[CPS-users-fr] Erreur authentification Active Directory

Alain MAINAR a.mainar at ccml.fr
Ven 1 Déc 10:06:00 CET 2006 

Bonjour,
 
Après installation de CPSLDAPSetup 1.0, nous rencontrons un problème que certains d’entre vous ont déjà eu, mais les nombreux posts sur le sujet ne nous ont pas permis de nous en tirer.
 
En résumé, la situation est la suivante (pour beaucoup en référence à la documentation d’installation):
1-       Installation de python-ldap : OK ; Test par « import Ldap » : OK
2-       Installation OK dans Products de CPSLDAPSetup, dans sa version proposée par Philippe BONNARDEL le 30/05/2006 (merci beaucoup au passage, cela rend vraiment service !)
3-       Import du profil LDAP SETUP dans portal_setup OK (Par contre, nous n’avons trouvé nulle part comment importer CPS LDAP SETUP READONLY PROFILE… Quelqu’un aurait une idée ??)
4-       Paramétrage de l’ensemble pour se connecter à notre AD sur 2003 Server : OK. Dans  /cps/portal_directories/members_ldap, l’onglet SEARCH renvoit bien les utilisateurs déclarés dans l’AD.
5-       Dans acl_users (CPS User Folder), on positionne Users directory: login field à sAMAccountName et Users directory: password field à userPassword.  sAMAccountName est par ailleurs positionné pour LDAP rdn attribute (create) dans portal_directoiries/members_ldap, pour Field for entry id (dans portal_directories/members_stack) et pour Field for entry id dans portal_directories/members
 
Lors de la connexion au portail avec un utilisateur déclaré dans l’AD, le message « L'authentification a échoué » est renvoyé, mais sans erreur.
 
La connexion au portail avec le compte admin fonctionne, et lorsque l’on clique sur « Annuaires » / « Membres », l’interrogation ramène bien tous les utilisateurs définis dans l’AD. Si on en choisit un, la « fiche » s’ouvre, affichant nom d’utilisateur, nom complet, etc… Par défaut, son rôle est « Membre ». Si l’on rajoute le rôle « Administrateur » et que l’on valide, on obtient  un message d’erreur (voir plus bas -Exception Type Key Error).
 
Par ailleurs, toujours en admin, je cherche à attribuer un droit sur un espace privé. Pour cela, une fois dans l’espace, je clique sur droits d’accès. Lorsque je lance une recherche d’utilisateurs, je constate :
1- Que je retrouve bien mes utilisateurs déclarés dans l’AD, et que je peux leur assigner des droits sans déclencher d’erreurs.
2- Que les droits attribués aux anciens utilisateurs (c’est-à-dire avant mise en œuvre de LDAP Setup) sont toujours visibles. Pourtant, toute tentative de connexion au portail avec ces anciens comptes échoue (ce qui est  normal à priori). N’est-ce pas un peu « bizarre » ?
 
En résumé, donc, deux problèmes : impossible d’identifier nos utilisateurs AD ; Message d’erreur lors du rajout du rôle admin pour un user.
 
Merci pour votre aide car l’abondante littérature de posts a été insuffisante pour nous guider.
 
Bonne journée,
 
AM
 
 
Site Error Log at  /error_log  
 
Exception traceback
 
 
Time 2006/12/01 08:58:20.413 GMT+1 
User Name (User Id) Admin (Admin) 
Request URL http://localhost/cps/cpsdirectory_entry_edit_form 
Exception Type KeyError 
Exception Value 'CN=Alain MAINAR,OU=Informatique,OU=Utilisateurs CCML,DC=CCML,DC=local' 
 
Traceback (innermost last): 
 
Module ZPublisher.Publish, line 113, in publish 
Module ZPublisher.mapply, line 88, in mapply 
Module ZPublisher.Publish, line 40, in call_object 
Module Shared.DC.Scripts.Bindings, line 311, in __call__ 
Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec 
Module Products.CMFCore.FSPageTemplate, line 195, in _exec 
Module Products.CMFCore.FSPageTemplate, line 134, in pt_render 
Module Products.PageTemplates.PageTemplate, line 104, in pt_render
<FSPageTemplate at /cps/cpsdirectory_entry_edit_form> 
Module TAL.TALInterpreter, line 238, in __call__ 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 749, in do_useMacro 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 457, in do_optTag_tal 
Module TAL.TALInterpreter, line 442, in do_optTag 
Module TAL.TALInterpreter, line 437, in no_tag 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 715, in do_condition 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 749, in do_useMacro 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 715, in do_condition 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 457, in do_optTag_tal 
Module TAL.TALInterpreter, line 442, in do_optTag 
Module TAL.TALInterpreter, line 437, in no_tag 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 691, in do_loop_tal 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 457, in do_optTag_tal 
Module TAL.TALInterpreter, line 442, in do_optTag 
Module TAL.TALInterpreter, line 437, in no_tag 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 691, in do_loop_tal 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 457, in do_optTag_tal 
Module TAL.TALInterpreter, line 442, in do_optTag 
Module TAL.TALInterpreter, line 437, in no_tag 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 715, in do_condition 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 457, in do_optTag_tal 
Module TAL.TALInterpreter, line 442, in do_optTag 
Module TAL.TALInterpreter, line 437, in no_tag 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 691, in do_loop_tal 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 457, in do_optTag_tal 
Module TAL.TALInterpreter, line 442, in do_optTag 
Module TAL.TALInterpreter, line 437, in no_tag 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 507, in do_setLocal_tal 
Module Products.PageTemplates.TALES, line 221, in evaluate
URL: file:CPSSkins/skins/CPSSkins/cpsskins_main_template_default.pt
Line 41, Column 16
Expression: <PythonExpr isRenderable and content.render_cache(shield=shield, context_obj=context_obj, enable_esi=enable_esi, boxedit=boxedit, template=template, options=options)>
Names:
{'container': <CPSDefaultSite at /cps>,
 'context': <CPSDefaultSite at /cps>,
 'default': <Products.PageTemplates.TALES.Default instance at 0x014E4F08>,
 'here': <CPSDefaultSite at /cps>,
 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x04C31468>,
 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x014D84B8>,
 'nothing': None,
 'options': {'args': ()},
 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x04C31468>,
 'request': <HTTPRequest, URL=http://localhost/cps/cpsdirectory_entry_edit_form>,
 'root': <Application at >,
 'template': <FSPageTemplate at /cps/cpsdirectory_entry_edit_form>,
 'traverse_subpath': [],
 'user': <User 'Admin'>}Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__
__traceback_info__: isRenderable and content.render_cache(shield=shield, context_obj=context_obj, enable_esi=enable_esi, boxedit=boxedit, template=template, options=options) 
Module Python expression "isRenderable and content.render_cache(shield=shield, context_obj=context_obj, enable_esi=enable_esi, boxedit=boxedit, template=template, options=options)", line 1, in <expression> 
Module Products.CPSSkins.PortalBoxGroup, line 315, in render_cache 
Module Products.CPSSkins.PortalBoxGroup, line 259, in render 
Module Products.CPSPortlets.CPSPortlet, line 495, in render_cache 
Module Products.CPSDocument.CPSDocument, line 68, in render 
Module Products.CPSDocument.FlexibleTypeInformation, line 753, in renderObject 
Module Products.CPSDocument.FlexibleTypeInformation, line 715, in _renderLayouts 
Module Products.CPSSchemas.Layout, line 391, in renderLayoutStructure 
Module Products.CPSSchemas.BasicWidgets, line 2135, in render 
Module Products.CPSPortlets.PortletWidgets.MainContentWidget, line 27, in renderMainContent 
Module Products.CMFCore.FSPageTemplate, line 134, in pt_render 
Module Products.PageTemplates.PageTemplate, line 104, in pt_render
<FSPageTemplate at /cps/cpsdirectory_entry_edit_form> 
Module TAL.TALInterpreter, line 238, in __call__ 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 749, in do_useMacro 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 457, in do_optTag_tal 
Module TAL.TALInterpreter, line 442, in do_optTag 
Module TAL.TALInterpreter, line 437, in no_tag 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 772, in do_defineSlot 
Module TAL.TALInterpreter, line 281, in interpret 
Module TAL.TALInterpreter, line 507, in do_setLocal_tal 
Module Products.PageTemplates.TALES, line 221, in evaluate
URL: file:CPSDirectory/skins/cps_directory/cpsdirectory_entry_edit_form.pt
Line 25, Column 2
Expression: <PythonExpr dir.renderEditEntryDetailed(id, request=edit_request)>
Names:
{'container': <CPSDefaultSite at /cps>,
 'context': <CPSDefaultSite at /cps>,
 'default': <Products.PageTemplates.TALES.Default instance at 0x014E4F08>,
 'here': <CPSDefaultSite at /cps>,
 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x04B02850>,
 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x014D84B8>,
 'nothing': None,
 'options': {'args': ()},
 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x04B02850>,
 'request': <HTTPRequest, URL=http://localhost/cps/cpsdirectory_entry_edit_form>,
 'root': <Application at >,
 'template': <FSPageTemplate at /cps/cpsdirectory_entry_edit_form>}Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__
__traceback_info__: dir.renderEditEntryDetailed(id, request=edit_request) 
Module Python expression "dir.renderEditEntryDetailed(id, request=edit_request)", line 1, in <expression> 
Module Products.CPSDirectory.BaseDirectory, line 617, in renderEditEntryDetailed 
Module Products.CPSSchemas.DataModel, line 337, in _commit 
Module Products.CPSSchemas.DataModel, line 363, in _commitData 
Module Products.CPSSchemas.StorageAdapter, line 144, in setData 
Module Products.CPSDirectory.MetaDirectory, line 688, in _setData 
Module Products.CPSDirectory.BaseDirectory, line 513, in _editEntry 
Module Products.CPSSchemas.DataModel, line 337, in _commit 
Module Products.CPSSchemas.DataModel, line 363, in _commitData 
Module Products.CPSSchemas.StorageAdapter, line 144, in setData 
Module Products.CPSDirectory.StackingDirectory, line 442, in _setData 
Module Products.CPSDirectory.BaseDirectory, line 502, in _editEntry 
Module Products.CPSDirectory.BaseDirectory, line 898, in _getDataModel 
Module Products.CPSSchemas.DataModel, line 263, in _fetch 
Module Products.CPSDirectory.LDAPBackingDirectory, line 968, in getData 
Module Products.CPSDirectory.LDAPBackingDirectory, line 496, in _getEntryFromLDAP 
KeyError: 'CN=Alain MAINAR,OU=Informatique,OU=Utilisateurs CCML,DC=CCML,DC=local' 
 
Display traceback as text
 
 
 
REQUEST
form
widget__title 'MR' 
widget__cpsGroups [] 
widget__sn 'MAINAR' 
widget__postalAddress '' 
widget__telephoneNumber '' 
widget__email 'a.mainar at ccml.fr' 
widget__userPassword '<password obscured>' 
widget__fullname 'Alain MAINAR' 
widget__ou '' 
widget__o '' 
widget__givenName 'ALAIN' 
dirname 'members' 
id 'a.mainar' 
cpsdirectory_entry_edit_form 'Enregistrer' 
widget__cpsRoles ['Member', 'Manager'] 
 
cookies
tree-s 'eJzTyCkw5NLIKTDiClZ3hANXW3WuAmOuxEQ9AIOOB9Q' 
__ac_name 'Admin' 
_ZopeId '72567993A2nkFdCnHe4' 
 
lazy items
SESSION <bound method SessionDataManager.getSessionData of <SessionDataManager at /session_data_manager>> 
 
other
cpsdirectory_entry_edit_form 'Enregistrer' 
_ec_cache {78061360: <Products.PageTemplates.TALES.Context instance at 0x04A5F350>} 
PATH_INFO '/cps/cpsdirectory_entry_edit_form' 
AcceptCharset <Products.Localizer.Accept.AcceptCharset instance at 0x04583058> 
dirname 'members' 
id 'a.mainar' 
_oai_cache {78061360: <Products.CMFCore.ActionInformation.oai instance at 0x04B74648>} 
AUTHENTICATED_USER <User 'Admin'> 
USER_PREF_LANGUAGES <Products.Localizer.Accept.AcceptLanguage instance at 0x04A5FF58> 
SERVER_URL 'http://localhost' 
AUTHENTICATION_PATH '' 
traverse_subpath [] 
cpsskins_base_url '/cps/' 
cpsskins_url 'http://localhost/cps/cpsdirectory_entry_edit_form' 
cpsskins_effective_theme_page ('default', 'defautCCML') 
ACTUAL_URL 'http://localhost/cps/cpsdirectory_entry_edit_form' 
URL 'http://localhost/cps/cpsdirectory_entry_edit_form' 
cpsskins_cmfactions {'object': [{'url': '/cps/cpsdirectory_entry_search_form?dirname=members', 'category': 'object', 'id': 'search_entry', 'name': 'cpsdir_label_search_entry'}, {'url': '/cps/cpsdirectory_entry_create_form?dirname=members', 'category': 'object', 'id': 'new_entry', 'name': 'cpsdir_label_create_entry'}, {'url': '/cps/cpsdirectory_entry_view?dirname=members&id=a.mainar', 'category': 'object', 'id': 'view_entry', 'name': 'cpsdir_label_view_entry'}, {'url': '/cps/cpsdirectory_entry_edit_form?dirname=members&id=a.mainar', 'category': 'object', 'id': 'edit_entry', 'name': 'cpsdir_label_edit_entry'}, {'url': '/cps/cpsdirectory_entry_delete?dirname=members&id=a.mainar', 'category': 'object', 'id': 'delete_entry', 'onclick': u"return window.confirm('\xcates-vous certain ?')", 'name': 'cpsdir_label_delete_entry'}], 'workflow': [], 'global': [{'category': 'global', 'available': True, 'title': 'action_manage_vocabularies', 'url': 'http://localhost/cps/vocabularies_manage_form', 'name': 'action_manage_vocabularies', 'visible': True, 'allowed': True, 'id': 'manage_vocabularies', 'permissions': ('Modify portal content',)}, {'category': 'global', 'available': True, 'title': 'Directories', 'url': 'http://localhost/cps/cpsdirectory_view', 'name': 'Directories', 'visible': True, 'allowed': True, 'id': 'directories', 'permissions': ('View',)}, {'category': 'global', 'available': True, 'title': 'Type management', 'url': 'http://localhost/cps/cpstypes_list', 'name': 'Type management', 'visible': True, 'allowed': True, 'id': 'typemaker', 'permissions': ('Manage portal',)}, {'category': 'global', 'available': <bound method ActionInfo._checkCondition of {...}>, 'title': '_action_themes_reconfig_', 'url': 'http://localhost/cps/cpsskins_themes_reconfig_form', 'name': '_action_themes_reconfig_', 'visible': True, 'allowed': <bound method ActionInfo._checkPermissions of {...}>, 'id': 'configThemes', 'permissions': ('View',)}, {'category': 'global', 'available': True, 'title': 'Reconfigure Portal', 'url': 'http://localhost/cps/config_form', 'name': 'Reconfigure Portal', 'visible': True, 'allowed': True, 'id': 'configPortal', 'permissions': ('Manage portal',)}], 'global_header': [{'category': 'global_header', 'available': True, 'title': 'action_accessibility', 'url': <bound method ActionInfo._getURL of {...}>, 'name': 'action_accessibility', 'visible': True, 'allowed': True, 'id': 'accessibility', 'permissions': ('View',)}, {'category': 'global_header', 'available': True, 'title': 'action_print', 'url': <bound method ActionInfo._getURL of {...}>, 'name': 'action_print', 'visible': True, 'allowed': True, 'id': 'print', 'permissions': ('View',)}, {'category': 'global_header', 'available': True, 'title': 'action_advanced_search', 'url': <bound method ActionInfo._getURL of {...}>, 'name': 'action_advanced_search', 'visible': True, 'allowed': True, 'id': 'advanced_search', 'permissions': ('View',)}, {'category': 'global_header', 'available': True, 'title': 'action_contact', 'url': <bound method ActionInfo._getURL of {...}>, 'name': 'action_contact', 'visible': True, 'allowed': True, 'id': 'contact', 'permissions': ('View',)}], 'document_actions': [{'category': 'document_actions', 'available': True, 'title': 'RSS feed', 'url': <bound method ActionInfo._getURL of {...}>, 'name': 'RSS feed', 'visible': True, 'allowed': True, 'id': 'rss', 'permissions': ('View',)}, {'category': 'document_actions', 'available': True, 'title': 'ATOM feed', 'url': <bound method ActionInfo._getURL of {...}>, 'name': 'ATOM feed', 'visible': True, 'allowed': True, 'id': 'atom', 'permissions': ('View',)}], 'user': [{'category': 'user', 'available': True, 'title': 'Log out', 'url': 'http://localhost/cps/logout', 'name': 'Log out', 'visible': True, 'allowed': True, 'id': 'logout', 'permissions': ('View',)}, {'category': 'user', 'available': True, 'title': 'action_my_subscriptions', 'url': 'http://localhost/cps/manage_my_subscriptions_form', 'name': 'action_my_subscriptions', 'visible': True, 'allowed': True, 'id': 'my_subscriptions', 'permissions': ('View My Subscriptions',)}], 'folder': [{'category': 'folder', 'available': True, 'title': 'action_portlets', 'url': 'http://localhost/cps/portlet_manage_form', 'name': 'action_portlets', 'visible': True, 'allowed': True, 'id': 'portlets', 'permissions': ('Manage Portlets',)}]} 
cpsskins_language 'fr' 
cpsskins_mcat None 
PUBLISHED <FSPageTemplate at /cps/cpsdirectory_entry_edit_form> 
_localizer_placeful_mc_cache {'Localizer/default': <MessageCatalog at /cps/Localizer/default>} 
TraversalRequestNameStack [] 
_ts_domain_cache {'default': <LocalizerDomain at /cps/translation_service/>} 
breadcrumb_set [{'url': 'http://localhost/cps/cpsdirectory_view', 'id': 'directories', 'title': u'Annuaires'}, {'url': 'http://localhost/cps/cpsdirectory_entry_search_form?dirname=members', 'id': 'directories', 'title': u'Membres'}] 
AcceptLanguage <Products.Localizer.Accept.AcceptLanguage instance at 0x04A5FF58> 
_translation_service_cache <PlacefulTranslationService at /cps/translation_service used for /cps/portal_layouts/search_portlet/w__search> 
URL0 http://localhost/cps/cpsdirectory_entry_edit_form 
URL1 http://localhost/cps 
URL2 http://localhost 
BASE0 http://localhost 
BASE1 http://localhost 
BASE2 http://localhost/cps 
BASE3 http://localhost/cps/cpsdirectory_entry_edit_form 
 
environ
HTTP_COOKIE '__ac_name="Admin"; _ZopeId="72567993A2nkFdCnHe4"; __ac="QWRtaW46IWFkbWluKiRkb2Muag%3D%3D"; tree-s="eJzTyCkw5NLIKTDiClZ3hANXW3WuAmOuxEQ9AIOOB9Q"' 
SERVER_SOFTWARE 'Zope/(Zope 2.9.0, python 2.4.2, win32) ZServer/1.1 CPS/3.4' 
SCRIPT_NAME '' 
REQUEST_METHOD 'POST' 
PATH_INFO '/cps/' 
SERVER_PROTOCOL 'HTTP/1.1' 
channel.creation_time 1164959899 
CONNECTION_TYPE 'Keep-Alive' 
HTTP_USER_AGENT 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)' 
HTTP_REFERER 'http://localhost/cps/cpsdirectory_entry_edit_form?dirname=members&id=a.mainar' 
SERVER_NAME 'amainar.CCML.local' 
REMOTE_ADDR '127.0.0.1' 
PATH_TRANSLATED '\\cps' 
SERVER_PORT '80' 
CONTENT_LENGTH '1958' 
HTTP_HOST 'localhost' 
HTTP_CACHE_CONTROL 'no-cache' 
HTTP_ACCEPT 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*' 
GATEWAY_INTERFACE 'CGI/1.1' 
HTTP_ACCEPT_LANGUAGE 'fr' 
CONTENT_TYPE 'multipart/form-data; boundary=---------------------------7d635f13120314' 
HTTP_ACCEPT_ENCODING 'gzip, deflate' 
 
 
 
-------------- section suivante --------------
Une pièce jointe HTML a été enlevée...
URL: http://lists.nuxeo.com/pipermail/cps-users-fr/attachments/20061201/4215ff00/attachment.htm


This list archive provided by Nuxeo, the leaders of open source ECM. Check out the Nuxeo 5 open source, standards-based ECM project.