Page MenuHomePhabricator
Create Task
Maniphest T201490

ldap tool 500s on group wmf
Closed, ResolvedPublic
Actions

Description

[not sure about tags, please reroute as needed]

Tried listing wmf group ldap members, but the ldap tool 500s: https://tools.wmflabs.org/ldap/group/wmf

Related Objects

Event Timeline

fgiunchedi created this task.Aug 8 2018, 8:43 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 8 2018, 8:43 AM
Legoktm added a comment.Aug 9 2018, 5:51 AM
[2018-08-08 08:59:25,264] ERROR in app: Exception on /group/wmf [GET]
Traceback (most recent call last):
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/data/project/ldap/www/python/src/app.py", line 71, in group
    members=members
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/flask/templating.py", line 134, in render_template
    context, ctx.app)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/flask/templating.py", line 116, in _render
    rv = template.render(context)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 1008, in render
    return self.environment.handle_exception(exc_info, True)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 780, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/data/project/ldap/www/python/src/templates/group.html", line 12, in top-level template code
    {% for member in members %}
  File "/data/project/ldap/www/python/src/app.py", line 46, in member_list
    info = member_info(conn, member_dn, attrlist=['cn', 'uid'])
  File "/data/project/ldap/www/python/src/app.py", line 54, in member_info
    return conn.search_s(member_dn, ldap.SCOPE_BASE, '(objectclass=*)', attrlist=attrlist)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 597, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 591, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 503, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 507, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/data/project/ldap/www/python/venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
NO_SUCH_OBJECT: {'matched': 'ou=people,dc=wikimedia,dc=org', 'desc': 'No such object'}

Hmmmm.

Legoktm added a comment.Aug 9 2018, 5:53 AM

I think NO_SUCH_OBJECT means that there's a user in the wmf ldap group that doesn't actually exist?

Legoktm mentioned this in rTLDAPb35b29e71425: Implement some better error handling in group/.Aug 9 2018, 6:00 AM
Legoktm added a comment.Aug 9 2018, 6:01 AM

uid=patspena,ou=people,dc=wikimedia,dc=org is in the wmf ldap group, but don't appear to have an ldap account?

Legoktm closed this task as Resolved.Aug 9 2018, 6:06 AM
Legoktm claimed this task.
Legoktm mentioned this in T199557: LDAP access to the wmf group for Pats Pena.
In T201490#4490607, @Legoktm wrote:

uid=patspena,ou=people,dc=wikimedia,dc=org is in the wmf ldap group, but don't appear to have an ldap account?

I re-opened T199557: LDAP access to the wmf group for Pats Pena for this.

The group listing now works, albeit with broken <Unknown user> links for users it can't look up. I think that's the best we can do for now?

Krenair set Security to Software security bug.Aug 9 2018, 11:46 AM
Krenair added a project: acl*security.
Krenair changed the visibility from "Public (No Login Required)" to "Custom Policy".
Krenair subscribed.
Krenair added a comment.Aug 9 2018, 11:48 AM

(moved into security, see linked task)

Legoktm removed a project: acl*security.Aug 9 2018, 5:06 PM
Legoktm changed the visibility from "Custom Policy" to "Public (No Login Required)".
Restricted Application added a project: acl*security. · View Herald TranscriptAug 9 2018, 5:07 PM
Legoktm removed a project: acl*security.Aug 9 2018, 5:07 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL