No module named 'ldap'

[Pe4enie]

Hello,

I'm using latest image of alpine distribution with the following setup:

COPY config/* /opt/graphite/conf/
RUN rm /opt/graphite/webapp/graphite/local_settings.py
COPY local_settings.py /opt/graphite/webapp/graphite/

to copy my retention policies and enable LDAP authentication. The only changes done to local_settings.py are the lines concerning LDAP configuration.

When I start the container and try to login with an LDAP account, I see the exception with following stack trace:

Traceback (most recent call last):
  File "/opt/graphite/lib/python3.6/site-packages/django/core/handlers/exception.py", line 41, in inner
    response = get_response(request)
  File "/opt/graphite/lib/python3.6/site-packages/django/core/handlers/base.py", line 187, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/opt/graphite/lib/python3.6/site-packages/django/core/handlers/base.py", line 185, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/graphite/webapp/graphite/account/views.py", line 33, in loginView
    user = authenticate(username=username,password=password)
  File "/opt/graphite/lib/python3.6/site-packages/django/contrib/auth/__init__.py", line 68, in authenticate
    for backend, backend_path in _get_backends(return_tuples=True):
  File "/opt/graphite/lib/python3.6/site-packages/django/contrib/auth/__init__.py", line 29, in _get_backends
    backend = load_backend(backend_path)
  File "/opt/graphite/lib/python3.6/site-packages/django/contrib/auth/__init__.py", line 23, in load_backend
    return import_string(path)()
  File "/opt/graphite/lib/python3.6/site-packages/django/utils/module_loading.py", line 20, in import_string
    module = import_module(module_path)
  File "/opt/graphite/lib/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 994, in _gcd_import
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 678, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/opt/graphite/webapp/graphite/account/ldapBackend.py", line 15, in <module>
    import ldap, traceback
ModuleNotFoundError: No module named 'ldap'

Uncommenting following lines in the local_settings.py causes parsing error during start-up which causes default values to be used (likely the same exception, which is unfortunately is not logged):

#import ldap
#ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) # Use ldap.OPT_X_TLS_DEMAND to force TLS
#ldap.set_option(ldap.OPT_REFERRALS, 0) # Enable for Active Directory
#ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "/etc/ssl/ca")
#ldap.set_option(ldap.OPT_X_TLS_CERTFILE, "/etc/ssl/mycert.pem")
#ldap.set_option(ldap.OPT_X_TLS_KEYFILE, "/etc/ssl/mykey.pem")
#ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255) # To enable verbose debugging

Best Regards,
Grigory

[deniszh]

Looks like a bug, but maybe something is wrong with your config. I just tested - ldap module is installed in docker image:

% docker exec -it 9831d360ed79 /bin/sh
/ # ps awx | grep python
   51 root      0:00 {gunicorn} /opt/graphite/bin/python3 /opt/graphite/bin/gunicorn wsgi --preload --pythonpath=/opt/graphite/webapp/graphite --workers=4 --threads=2 --limit-request-line=0 --max-requests=1000 --timeout=65 --bind=0.0.0.0:8080 --log-file=/var/log/gunicorn.log
   55 root      0:00 python3 /opt/graphite/bin/carbon-cache.py start --debug
   60 root      0:00 python3 /opt/graphite/bin/carbon-aggregator.py start --debug
  116 root      0:00 {gunicorn} /opt/graphite/bin/python3 /opt/graphite/bin/gunicorn wsgi --preload --pythonpath=/opt/graphite/webapp/graphite --workers=4 --threads=2 --limit-request-line=0 --max-requests=1000 --timeout=65 --bind=0.0.0.0:8080 --log-file=/var/log/gunicorn.log
  117 root      0:00 {gunicorn} /opt/graphite/bin/python3 /opt/graphite/bin/gunicorn wsgi --preload --pythonpath=/opt/graphite/webapp/graphite --workers=4 --threads=2 --limit-request-line=0 --max-requests=1000 --timeout=65 --bind=0.0.0.0:8080 --log-file=/var/log/gunicorn.log
  118 root      0:00 {gunicorn} /opt/graphite/bin/python3 /opt/graphite/bin/gunicorn wsgi --preload --pythonpath=/opt/graphite/webapp/graphite --workers=4 --threads=2 --limit-request-line=0 --max-requests=1000 --timeout=65 --bind=0.0.0.0:8080 --log-file=/var/log/gunicorn.log
  119 root      0:00 {gunicorn} /opt/graphite/bin/python3 /opt/graphite/bin/gunicorn wsgi --preload --pythonpath=/opt/graphite/webapp/graphite --workers=4 --threads=2 --limit-request-line=0 --max-requests=1000 --timeout=65 --bind=0.0.0.0:8080 --log-file=/var/log/gunicorn.log
/ # python3
Python 3.6.6 (default, Aug 24 2018, 05:04:18)
[GCC 6.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ldap
>>> quit
Use quit() or Ctrl-D (i.e. EOF) to exit
>>>
/ #```

[Pe4enie]

Hey,

I also checked that beforehand and spent quite some time ruling out other possible causes (like configuration being wrong). Unfortunately, everything lead to a point, that's it really is a bug. Can you reproduce it the same way I did? (copying local_settings.py with USE_LDAP_AUTH = True into container and then just trying to login)

I'm 100% positive my LDAP configuration is correct, as it was the first thing I checked (connectivity + configuration itself) by using third-party tools like ldapsearch from openldap-clients package.

Best Regards,
Grigory

[piotr1212]

@deniszh did you activate the virtualenv? It looks like ldap is not installed in the virtualenv.

[deniszh]

@piotr1212 : ah, you're absolutely right, thanks!
@Pe4enie : Fixed in v1.1.5-11

[Pe4enie]

@deniszh, yep, that fixed the issue, thanks!