store | |
| # the offline website packages. | |
| # | |
| # If the OfflineStore variable is not set, the functionality will be disabled. | |
| # | |
| # OfflineStore = "/opt/indico/archive" | |
| #------------------------------------------------------------------------------ | |
| # LATEX/PDF GENERATION | |
| #------------------------------------------------------------------------------ | |
| # Set the path to pdflatex if it's not within PATH: | |
| # PDFLatexProgram = 'pdflatex' | |
| # | |
| # In strict mode, a non-zero status code is considered failure. Disable this if | |
| # you have old contributions that contain invalid LaTeX and you prefer possibly | |
| # weird-looking PDFs over an error and no PDF at all. | |
| # StrictLatex = True | |
| #------------------------------------------------------------------------------ | |
| # OAUTH PARAMETERS | |
| #------------------------------------------------------------------------------ | |
| # Time to live of the OAuth Tokens | |
| OAuthAccessTokenTTL = 10000 | |
| #------------------------------------------------------------------------------ | |
| # INDICO MOBILE | |
| #------------------------------------------------------------------------------ | |
| # If you have an installation of the mobile version of Indico, you can enable the | |
| # notification that encourages its usage when the user accesses the Desktop Indico | |
| # from a mobile device. One only needs to add the URL of Indico mobile here: | |
| # MobileURL = "http://m.indico.your.domain" | |
| ShortEventTag = 'event/' | |
| ExportACL = {} | |
| CssStylesheetName = 'Default' | |
| ShortCategTag = 'categ/' | |
| ApacheGroup = 'www-data' | |
| UseXSendFile = 'no' | |
| ApacheUser = 'www-data' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment