alerta: LDAP Group support not working

Issue Summary LDAP login works, until I set this: LDAP_DOMAINS_GROUP: “{ ‘example.org’: ‘(&(objectClass=group)(cn=API_COE_UDV_VIEW))’ }”

Then I get this error (and isnt’ logged in):

Traceback (most recent call last):
  File "/venv/lib/python3.7/site-packages/alerta/auth/basic_ldap.py", line 89, in login
    resultTypes, results = ldap_connection.result(resultID)
  File "/venv/lib/python3.7/site-packages/ldap/ldapobject.py", line 754, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/venv/lib/python3.7/site-packages/ldap/ldapobject.py", line 758, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/venv/lib/python3.7/site-packages/ldap/ldapobject.py", line 765, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/venv/lib/python3.7/site-packages/ldap/ldapobject.py", line 772, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/venv/lib/python3.7/site-packages/ldap/ldapobject.py", line 338, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/venv/lib/python3.7/site-packages/ldap/compat.py", line 46, in reraise
    raise exc_value
  File "/venv/lib/python3.7/site-packages/ldap/ldapobject.py", line 322, in _ldap_call
    result = func(*args,**kwargs)
ldap.OPERATIONS_ERROR: {'msgtype': 100, 'msgid': 2, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': '000004DC: LdapErr: DSID-0C090A7D, comment:
In order to perform this operation a successful bind must be completed on the connection., data 0, v3839'}

**Environment**
- API version: 8.0.3
- Deployment:Docker on k8s
- Database: Postgres

- Server config:
  Auth enabled? Yes
  Auth provider? LDAP
  Customer views? No
- web UI version: [eg. 8.0.2]

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 17 (17 by maintainers)

Most upvoted comments

Thank you for the offer @satterly - but WTF is up with that gitter.im thing? If I try to login with github - it wants access to groups - where I can’t really read exactly WHAT access it gets… Why should it ask for ANYTHING beyond my username+email ? If I choose gitlab - its even worse: “Access the authenticated user’s API Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry.”

  • no way I’m going to grant gitter full write access to my gitlab account. and using twitter - it wants to read all my posts, blacklists etc… again WTF

and I have ZERO options for creating my own user - just auth’ed via email as normal.

Do they not want users - or do they purposely NOT want to live up to GDPR - the above is a STRICT violation of the GDPR (EU regulation)… as an EU citizen I cannot accept any of those options (I’ve posted to them about it on twitter to start with)… I ended up taking the docker-alerta Dockefile and adjust and copy in a few files to alerta repo - to build a workable docker image with the helm chart

I did do a docker login with my github account and an access token… found the reason - when you copy paste token password it gives you a neat little space in front… 😃