Unable to retrieve full name from LDAP

[danb35]

I'm having trouble configuring automx (current version) to pull a user's full name out of an LDAP server. I'm able to set the parameters for automx to successfully connect to the server (or, at least, not get any error message in the debug log). But from the automx.conf manpage, it looks like I should just be able to specify the LDAP field in the automx.conf file and it will be included. So, following one of the few configuration examples I found that sounded like it should do what I needed, I added display_name = ${displayName} to automx.conf. The resulting .mobileconfig file had just ${displayName}--no variable expansion at all.

Looking more closely at that thread, I saw that they'd escaped the variable, so I changed it to display_name = \${displayName}. Same result.

Then I suspected that my LDAP implementation used different field names, so I requested a user dump:

[root@neth-automx ~]# ldapsearch -xLLL -H ldaps://localhost -b 'dc=directory,dc=nh' '(uid=ginger)'
dn: uid=ginger,ou=People,dc=directory,dc=nh
uidNumber: 1002
gidNumber: 1000
uid: ginger
shadowMax: 99999
shadowWarning: 7
shadowMin: 0
loginShell: /usr/libexec/openssh/sftp-server
homeDirectory: /var/lib/nethserver/home/ginger
shadowInactive: -1
shadowExpire: -1
gecos: Ginger Rogers
shadowLastChange: 17677
shadowFlag: -1
cn: Ginger Rogers
sn: ginger
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
mail: ginger@familybrown.org

This makes it look like the relevant field would be cn, so I changed automx.conf to read display_name = \${cn}. The result was as above--now the resulting .mobileconfig file had ${cn} in the display name field.

It seems there's no variable expansion going on at all, which makes me suspect I'm missing something pretty fundamental. Any suggestions what it might be?

[croessner]

Could you please show your automx.conf?

[croessner]

BTW: I can not see an attribute called displayName in you LDIF output. I guess you wan „cn“ instead 😉

[danb35]

Here's the .conf file:

# ================= DO NOT MODIFY THIS FILE =================
# 
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
# 
# file: /etc/automx.conf

[automx]
provider = localhost
domains = *

debug = yes
logfile = /var/log/automx/automx.log

# Protect against DoS
memcache = 127.0.0.1:11211
memcache_ttl = 600
client_error_limit = 20
rate_limit_exception_networks = 127.0.0.0/8, 192.168.1.0/24

# The DEFAULT section is always merged into each other section. Each section
# can overwrite settings done here.
[DEFAULT]
account_type = email
account_name = account email
account_name_short = test

# display_name = prova
display_name = ${cn} 


# If a domain is listed in the automx section, it may have its own section. If
# none is found here, the global section is used.
[global]
backend = ldap
action = settings


# If you want to sign mobileconfig profiles, enable these options. Make sure
# that your webserver has proper privileges to read the key. The cert file
# must contain the server certificate and all intermediate certificates. You
# can simply concatenate these certificates.
#sign_mobileconfig = yes
#sign_cert = /path/to/cert
#sign_key = /path/to/key

account_name = %s account
#${displayName} account 
account_name_short = %u 


smtp = yes
smtp_server = neth-automx.familybrown.org
smtp_port = 587
smtp_encryption = starttls
smtp_auth = plaintext
smtp_refresh_ttl = 6
smtp_auth_identity = %u 
smtp_default = yes


imap = yes
imap_server = neth-automx.familybrown.org
imap_port = 143
imap_encryption = starttls
imap_auth = plaintext
imap_refresh_ttl = 6
imap_auth_identity = %u 


carddav = yes
carddav_server = neth-automx.familybrown.org
carddav_port = 443
carddav_encryption = ssl
carddav_auth_identity = %u

caldav = yes
caldav_server = neth-automx.familybrown.org
caldav_port= 443
caldav_encryption = ssl
caldav_auth_identity = %u

pop = no


bindmethod = simple
binddn = "CN=cn=ldapservice,dc=directory,dc=nh,CN=Users,dc=directory,dc=nh"
bindpw = "6yoyq_NrcTG9RzDN"
base = "CN=Users,dc=directory,dc=nh"
host = "ldap://127.0.0.1"
result_attrs = "cn, sn"
scope = "sub"
filter = "(&(objectClass=*) (uid=%s))"

[danb35]

...and here's the debug log from an attempt:

2018-06-09 18:16:31,785 DEBUG: --------------- BEGIN environ ---------------
2018-06-09 18:16:31,785 DEBUG: mod_wsgi.listener_port: 443
2018-06-09 18:16:31,785 DEBUG: HTTP_COOKIE: __cfduid=d6cd70d6514a61008bf1292916c155ee41519056501
2018-06-09 18:16:31,786 DEBUG: mod_wsgi.listener_host: 
2018-06-09 18:16:31,786 DEBUG: CONTEXT_DOCUMENT_ROOT: /var/www/html
2018-06-09 18:16:31,786 DEBUG: SERVER_SOFTWARE: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
2018-06-09 18:16:31,786 DEBUG: SCRIPT_NAME: /mobileconfig
2018-06-09 18:16:31,786 DEBUG: mod_wsgi.enable_sendfile: 0
2018-06-09 18:16:31,786 DEBUG: mod_wsgi.handler_script: 
2018-06-09 18:16:31,786 DEBUG: SERVER_SIGNATURE: 
2018-06-09 18:16:31,787 DEBUG: REQUEST_METHOD: POST
2018-06-09 18:16:31,787 DEBUG: PATH_INFO: 
2018-06-09 18:16:31,787 DEBUG: SERVER_PROTOCOL: HTTP/1.1
2018-06-09 18:16:31,787 DEBUG: QUERY_STRING: 
2018-06-09 18:16:31,787 DEBUG: CONTENT_LENGTH: 80
2018-06-09 18:16:31,787 DEBUG: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:60.0) Gecko/20100101 Firefox/60.0
2018-06-09 18:16:31,787 DEBUG: HTTP_CONNECTION: keep-alive
2018-06-09 18:16:31,787 DEBUG: HTTP_REFERER: https://autoconfig.familybrown.org/
2018-06-09 18:16:31,788 DEBUG: SERVER_NAME: autoconfig.familybrown.org
2018-06-09 18:16:31,788 DEBUG: REMOTE_ADDR: 192.168.3.2
2018-06-09 18:16:31,788 DEBUG: mod_wsgi.queue_start: 1528582591569165
2018-06-09 18:16:31,788 DEBUG: mod_wsgi.request_handler: wsgi-script
2018-06-09 18:16:31,788 DEBUG: wsgi.url_scheme: https
2018-06-09 18:16:31,788 DEBUG: mod_wsgi.callable_object: application
2018-06-09 18:16:31,788 DEBUG: SERVER_PORT: 443
2018-06-09 18:16:31,788 DEBUG: wsgi.multiprocess: True
2018-06-09 18:16:31,789 DEBUG: mod_wsgi.input_chunked: 0
2018-06-09 18:16:31,789 DEBUG: SERVER_ADDR: 192.168.1.37
2018-06-09 18:16:31,789 DEBUG: DOCUMENT_ROOT: /var/www/html
2018-06-09 18:16:31,789 DEBUG: mod_wsgi.process_group: 
2018-06-09 18:16:31,789 DEBUG: SCRIPT_FILENAME: /usr/lib/automx/automx_wsgi.py
2018-06-09 18:16:31,789 DEBUG: SERVER_ADMIN: webmaster@example.com
2018-06-09 18:16:31,789 DEBUG: wsgi.input: <mod_wsgi.Input object at 0x7f6e801728b0>
2018-06-09 18:16:31,790 DEBUG: HTTP_DNT: 1
2018-06-09 18:16:31,790 DEBUG: HTTP_HOST: autoconfig.familybrown.org
2018-06-09 18:16:31,790 DEBUG: CONTEXT_PREFIX: 
2018-06-09 18:16:31,790 DEBUG: wsgi.multithread: False
2018-06-09 18:16:31,790 DEBUG: HTTP_UPGRADE_INSECURE_REQUESTS: 1
2018-06-09 18:16:31,790 DEBUG: REQUEST_URI: /mobileconfig
2018-06-09 18:16:31,790 DEBUG: HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
2018-06-09 18:16:31,791 DEBUG: wsgi.version: (1, 0)
2018-06-09 18:16:31,791 DEBUG: GATEWAY_INTERFACE: CGI/1.1
2018-06-09 18:16:31,791 DEBUG: wsgi.run_once: False
2018-06-09 18:16:31,791 DEBUG: wsgi.errors: <mod_wsgi.Log object at 0x7f6e7b1897f0>
2018-06-09 18:16:31,791 DEBUG: REMOTE_PORT: 51500
2018-06-09 18:16:31,791 DEBUG: HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.5
2018-06-09 18:16:31,791 DEBUG: REQUEST_SCHEME: http
2018-06-09 18:16:31,791 DEBUG: mod_wsgi.version: (3, 4)
2018-06-09 18:16:31,792 DEBUG: CONTENT_TYPE: application/x-www-form-urlencoded
2018-06-09 18:16:31,792 DEBUG: mod_wsgi.application_group: autoconfig.familybrown.org|/mobileconfig
2018-06-09 18:16:31,792 DEBUG: mod_wsgi.script_reloading: 1
2018-06-09 18:16:31,792 DEBUG: wsgi.file_wrapper: <built-in method file_wrapper of mod_wsgi.Adapter object at 0x7f6e80057300>
2018-06-09 18:16:31,792 DEBUG: HTTP_ACCEPT_ENCODING: gzip, deflate, br
2018-06-09 18:16:31,792 DEBUG: UNIQUE_ID: WxxRv-gjgO5TrsMeA1VyxAAAAAY
2018-06-09 18:16:31,792 DEBUG: --------------- END environ ---------------
2018-06-09 18:16:31,793 DEBUG: Request POST (raw)
_mobileconfig=true&emailaddress=ginger%40familybrown.org&cn=&password=flintstone
2018-06-09 18:16:31,794 DEBUG: {u'_mobileconfig': [u'true'], u'password': [u'flintstone'], u'emailaddress': [u'ginger@familybrown.org']}
2018-06-09 18:16:31,794 DEBUG: Requesting mobileconfig configuration
2018-06-09 18:16:31,794 DEBUG: Entering data.configure()
2018-06-09 18:16:31,828 ERROR: LDAP: (2, 'No such file or directory')
2018-06-09 18:16:31,829 DEBUG: STATIC OrderedDict([(u'smtp_server', u'neth-automx.familybrown.org'), (u'smtp_port', u'587'), (u'smtp_encryption', u'starttls'), (u'smtp_auth', u'cleartext'), (u'smtp_auth_identity', u'ginger'), (u'smtp_refresh_ttl', u'6'), (u'smtp_default', u'Yes')])
2018-06-09 18:16:31,829 DEBUG: STATIC OrderedDict([(u'imap_server', u'neth-automx.familybrown.org'), (u'imap_port', u'143'), (u'imap_encryption', u'starttls'), (u'imap_auth', u'cleartext'), (u'imap_auth_identity', u'ginger'), (u'imap_refresh_ttl', u'6')])
2018-06-09 18:16:31,829 DEBUG: STATIC OrderedDict([(u'carddav_server', u'neth-automx.familybrown.org'), (u'carddav_port', u'443'), (u'carddav_encryption', u'ssl'), (u'carddav_auth_identity', u'ginger')])
2018-06-09 18:16:31,830 DEBUG: STATIC OrderedDict([(u'caldav_server', u'neth-automx.familybrown.org'), (u'caldav_port', u'443'), (u'caldav_encryption', u'ssl'), (u'caldav_auth_identity', u'ginger')])
2018-06-09 18:16:31,830 DEBUG: Entering view()
2018-06-09 18:16:31,831 DEBUG: Response:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>EmailAccountDescription</key>
			<string>ginger@familybrown.org account</string>
			<key>EmailAccountName</key>
			<string>${cn}</string>
			<key>EmailAccountType</key>
			<string>EmailTypeIMAP</string>
			<key>EmailAddress</key>
			<string>ginger@familybrown.org</string>
			<key>IncomingMailServerAuthentication</key>
			<string>EmailAuthPassword</string>
			<key>IncomingMailServerHostName</key>
			<string>neth-automx.familybrown.org</string>
			<key>IncomingMailServerPortNumber</key>
			<integer>143</integer>
			<key>IncomingMailServerUseSSL</key>
			<true/>
			<key>IncomingMailServerUsername</key>
			<string>ginger</string>
			<key>IncomingPassword</key>
			<string>flintstone</string>
			<key>OutgoingMailServerAuthentication</key>
			<string>EmailAuthPassword</string>
			<key>OutgoingMailServerHostName</key>
			<string>neth-automx.familybrown.org</string>
			<key>OutgoingMailServerPortNumber</key>
			<integer>587</integer>
			<key>OutgoingMailServerUseSSL</key>
			<true/>
			<key>OutgoingMailServerUsername</key>
			<string>ginger</string>
			<key>OutgoingPasswordSameAsIncomingPassword</key>
			<true/>
			<key>PayloadDescription</key>
			<string>Configure email account.</string>
			<key>PayloadDisplayName</key>
			<string>IMAP Account (ginger@familybrown.org account)</string>
			<key>PayloadIdentifier</key>
			<string>org.automx.mail.localhost.familybrown.org.ginger</string>
			<key>PayloadOrganization</key>
			<string>localhost</string>
			<key>PayloadType</key>
			<string>com.apple.mail.managed</string>
			<key>PayloadUUID</key>
			<string>bfbbcaaf-1605-4163-9b74-20d0c6fbf3b5</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>PreventAppSheet</key>
			<false/>
			<key>PreventMove</key>
			<false/>
			<key>SMIMEEnabled</key>
			<false/>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Automx Email</string>
	<key>PayloadDisplayName</key>
	<string>ginger@familybrown.org account</string>
	<key>PayloadIdentifier</key>
	<string>org.automx.mail.localhost.familybrown.org.ginger</string>
	<key>PayloadOrganization</key>
	<string>localhost</string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>1801508b-5915-4b71-aa66-daf1ef9136be</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

Edit: ...but I now see an LDAP error I don't remember seeing before.

[danb35]

So the error is LDAP: (2, 'No such file or directory'). python-ldap is apparently trying, and failing, to open some (unspecified in the error message) file. This issue against python-ldap suggests changing an ldap debug setting and using strace, but I'm not familiar with either procedure--where or how should either be done to try to figure out what file can't be opened?

[danb35]

So this, along with a bunch of other issues, were closed without explanation a couple of weeks ago. Why is this?

[patrickbenkoetter]

Because the person you had been discussing this with did not respond within a year. Also because automx has recently undergone significant changes, which will show up in the next days.

[croessner]

@patrickbenkoetter Please keep the license in your mind. Code must be returned to the original code author, which is me.