LDAP Auth Failure with Fedora Directory Server / Openldap

SKP's Avatar


10 Oct, 2013 10:55 AM

Ive installed Rhodecode using the installer and enabled LDAP auth as additional authentication.

I get this in debug mode:
2013-10-10 15:49:27.448 DEBUG [rhodecode.lib.auth_modules] Initializing lazy formencode object: <class 'formencode.validators.StringBool'>
2013-10-10 15:49:27.463 DEBUG [rhodecode.lib.auth_modules] {
    "attr_email": "mail",
    "attr_firstname": "givenName",
    "attr_lastname": "sn",
    "attr_login": "uid",
    "base_dn": "dc=company,dc=com",
    "dn_pass": "bar",
    "dn_user": "cn=Directory Manager",
    "enabled": "True",
    "filter": "ou=people",
    "host": "localhost",
    "port": "389",
    "search_scope": "SUBTREE",
    "tls_kind": "PLAIN",
    "tls_reqcert": "NEVER"
2013-10-10 15:49:27.463 INFO [rhodecode.lib.auth_modules] Authenticating user using rhodecode.lib.auth_modules.auth_ldap plugin
2013-10-10 15:49:27.463 DEBUG [rhodecode.lib.auth_modules.auth_ldap] Checking for ldap authentication
2013-10-10 15:49:27.464 ERROR [rhodecode.lib.auth_modules.auth_ldap] Traceback (most recent call last):
  File "/home/rhodecode/rhodecode-venv/lib/python2.6/site-packages/rhodecode/lib/auth_modules/auth_ldap.py", line 322, in auth
    aldap = AuthLdap(**kwargs)
  File "/home/rhodecode/rhodecode-venv/lib/python2.6/site-packages/rhodecode/lib/auth_modules/auth_ldap.py", line 54, in __init__
    raise LdapImportError

2013-10-10 15:49:27.464 DEBUG [rhodecode.lib.auth_modules] PLUGIN USER DATA: None
2013-10-10 15:49:27.464 WARNI [rhodecode.lib.auth_modules] User `foo` failed to authenticate against rhodecode.lib.auth_modules.auth_ldap
2013-10-10 15:49:27.465 WARNI [rhodecode.model.validators] user foo failed to authenticate

My tcpdump on port 389 does not show any connect coming for auth at all.
I have python-ldap 2.3.10-1ubuntu1 on Ubuntu 10.04.4 LTS

  1. Support Staff 1 Posted by Marcin Kuzminsk... on 10 Oct, 2013 10:59 AM

    Marcin Kuzminski's Avatar


    If you go into admin->settings->server info does it show python-ldap in the list of python packages ?

    If not maybe it;s an issue with virtualenv and python-ldap is installed only globally.

  2. 2 Posted by SKP on 10 Oct, 2013 12:34 PM

    SKP's Avatar

    Thanks Marcus. You're right. python-ldap was not in the list of packes in the virtualenv. I should have seen that myself. :-)

    I did a ~/rhodecode-venv/bin/pip install python-ldap (it cribbed about 'sasl.h not found' which was fixed by an apt-get install libsasl2-dev) and now Im able to login.

    Sad thing is, I cannot map my ldap groups to rhodecode groups.

  3. 3 Posted by SKP on 10 Oct, 2013 12:35 PM

    SKP's Avatar

    Sorry..I meant Marcin.

  4. Support Staff 4 Posted by Marcin Kuzminsk... on 10 Oct, 2013 12:40 PM

    Marcin Kuzminski's Avatar

    Take a look at our python-ldap auth plugin, you can create your own, and do mapping.

    We don't fill ldap groups since we believe there's no one way to do it. That's why we allow to create custom auth plugins, that are easily importable by RhodeCode.

    for example atlassian crowd plugin fills in user groups:

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac