Defect #14037

LDAP auth with Perl auth handler doesn't work with CJK

Added by Mathias LANG over 9 years ago. Updated over 9 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:LDAP
Target version:-
Resolution: Affected version:2.3.1

Description

Hi,
I am setting up a new Redmine server for a Chinese company. They have an Active Directory server which runs just fine.
I set up everything in Redmine and it's running smoothly.
I integrated svn using mod_dav, following this tutorial:
http://www.redmine.org/projects/redmine/wiki/Redmine_203_with_Subversion_and_LDAP_Authentication_(for_Redmine_and_Subversion_through_Redmine)_on_Centos_6_i386_-_detailed

(with some slight modification because I'm using an x86_64 CentOS 5.9)
I set up 3 LDAP entry, which pretty much look like the following:
(1) OU=ASCII,DC=company,DC=cn
(2) OU=中国的,DC=company,DC=cn
(3) OU=People,DC=test,DC=net

The log informations are working, I tested it alot.
I have only one project, only one group that is "developper" on that project, and the repository is well configured.
My users in (1) and (2) is in the group, my user in (3) is not.
The 3 of them are perfectly able to log on Redmine.

When I try to "svn ls http://redmine/svn/reponame" or go on the web interface with account (3), I get the expected result: Go to hell.
When I try to "svn ls http://redmine/svn/reponame" or go on the web interface with account (1), I can access it as expected.
Buy when I try the same with account (2), or other accounts belonging to the 2nd LDAP server, I get:
[Mon May 13 17:08:31 2013] [error] [client 192.168.3.79] access to /svn/redmine failed, reason: verification of user id 'xxxxxx' not configured

My virtual host is almost exactly the same as the one given in the above tutorial, except for a slight variation (it can probably be done cleaner, but I'm not an apache pro right
<Limit GET PROPFIND OPTIONS REPORT>
Allow from 127.0.0.1
Require valid-user
Satisfy any
</Limit>

However removing this part doesn't make things work.

I believe this to be a bug in the perl authentification / authorization module which doesn't handle the Chinese OU well.
Can any Ruby guru take a look at it, it would be very much appreciated to have a fix.
I let someone more affiliated to Redmine setting the priority (or I would go for urgent !).
Here's rake about and svn info.

[root@glpi redmine]# RAILS_ENV=production rake about
About your application's environment
Ruby version 2.0.0 (x86_64-linux)
RubyGems version 2.0.2
Rack version 1.4
Rails version 3.2.13
Active Record version 3.2.13
Action Pack version 3.2.13
Active Resource version 3.2.13
Action Mailer version 3.2.13
Active Support version 3.2.13
Middleware Rack::Cache, ActionDispatch::Static, Rack::Lock, #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x002b9855625d40>, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::RemoteIp, ActionDispatch::Callbacks, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ParamsParser, ActionDispatch::Head, Rack::ConditionalGet, Rack::ETag, ActionDispatch::BestStandardsSupport, OpenIdAuthentication
Application root /var/www/redmine
Environment production
Database adapter mysql2
Database schema version 20130217094251

[root@glpi redmine]# svn info
Path: .
URL: http://svn.redmine.org/redmine/branches/2.3-stable
Repository Root: http://svn.redmine.org/redmine
Repository UUID: e93f8b46-1217-0410-a6f0-8f06a7374b81
Revision: 11838

History

#1 Updated by Mathias LANG over 9 years ago

A possible workaround,and a proof that's definitely the encoding, is to use GUID as baseDN.
I moved my bind account to a plain-ascii OU, and replaced baseDN with it's <GUID=..........> equivalent, and it is now working.

Also available in: Atom PDF