Awx: [RFE] Better doc on ldap config

Created on 15 Apr 2018 · 9Comments · Source: ansible/awx

ISSUE TYPE

Documentation

COMPONENT NAME

SUMMARY

To verify AWX LDAP config code via public ldap test server connection.

ENVIRONMENT

AWX version: 1.0.5.23
- AWX version 1.0.6.1 can't save the ldap setting either.
AWX install method: docker on linux
Ansible version: 2.5.0
Operating System: CentOS 7.4
Web Browser: Chrome

STEPS TO REPRODUCE

make sure centos 7 can do a ldap query on ldap server hosted in R2.
Make sure all AWX containers are running like following

-bash-4.2# docker ps -a
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                                                 NAMES
ee8a11116705        ansible/awx_task:latest      "/tini -- /bin/sh ..."   17 hours ago        Up 11 hours         8052/tcp                                              awx_task
9983de56953f        ansible/awx_web:latest       "/tini -- /bin/sh ..."   17 hours ago        Up 17 hours         0.0.0.0:80->8052/tcp                                  awx_web
777c40f8a906        memcached:alpine             "docker-entrypoint..."   17 hours ago        Up 17 hours         11211/tcp                                             memcached
120793589bdd        ansible/awx_rabbitmq:3.7.4   "docker-entrypoint..."   17 hours ago        Up 17 hours         4369/tcp, 5671-5672/tcp, 15671-15672/tcp, 25672/tcp   rabbitmq
18566213529e        postgres:9.6                 "docker-entrypoint..."   17 hours ago        Up 17 hours         5432/tcp                                              postgres
-bash-4.2#

enter following setting in LDAP default

ldap server uri:
ldap://ldap.forumsys.com:389

ldap bind dn:
cn=read-only-admin,dc=example,dc=com

ldap bind password:
password

ldap user dn template:
blank

ldap group type:
GroupOfNamesType

ldap require group:
blank

ldap deny group:
blank

ldap start tls:
off

ldap user search:

[
"DC=example,DC=com", "SCOPE_SUBTREE", "(uid=%(user)s)"
]

ldap group search:

[
"DC=example,DC=com", "SCOPE_SUBTREE", "(objectClass=group)" 
]


ldap user attribute map:
{ "first_name": "givenName", "last_name": "sn", "email": "mail" }

ldap user flags by group:
{ "is_superuser": "CN=read-only-admin,DC=example,DC=com" }

ldap organization map:  for Dev box, organization is "Default" by default.

{
  "Default": {
   "admins": "CN= Admins,ou=admins,dc=example,dc=com",
   "remove_admins": false,
   "remove_users": false,
   "users": [
    "CN= Scientists,ou=scientists,dc=example,dc=com”
   ]
  }
}

ldap team map:
blank

Saved the ldap config to default ldap profile and logout admin account.

EXPECTED RESULTS

ldap setting saved if there is missed configured via.
able to login as any user in R2.
If will be great to have "validate" button(to validate ldap setting live) in ldap config tab.

ACTUAL RESULTS

after re-login as admin the original ldap login config is gone.

ADDITIONAL INFORMATION

Please make sure existing code base can use ldap server in R2
And document the ldap settings.
References:
ScreenShots:
- Organization name

ui medium needs_devel enhancement

Source

tjyang

👍2

All 9 comments

ldap config has to be 100% CORRECT like following two screenshots !!

correct ldap.forum.com config 01

correct ldap.forum.com config 02
save ldap config(looks like it save it but it didn't).
logout admin
log in admin again and go to setting->ldap, when asked if you want to have changes, say yes.
now I am able to see ldap config with ldap.forumsys.com.

tjyang on 25 Apr 2018

👎1 👍1

I'm able to reproduce this issue too, when trying to click "save" in UI. AWX_WEB produces the following error and does not save settings!

return super(AWXWSGIHandler, self)._legacy_get_response(request) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 249, in _legacy_get_response response = self._get_response(request) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in _get_response response = self.process_exception_by_middleware(e, request) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 185, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/utils/decorators.py", line 185, in inner return func(*args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view return view_func(*args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/views/generic/base.py", line 68, in view return self.dispatch(request, *args, **kwargs) File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 284, in dispatch return super(APIView, self).dispatch(request, *args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 494, in dispatch response = self.handle_exception(exc) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 454, in handle_exception self.raise_uncaught_exception(exc) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 491, in dispatch response = handler(request, *args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/generics.py", line 260, in patch return self.partial_update(request, *args, **kwargs) File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 745, in partial_update return super(RetrieveUpdateAPIView, self).partial_update(request, *args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/mixins.py", line 84, in partial_update return self.update(request, *args, **kwargs) File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 741, in update return super(RetrieveUpdateAPIView, self).update(request, *args, **kwargs) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/mixins.py", line 69, in update serializer.is_valid(raise_exception=True) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 236, in is_valid self._validated_data = self.run_validation(self.initial_data) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 435, in run_validation value = self.to_internal_value(data) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 465, in to_internal_value validated_value = field.run_validation(primitive_value) File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/fields.py", line 523, in run_validation value = self.to_internal_value(data) File "/usr/lib/python2.7/site-packages/awx/conf/serializers.py", line 57, in to_internal_value obj = super(SettingFieldMixin, self).to_internal_value(value) File "/usr/lib/python2.7/site-packages/awx/sso/fields.py", line 401, in to_internal_value return cls(**params_sanitized) TypeError: __init__() takes at least 2 arguments (2 given) [pid: 32|app: 0|req: 12/119] 10.2.97.64 () {48 vars in 2485 bytes} [Wed Apr 25 18:34:14 2018] PATCH /api/v2/settings/all/ => generated 41 bytes in 455 msecs (HTTP/1.1 500) 5 headers in 177 bytes (1 switches on core 0)

mneumarkidg on 25 Apr 2018

👍1

same error of mneumarkidg.
our versions:
versione AWX 1.0.5.24
versione Ansible 2.5.0

If I try to save LDAP Auth Configuration, AWX_WEB produce error:
2018-04-26 13:37:47,762 ERROR django.request Internal Server Error: /api/v2/settings/all/
Traceback (most recent call last):
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File "/usr/lib/python2.7/site-packages/awx/wsgi.py", line 65, in _legacy_get_response
return super(AWXWSGIHandler, self)._legacy_get_response(request)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 249, in _legacy_get_response
response = self._get_response(request)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/core/handlers/base.py", line 185, in _get_response
response = wrapped_callback(request, callback_args, callback_kwargs)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/utils/decorators.py", line 185, in inner
return func(args, *kwargs)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
return view_func(args, *kwargs)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, *kwargs)
File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 284, in dispatch
return super(APIView, self).dispatch(request, args, *kwargs)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 494, in dispatch
response = self.handle_exception(exc)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 454, in handle_exception
self.raise_uncaught_exception(exc)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/views.py", line 491, in dispatch
response = handler(request, args, *kwargs)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/generics.py", line 260, in patch
return self.partial_update(request, args, *kwargs)
File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 745, in partial_update
return super(RetrieveUpdateAPIView, self).partial_update(request, args, *kwargs)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/mixins.py", line 84, in partial_update
return self.update(request, args, *kwargs)
File "/usr/lib/python2.7/site-packages/awx/api/generics.py", line 741, in update
return super(RetrieveUpdateAPIView, self).update(request, args, *kwargs)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/mixins.py", line 69, in update
serializer.is_valid(raise_exception=True)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 236, in is_valid
self._validated_data = self.run_validation(self.initial_data)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 435, in run_validation
value = self.to_internal_value(data)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/serializers.py", line 465, in to_internal_value
validated_value = field.run_validation(primitive_value)
File "/var/lib/awx/venv/awx/lib/python2.7/site-packages/rest_framework/fields.py", line 523, in run_validation
value = self.to_internal_value(data)
File "/usr/lib/python2.7/site-packages/awx/conf/serializers.py", line 57, in to_internal_value
obj = super(SettingFieldMixin, self).to_internal_value(value)
File "/usr/lib/python2.7/site-packages/awx/sso/fields.py", line 401, in to_internal_value
return cls(params_sanitized)
TypeError: __init__() takes at least 2 arguments (2 given)
[pid: 136|app: 0|req: 224/4553] 192.168.244.68 () {46 vars in 2372 bytes} [Thu Apr 26 13:37:47 2018] PATCH /api/v2/settings/all/ => generated 41 bytes in 409 msecs (HTTP/1.1 500) 5 headers in 177 bytes (1 switches on core 0)

alexmela78 on 26 Apr 2018

Hi @cailen

connect to awx db in postgresdb using psql or pgadmin4 GUI client.
1.1. Run this command -> select key,value from conf_setting table where key like 'AUTH%';
Input ldap config from GUI and click on SAVE button.
run 1.1 to see if your input is saved from output of select statement, if not it means you are not entering connection ldap config or json format was not correct.
Please use wiki notes ldap example from ldap.forumsys.com get a feel of successful input that ldap GUI is demanding.

tjyang on 1 May 2018

@tjyang, I actually just was in pgadmin4 and noticed that it did in fact save and was updating when I was adding teams and domains.

cailen on 1 May 2018

@cailen , hope AWX team can fix the bug by looking at logs you guys submitted.

tjyang on 1 May 2018

@tjyang hey tj i tried your screenshort in my ansible tower. but it not works for me.
AWX version = 2.1.2
Ansible version = 2.8.2
OS = CentOS

Ashjoker24 on 7 Aug 2019

@Ashjoker24 , I am using ansible-awx 6.1.0 , ie awx install by rpm approach.

tjyang on 8 Aug 2019

Need help!

=====

My env.

AWX( Ansible Tower) on Centos 7 with docker. And I'm trying to connect AWX with LDAP. It's finding the user but not alowing it to authenticate.

I was able to run ldapsearch command and it gave to the expected result. But its not accepting the p/w with AWX webgui.

{"log":"2020-09-25 23:15:59,824 DEBUG django_auth_ldap search_s('cn=accounts,dc=XXX,dc=XXX,dc=XXX', 2, '(cn=%(user)s)') returned 1 objects: cn=aprasad,cn=groups,cn=accounts,dc=XXX,dc=XXX,dc=XXX\n","stream":"stderr","time":"2020-09-25T23:15:59.82497491Z"}

{"log":"2020-09-25 23:15:59,828 WARNING django_auth_ldap Caught LDAPError while authenticating aprasad: INAPPROPRIATE_AUTH({'msgtype': 97, 'msgid': 3, 'result': 48, 'desc': 'Inappropriate authentication', 'ctrls': []},)\n","stream":"stderr","time":"2020-09-25T23:15:59.828941005Z"}