Empty BaseDN when searhing with Python ldap3 #168
Description
I set up a GLauth docker container and populated the configuration with some users (see config at the bottom).
I can send a search query with ldapsearch and get the expected results:
$ ldapsearch -LLL -H ldap://localhost:3893 -D 'uid=test_admin,ou=admins,dc=glauth,dc=com' -w test -x -b 'dc=glauth,dc=com'
dn: uid=test_admin,ou=admins,dc=glauth,dc=com
cn: test_admin
uid: test_admin
ou: admins
uidNumber: 5001
accountStatus: active
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/test_admin
description: test_admin
gecos: test_admin
gidNumber: 5501
memberOf: cn=admins,ou=groups,dc=glauth,dc=com
shadowExpire: -1
shadowFlag: 134538308
shadowInactive: -1
shadowLastChange: 11000
shadowMax: 99999
shadowMin: -1
shadowWarning: 7
[...]
GLAuth logs:
ldap_1 | 20:24:21.491427 Bind ▶ DEBU 015 Bind request: bindDN: uid=test_admin,ou=admins,dc=glauth,dc=com, BaseDN: dc=glauth,dc=com, source: 172.18.0.1:51468
ldap_1 | 20:24:21.493760 Bind ▶ DEBU 016 Bind success as uid=test_admin,ou=admins,dc=glauth,dc=com from 172.18.0.1:51468
ldap_1 | 20:24:21.496512 Search ▶ DEBU 017 Search request as uid=test_admin,ou=admins,dc=glauth,dc=com from 172.18.0.1:51468 for (objectclass=*)
ldap_1 | 20:24:21.496995 Search ▶ DEBU 018 AP: Search OK: (objectclass=*)
I tried the same with Python's ldap3 library:
entry = conn.search("dc=glauth,dc=com", f"(uid={uid})", attributes=['*'])
By debugging I ensured I am passing the same BaseDN, but the LDAP server replies with an error. The logs show that the BaseDN is not being passed correctly, actually it's empty:
ldap_1 | 20:28:12.418970 Bind ▶ DEBU 019 Bind request: bindDN: uid=test_admin,ou=admins,dc=glauth,dc=com, BaseDN: dc=glauth,dc=com, source: 172.18.0.13:35039
ldap_1 | 20:28:12.419057 Bind ▶ DEBU 01a Bind success as uid=test_admin,ou=admins,dc=glauth,dc=com from 172.18.0.13:35039
ldap_1 | 20:28:12.421289 Search ▶ DEBU 01b Search request as uid=test_admin,ou=admins,dc=glauth,dc=com from 172.18.0.13:35039 for (objectClass=*)
ldap_1 | 2021/02/02 20:28:12 handleSearchRequest error LDAP Result Code 50 "Insufficient Access Rights": Search Error: search BaseDN is not in our BaseDN dc=glauth,dc=com
This seems related to #68.
My configuration:
#################
# glauth.conf
#################
# General configuration.
debug = true
#syslog = true
watchconfig = true
[ldaps]
enabled = false
[ldap]
enabled = true
listen = "0.0.0.0:3893"
#################
# The backend section controls the data store.
[backend]
datastore = "config"
baseDN = "dc=glauth,dc=com"
nameformat = "uid"
#################
# The users section contains a hardcoded list of valid users.
# to create a passSHA256: echo -n "mysecret" | openssl dgst -sha256
[[users]]
name = "test_admin"
unixid = 5001
primarygroup = 5501
passsha256 = "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" # "test"
[[users]]
name = "test_staff"
unixid = 5002
primarygroup = 5502
passsha256 = "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
[[users]]
name = "test_trusted"
unixid = 5003
primarygroup = 5503
passsha256 = "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
[[users]]
name = "test_scholar"
unixid = 5004
primarygroup = 5504
passsha256 = "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
[[users]]
name = "test_public"
unixid = 5005
primarygroup = 5505
passsha256 = "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
#################
# The groups section contains a hardcoded list of valid users.
[[groups]]
name = "admins"
unixid = 5501
[[groups]]
name = "staff"
unixid = 5502
[[groups]]
name = "trusted"
unixid = 5503
[[groups]]
name = "scholars"
unixid = 5503
[[groups]]
name = "public"
unixid = 5503
#################
# Enable and configure the optional REST API here.
[api]
enabled = true
tls = false # enable TLS for production!!
listen = "0.0.0.0:5555"