Recommended method of including LDAP fails

When installing with a custom Dockerfile as recommended in the admin guide
The build fails with a permissions error.

Status: Downloaded newer image for redash/redash:latest
 ---> 1b48a51810b5
Step 2/2 : RUN pip install ldap3
 ---> Running in aa45de5bea5a
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Collecting ldap3
  Downloading https://files.pythonhosted.org/packages/06/a8/d53156e4c465b7a0dd57585e66473e4036e3bd9484a301fbd78383b57a28/ldap3-2.6.1-py2.py3-none-any.whl (417kB)
Requirement already satisfied: pyasn1>=0.1.8 in /usr/local/lib/python2.7/site-packages (from ldap3) (0.4.7)
Installing collected packages: ldap3
ERROR: Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: '/usr/local/lib/python2.7/site-packages/ldap3'
Consider using the `--user` option or check the permissions.

WARNING: You are using pip version 19.2.2, however version 19.3.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Service 'server' failed to build: The command '/bin/sh -c pip install ldap3' returned a non-zero code: 1

Double check your file system permissions. It appears pip doesn’t have access to the system site-packages directory. If you run sudo pip install it will work. Or you can chown or chmod the usr/local/lib/python2.7 directory.

well, ldap3 is already installed in the system, so sudo pip install won’t change anything. I assume it’s failing when running inside the container. I chmod -R 777 the directory anyway and still get the same error.

mccadmin@redash-docker:/opt/redash$ sudo chmod -R 777 /usr/local/lib/python2.7/
mccadmin@redash-docker:/opt/redash$ ll /usr/local/lib/python2.7/
total 24
drwxrwsrwx   4 root staff  4096 Oct 29 09:03 ./
drwxr-xr-x   4 root root   4096 Oct 29 09:09 ../
drwxrwsrwx 268 root staff 12288 Mar 25  2019 dist-packages/
drwxrwsrwx   2 root staff  4096 Oct 29 09:03 site-packages/
mccadmin@redash-docker:/opt/redash$ sudo docker-compose run --rm server manage db upgrade
Starting redash_redis_1 ... done
Starting redash_postgres_1 ... done
Building server
Step 1/2 : FROM redash/redash:latest
 ---> 1b48a51810b5
Step 2/2 : RUN pip install ldap3
 ---> Running in 04ce4a77082c
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Collecting ldap3
  Downloading https://files.pythonhosted.org/packages/06/a8/d53156e4c465b7a0dd57585e66473e4036e3bd9484a301fbd78383b57a28/ldap3-2.6.1-py2.py3-none-any.whl (417kB)
Requirement already satisfied: pyasn1>=0.1.8 in /usr/local/lib/python2.7/site-packages (from ldap3) (0.4.7)
Installing collected packages: ldap3
**ERROR: Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: '/usr/local/lib/python2.7/site-packages/ldap3'**

** Consider using the --user option or check the permissions.**

WARNING: You are using pip version 19.2.2, however version 19.3.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
ERROR: Service 'server' failed to build: The command '/bin/sh -c pip install ldap3' returned a non-zero code: 1

The Dockerfile switches to the redash user towards its end, hence why you’re having permission errors. Try following their suggestion and change the command to pip install --user ldap3.

That worked, thanks Arik!

It looks like ldap3 wants the port as its own parameter now. I get an error without modification.

I added another env var as a workaround and modified ldap_auth.py to use it. There’s probably a better way…

/app/redash/authentication/ldap_auth.py
server = Server(settings.LDAP_HOST,port=settings.LDAP_PORT, use_ssl=settings.LDAP_SSL)

/app/redash/settings/__init__.py
LDAP_HOST = os.environ.get('REDASH_LDAP_HOST', None)
LDAP_PORT = int(os.environ.get('REDASH_LDAP_PORT', None))

nevermind, I’m just having a moment. I copied my env variables for LDAP over with double quotes from the old non-docker install. Working fine now that I removed them.