Need help on an LDAP-related error

[ab1g17]

Hello,

my current LDAP config is:
INVENTREE_LDAP_ENABLED=True
INVENTREE_LDAP_SERVER_URI=ldap://server
INVENTREE_LDAP_BASE_DN=DC=central,DC=corp,DC=com
INVENTREE_LDAP_BIND_DN='CN=serviceaccount,OU=Users,OU=Or,DC=central,DC=corp,DC=com'
INVENTREE_LDAP_BIND_PASSWORD='pass'
INVENTREE_LDAP_START_TLS=False
INVENTREE_LDAP_DEBUG=True

The error I get is server error 500 internal error, and the logs say:
Binding as CN=,serviceaccount,OU=Users,OU=Or,DC=central,DC=corp,DC=com
Binding as CN=,serviceaccount,OU=Users,OU=Or,DC=central,DC=corp,DC=com
Invoking search_s('None', 2, '(uid= john.doe)')
Invoking search_s('None', 2, '(uid= john.doe)')
search_ext() argument 1 must be str, not None while authenticating john.doe
search_ext() argument 1 must be str, not None while authenticating john.doe

Using direct bind with the INVENTREE_LDAP_USER_DN_TEMPLATE option works, but that way I am forced to choose a DN template and not all users of the app have the same one. Also I could not get that option to work using the samaccountname, only with commonName

Reproducing the same logic but with a ldap command line search tool (ldapvi), searching the same base DN, using the same binding DN, works as expected and I am able to search for users.

Any thoughts?

[ab1g17]

In case full trace helps:

Loading config file : /home/inventree/data/config.yaml
Python version 3.11.9 - /usr/local/bin/python
[LDAP] ldap.global_options = {}
/root/.local/lib/python3.11/site-packages/allauth/exceptions.py:9: UserWarning: allauth.exceptions is deprecated, use allauth.core.exceptions
warnings.warn("allauth.exceptions is deprecated, use allauth.core.exceptions")
Not all required settings for adding a user on startup are present:
INVENTREE_ADMIN_USER, INVENTREE_ADMIN_EMAIL, INVENTREE_ADMIN_PASSWORD
10.89.0.26 - - [22/Oct/2024:07:27:31 +0000] "GET /accounts/login/ HTTP/1.1" 200 8466 "obfuscated-hostname.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0"
Binding as CN=,serviceaccount,OU=Users,OU=Or,DC=central,DC=corp,DC=com
Binding as CN=,serviceaccount,OU=Users,OU=Or,DC=central,DC=corp,DC=com
Invoking search_s('None', 2, '(uid= john.doe)')
Invoking search_s('None', 2, '(uid= john.doe)')
search_ext() argument 1 must be str, not None while authenticating john.doe
search_ext() argument 1 must be str, not None while authenticating john.doe
/root/.local/lib/python3.11/site-packages/django/db/models/fields/init.py:1535: RuntimeWarning: DateTimeField NotificationEntry.updated received a naive datetime (2024-10-21 00:00:00) while time zone support is active.
warnings.warn(
Internal Server Error: /accounts/login/
Traceback (most recent call last):
File "/root/.local/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
response = get_response(request)
^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/views/generic/base.py", line 104, in view
return self.dispatch(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/utils/decorators.py", line 46, in _wrapper
return bound_method(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/allauth/decorators.py", line 12, in wrap
resp = function(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/utils/decorators.py", line 46, in _wrapper
return bound_method(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/views/decorators/debug.py", line 92, in sensitive_post_parameters_wrapper
return view(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/utils/decorators.py", line 46, in _wrapper
return bound_method(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/views/decorators/cache.py", line 62, in _wrapper_view_func
response = view_func(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/allauth/account/views.py", line 84, in dispatch
return super().dispatch(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/allauth/account/mixins.py", line 40, in dispatch
response = super().dispatch(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/views/generic/base.py", line 143, in dispatch
return handler(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/allauth/account/mixins.py", line 68, in post
if form.is_valid():
^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/forms/forms.py", line 201, in is_valid
return self.is_bound and not self.errors
^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/forms/forms.py", line 196, in errors
self.full_clean()
File "/root/.local/lib/python3.11/site-packages/django/forms/forms.py", line 434, in full_clean
self._clean_form()
File "/root/.local/lib/python3.11/site-packages/django/forms/forms.py", line 455, in _clean_form
cleaned_data = self.clean()
^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/allauth/account/forms.py", line 177, in clean
user = adapter.authenticate(self.request, **credentials)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/allauth/account/adapter.py", line 669, in authenticate
user = authenticate(request, **credentials)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/views/decorators/debug.py", line 42, in sensitive_variables_wrapper
return func(*func_args, **func_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/contrib/auth/init.py", line 77, in authenticate
user = backend.authenticate(request, **credentials)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 149, in authenticate
user = self.authenticate_ldap_user(ldap_user, password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 207, in authenticate_ldap_user
return ldap_user.authenticate(password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 349, in authenticate
self._authenticate_user_dn(password)
File "/root/.local/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 479, in _authenticate_user_dn
if self.dn is None:
^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 444, in dn
self._load_user_dn()
File "/root/.local/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 517, in _load_user_dn
self._user_dn = self._search_for_user_dn()
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 552, in _search_for_user_dn
return cache.get_or_set(
^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django/core/cache/backends/base.py", line 228, in get_or_set
default = default()
^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 540, in _search_for_user
results = search.execute(self.connection, {"user": self._username})
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/django_auth_ldap/config.py", line 205, in execute
results = connection.search_s(
^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/ldap/ldapobject.py", line 631, in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/ldap/ldapobject.py", line 624, in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/ldap/ldapobject.py", line 614, in search_ext
return self._ldap_call(
^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.11/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
result = func(*args,**kwargs)
^^^^^^^^^^^^^^^^^^^^
TypeError: search_ext() argument 1 must be str, not None

[ab1g17]

Just had a meeting about this with our LDAP expert, and he's stumped as well. Any ideas, anyone? We might have to give up on this app if we cant get this to work. Thanks!

[matmair]

Maybe @wolflu05 can help, he introduced the option

[wolflu05]

Sorry, I have never seen this error. Seems like something is wrong. There should be something else than 'None', but no idea why. (I'm not using LDAP anymore, I switched to oauth.)

[ab1g17]

I have managed to fix this

The new config:
INVENTREE_LDAP_ENABLED=True
INVENTREE_LDAP_SERVER_URI=ldap://server
INVENTREE_LDAP_BASE_DN=DC=central,DC=corp,DC=com
INVENTREE_LDAP_START_TLS=False
INVENTREE_LDAP_DEBUG=True
INVENTREE_LDAP_USER_DN_TEMPLATE=

Adding the INVENTREE_LDAP_USER_DN_TEMPLATE option but leaving it empty did the trick. Not providing that info forces it to search in the Base DN. I think that by providing that info, you make the INVENTREE_LDAP_BASE_DN redundant, as it never felt the need to use it. This way, with the info left out, it searches the entire base as it should.
Honestly this seems more like a bug than a feature. I've never before encountered a config issue which is fixed by adding an option and purposefully leaving it empty. The app should know to use the INVENTREE_LDAP_BASE_DN if it is unsuccessful using the INVENTREE_LDAP_USER_DN_TEMPLATE. Or, at the very least, the INVENTREE_LDAP_USER_DN_TEMPLATE default value should be empty so by leaving it out completely, the config would work. This was in fact something I tried during troubleshooting but was unsuccessful because the app filled it with a default value that still prevented it from working. Only explicitly leaving it empty works.