1

Issue Summary

We get a 500 whenever trying ldap credentials at /ldap/login after following https://redash.io/help/open-source/admin-guide/ldap-authentication/ to add ldap support to our redash install.

Technical details:

Followed admin guide here: https://redash.io/help/open-source/admin-guide/ldap-authentication/

Verified my values are correct with ldapsearch tool:

ldapsearch -vx -H ldap://DELETED.DELETED.DELETED -b "ou=DELETED,dc=DELETED,dc=DELETED" -D "cn=DELETED,dc=DELETED,dc=DELETED" -W  "(uid=DELETED)" | grep result
Enter LDAP Password: 
filter: (uid=DELETED)
requesting: All userApplication attributes
# search result
result: 0 Success

Threw those values into env:

PYTHONUNBUFFERED=0
REDASH_LOG_LEVEL=INFO
REDASH_REDIS_URL=redis://redis:6379/0
POSTGRES_PASSWORD=DELETED
REDASH_COOKIE_SECRET=DELETED
REDASH_SECRET_KEY=DELETED
REDASH_DATABASE_URL=DELETED

REDASH_LDAP_LOGIN_ENABLED=true
REDASH_PASSWORD_LOGIN_ENABLED=true

REDASH_LDAP_URL=ldap://DELETED.DELETED.DELETED:389
REDASH_LDAP_SEARCH_DN="ou=DELETED,dc=DELETED,dc=DELETED"

REDASH_LDAP_BIND_DN="cn=DELETED,dc=DELETED,dc=DELETED"
REDASH_LDAP_BIND_DN_PASSWORD="DELETED"

Now when we submit creds good or bad to the ldap login page, it throws the 500:

[2020-07-16 21:21:08,457] ERROR in app: Exception on /ldap/login [POST]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python2.7/site-packages/flask_restful/__init__.py", line 271, in error_router
    return original_handler(e)
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/app/redash/authentication/ldap_auth.py", line 39, in login
    ldap_user = auth_ldap_user(request.form['email'], request.form['password'])
  File "/app/redash/authentication/ldap_auth.py", line 71, in auth_ldap_user
    auto_bind=True
  File "/home/redash/.local/lib/python2.7/site-packages/ldap3/core/connection.py", line 355, in __init__
    self.do_auto_bind()
  File "/home/redash/.local/lib/python2.7/site-packages/ldap3/core/connection.py", line 384, in do_auto_bind
    raise LDAPBindError(self.last_error)
LDAPBindError: None
  • Redash Version: latest
  • Browser/OS: Chrome, Firefox
  • How did you install Redash: install script
  • LDAP: RFC2307

All help is very appreciated. Let me know what other information I can provide.

2

Still stuck with this error. Any advice at all is appreciated.

3

This error usually means an issue from the LDAP server instead of Redash. Do you see any issues in the logs on your LDAP server? Are you using Active Directory? Is it configured properly? Are you able to SSO into other tools via the same LDAP server?

4

Hey there,

Thanks for the info. You’re right, it ended up being formatting to get auth working and I’ve pasted the formatting we used in case anyone else finds it useful:

REDASH_LDAP_URL=IPDELETED:389
REDASH_LDAP_SEARCH_DN=ou=DELETED,dc=DELETED,dc=org
REDASH_LDAP_SEARCH_TEMPLATE=(uid=%(username)s)
REDASH_LDAP_BIND_DN=cn=DELETED,dc=DELETED,dc=org
REDASH_LDAP_BIND_DN_PASSWORD=DELETED

With that set some user accounts are now authenticating. However, some others are failing with this error:

[2020-07-23 18:03:53,915] ERROR in app: Exception on /ldap/login [POST]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python2.7/site-packages/flask_restful/__init__.py", line 271, in error_router
    return original_handler(e)
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/app/redash/authentication/ldap_auth.py", line 44, in login
    ldap_user[settings.LDAP_DISPLAY_NAME_KEY][0],
  File "/home/redash/.local/lib/python2.7/site-packages/ldap3/abstract/attribute.py", line 84, in __getitem__
    return self.values[item]
IndexError: list index out of range

We verified the transaction happened in LDAP as seen here:

Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 fd=68 ACCEPT from IP=DELETED:39897 (IP=0.0.0.0:389)
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=0 BIND dn="cn=DELETED,dc=DELETED,dc=org" method=128
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=0 BIND dn="cn=DELETED,dc=DELETED,dc=org" mech=SIMPLE ssf=0
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=0 RESULT tag=97 err=0 text=
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=1 SRCH base="" scope=0 deref=3 filter="(objectClass=*)"
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=1 SRCH attr=subschemaSubentry +
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=2 SRCH base="cn=Subschema" scope=0 deref=3 filter="(objectClass=subschema)"
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=2 SRCH attr=objectClasses attributeTypes ldapSyntaxes matchingRules matchingRuleUse dITContentRules dITStructureRules nameForms createTimestamp modifyTimestamp * +
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=3 SRCH base="ou=DELETED,dc=DELETED,dc=org" scope=2 deref=3 filter="(uid=DELETED)"
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=3 SRCH attr=displayName mail
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=4 BIND anonymous mech=implicit ssf=0
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=4 BIND dn="uid=DELETED,ou=DELETED,dc=DELETED,dc=org" method=128
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=4 BIND dn="uid=DELETED,ou=DELETED,dc=DELETED,dc=org" mech=SIMPLE ssf=0
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=4 RESULT tag=97 err=0 text=
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=5 SRCH base="" scope=0 deref=3 filter="(objectClass=*)"
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=5 SRCH attr=subschemaSubentry +
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=6 SRCH base="cn=Subschema" scope=0 deref=3 filter="(objectClass=subschema)"
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=6 SRCH attr=objectClasses attributeTypes ldapSyntaxes matchingRules matchingRuleUse dITContentRules dITStructureRules nameForms createTimestamp modifyTimestamp * +
Jul 23 11:03:21 DELETED slapd[5768]: conn=2691 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=

Thanks again for the response!