flask-multipass
flask-multipass copied to clipboard
indico
`Unexpected Exception occurred at X: 'group_base'`
One user is now actively using our Indico installation based on
$ git log --no-decorate --oneline -1
c6b5a3042a Fix showing nonbookable period outside admin UI
Just now, the logger sent the log below:
Unexpected Exception occurred at platsch.molgen.mpg.de: 'group_base'
2022-06-30 18:10:35,693 cddddabd26354a15 2 indico.flask - ERROR errors.py:110 -- 'group_base'
Traceback (most recent call last):
File "/project/indico/home/.local/lib/python3.9/site-packages/flask/app.py", line 1523, in full_dispatch_request
rv = self.dispatch_request()
File "/project/indico/home/.local/lib/python3.9/site-packages/flask/app.py", line 1509, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/project/indico/home/.local/lib/python3.9/site-packages/indico/web/flask/util.py", line 79, in wrapper
return obj().process()
File "/project/indico/home/.local/lib/python3.9/site-packages/indico/web/rh.py", line 281, in process
res = self._do_process()
File "/project/indico/home/.local/lib/python3.9/site-packages/indico/web/rh.py", line 252, in _do_process
rv = self._process()
File "/project/indico/home/.local/lib/python3.9/site-packages/webargs/core.py", line 452, in wrapper
return func(*args, **kwargs)
File "/project/indico/home/.local/lib/python3.9/site-packages/indico/modules/groups/controllers.py", line 158, in _process
groups = GroupProxy.search(name, exact=exact)
File "/project/indico/home/.local/lib/python3.9/site-packages/indico/modules/groups/core.py", line 115, in search
result |= {GroupProxy(g.name, g.provider.name, _group=g)
File "/project/indico/home/.local/lib/python3.9/site-packages/indico/modules/groups/core.py", line 115, in <setcomp>
result |= {GroupProxy(g.name, g.provider.name, _group=g)
File "/project/indico/home/.local/lib/python3.9/site-packages/flask_multipass/core.py", line 437, in search_groups
yield from provider.search_groups(name, exact=exact)
File "/project/indico/home/.local/lib/python3.9/site-packages/flask_multipass/providers/ldap/providers.py", line 232, in search_groups
for group_dn, group_data in self._search_groups(search_filter):
File "/project/indico/home/.local/lib/python3.9/site-packages/flask_multipass/providers/ldap/providers.py", line 182, in _search_groups
return search(self.ldap_settings['group_base'], search_filter, attributes=[self.ldap_settings['gid']])
KeyError: 'group_base'
{'data': {'get': {'name': 'Organisators'},
'headers': {'Accept': 'application/json, text/plain, */*',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'fr-FR,fr;q=0.9',
'Cookie': 'XXX',
'Host': 'events.molgen.mpg.de',
'Referer': 'https://events.molgen.mpg.de/event/1/manage/protection',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X '
'10_15_7) AppleWebKit/605.1.15 (KHTML, '
'like Gecko) Version/15.5 Safari/605.1.15',
'X-Csrf-Token': '93165c3d-f87f-4e44-8215-66dfab63006e',
'X-Requested-With': 'XMLHttpRequest'},
'json': None,
'post': {},
'url': {}},
'endpoint': 'groups.group_search',
'id': 'cddddabd26354a15',
'ip': 'XXX'
'method': 'GET',
'referrer': 'https://events.molgen.mpg.de/event/1/manage/protection',
'rh': 'RHGroupSearch',
'time': '2022-06-30T18:10:35.819807',
'url': 'https://events.molgen.mpg.de/groups/api/search?name=Organisators',
'user': {'email': '[[email protected]](mailto:[email protected])',
'id': 2,
'name': 'XXX'},
'user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) '
'AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 '
'Safari/605.1.15'}
We do not maintain a group field in LDAP, and configured it like below:
LOCAL_IDENTITIES = False
_ldap_config = {
'uri': 'ldaps://ldap.molgen.mpg.de',
'bind_dn': 'cn=indico,dc=ldap,dc=apps,dc=molgen,dc=mpg,dc=DE',
'bind_password': 'X',
'timeout': 30,
'verify_cert': True,
'page_size': 1500,
'uid': 'uid',
'user_base': 'dc=user,dc=apps,dc=molgen,dc=mpg,dc=de',
'user_filter': '(objectClass=molgenUser)',
}
AUTH_PROVIDERS = {
'ldap': {
'type': 'ldap',
'title': 'LDAP',
'ldap': _ldap_config,
'default': True
}
}
IDENTITY_PROVIDERS = {
'ldap': {
'type': 'ldap',
'title': 'LDAP',
'ldap': _ldap_config,
'mapping': {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail',
},
'trusted_email': True,
'synced_fields': {'first_name', 'last_name'}
}
}
Try setting that key to something that will never match anything. Adding an option to use this without groups would be useful nonetheless though.
Please excuse my ignorance. What key do you mean? (I do not know, what the user did, and just got the trace via email.)
ah sorry, the error happens when the ldap config dict in indico.conf doesn't have a group_base key.
The user went to an event's protection page and searched for a group to add to the ACL.
PS: You always need to remove indico_session when posting a full error report. Otherwise someone can take over that user's Indico account! I also removed the full name of your user from the error report (since you already censored the email address but not the name)