ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

"incompatible character encoding" with LDAP auth (Bug #1078)


Added by Jérémy Subtil at 2012-07-11 02:07 pm. Updated at 2012-07-15 11:48 am.


Status:Closed Start date:2012-07-11
Priority:Normal Due date:
Assignee:- % Done:

0%

Category:Libraries
Target version:3.3.0
Remote issue URL:http://www.redmine.org/issues/10272 Affected version:3.2.2

Description

Hi there,

I've just encountered the following issue while trying to authenticate with an unregistered LDAP account (with on-the-fly account creation):

ActionView::TemplateError (incompatible character encodings: UTF-8 and ASCII-8BIT) on line #21 of app/views/account/register.rhtml:
18: <% end %>
19:
20: <p><label for="user_firstname"><%=l(:field_firstname)%> <span class="required">*</span></label>
21: <%= text_field 'user', 'firstname'  %></p>
22:
23: <p><label for="user_lastname"><%=l(:field_lastname)%> <span class="required">*</span></label>
24: <%= text_field 'user', 'lastname'  %></p>

    app/views/account/register.rhtml:21:in `concat'
    app/views/account/register.rhtml:21:in `block in _run_rhtml_app47views47account47register46rhtml'
    app/views/account/register.rhtml:3:in `_run_rhtml_app47views47account47register46rhtml'
    app/controllers/account_controller.rb:224:in `onthefly_creation_failed'
    app/controllers/account_controller.rb:148:in `password_authentication'
    app/controllers/account_controller.rb:138:in `authenticate_user'
    app/controllers/account_controller.rb:26:in `login'
    <internal:prelude>:10:in `synchronize'
    /usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/webrick/httpserver.rb:138:in `service'
    /usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/webrick/httpserver.rb:94:in `run'
    /usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/webrick/server.rb:191:in `block in start_thread'

Chiliproject version is 3.2.2.

I fixed the issue by simply upgrading to net-ldap 0.3.1, thanks to Redmine bug #10272.

According to the Gemfile, master and unstable should be affected too.


Associated revisions

Revision 64474802
Added by Jean-Philippe Lang at 2008-04-26 06:55 pm

Fixes custom field filters behaviour (#1078).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1362 e93f8b46-1217-0410-a6f0-8f06a7374b81

Revision a642a1fd
Added by Felix Schäfer at 2012-07-14 09:16 pm

Bump net-ldap #1078

History

Updated by Felix Schäfer at 2012-07-13 08:15 am

Thanks for the report, I'll try to have a look before the WE.

  • Status changed from Open to Ready for review
  • Assignee set to Felix Schäfer
  • Target version set to 3.3.0

Updated by Felix Schäfer at 2012-07-13 11:21 pm

It seems I am unable to get the LDAP example config to work (and I've spent nearly 2 hours with it -_- )

Florian: as you were the one to add the config for the newer OpenLDAPs, could you give me a short sum-up of what I need to do to get the example stuff into a virgin OpenLDAP? I've been trying to test it in a Ubuntu Lucid VM (current vagrant status), I wouldn't mind if we could get it to work on Travis too though :-)

Holger: If Florian doesn't answer early enough, I'm tempted to just bump the lib (it's a minor bump so it should work as before) and see if it makes it through ci.chiliproject.org, which IIRC tests the LDAP parts.

Updated by Florian Mutter at 2012-07-14 12:54 am

Here is the way to do this:

sudo apt-get install openldap ldap-utils

sudo mkdir -p /var/lib/ldap/redmine
sudo chown openldap:openldap /var/lib/ldap/redmine

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f test/fixtures/ldap/slapd_config.ldif
sudo ldapadd -D cn=Manager,dc=redmine,dc=org -w secret -f test/fixtures/ldap/test-ldap.ldif

rake test TEST=test/functional/ldap_auth_sources_controller.rb

I tested this on Ubuntu 11.04 but it should work on newer systems to. Maybe you want to add this to the wiki.

EDIT: The test above was the wrong test. Or maybe both are needed. No Idea. But all tests are running without error. This may be the correct one:

rake test TEST=test/unit/auth_source_ldap_test.rb

Updated by Felix Schäfer at 2012-07-14 11:19 am

Florian Mutter wrote:

Here is the way to do this:

That's in the line of what I tried on Lucid (the package for the openldap server is called slapd, but that's less of a problem), when trying to import the config I get the following error though:

vagrant@lucid32:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /opt/chiliproject/default/current/test/fixtures/ldap/slapd_config.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcDatabase=hdb,cn=config" 
ldap_add: Invalid syntax (21)
    additional info: objectClass: value #1 invalid per syntax

Any idea?

Updated by Florian Mutter at 2012-07-14 11:49 am

You are missing the hdb module. Maybe the switched to bdb by default. You can load that module by putting the following in a ldif file and load it with like the first ldap_add command above:

# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: {0}back_hdb

This should maybe included in the slapd_conf.ldap

Updated by Florian Mutter at 2012-07-14 11:55 am

Sorry wrong script. Use this one

# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb.la

I hope this works.

Updated by Felix Schäfer at 2012-07-14 12:02 pm

Florian Mutter wrote:

I hope this works.

Kind of, I get another error, LDAP seems to be hard… Maybe we could reverse the process? If you have the time, could you grab https://github.com/thegcat/chiliproject-vagrant/ and see if you can get it working there? (once the machine is up with vagrant up, you can just vagrant ssh to get on the machine, the user you are logged in as then has passwordless sudo rights).

After successfully loading the back_hdb.la part, I get:

vagrant@lucid32:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /opt/chiliproject/default/current/test/fixtures/ldap/slapd_config.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcDatabase=hdb,cn=config" 
ldap_add: Other (e.g., implementation specific) error (80)
    additional info: <olcAccess> handler exited with 1

Thanks for your help :-)

Updated by Florian Mutter at 2012-07-14 01:33 pm

Hmm, maybe ldap stored some of the entries in a previous attempt to import the slapd_conf.ldif. If you have nothing els in your ldap you can try apt-get purge slapd; rm -r /var/lib/ldap/redmine; apt-get install slapd and try again. Another way would be ldapmodify but to use this the ldif needs to be updated with something like this:

changetype: modify 
replace: olcAccess

Updated by Felix Schäfer at 2012-07-14 09:13 pm

Still getting:

vagrant@lucid32:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /opt/chiliproject/default/current/test/fixtures/ldap/slapd_config.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcDatabase=hdb,cn=config" 
ldap_add: Other (e.g., implementation specific) error (80)
    additional info: <olcAccess> handler exited with 1

Oh well, I'll wait to see if the CI works with the new lib or not.

Updated by Felix Schäfer at 2012-07-15 11:48 am

The CI run went through, so I'm closing this. Thanks to all involved!

Florian, if you still want to help, we can open a new issue or meet on IRC or something to get this working :-)

  • Assignee deleted (Felix Schäfer)
  • Status changed from Ready for review to Closed

Also available in: Atom PDF