LDAP Authentication broken after upgrade to 0.26.0

[comphilip]

Current Behavior

<class 'django.core.exceptions.ImproperlyConfigured'>
AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance.

Python version: 3.8.6
NetBox version: 2.9.7

Expected Behavior

LDAP authentication successfully.

Debug Information

The output of docker-compose version: 1.25.0
The output of docker version: 19.03.12

The output of docker-compose logs netbox:

netbox_1       | ▶️ Running the startup script /opt/netbox/startup_scripts/250_dcim_interfaces.py
netbox_1       | ▶️ Running the startup script /opt/netbox/startup_scripts/260_ip_addresses.py
netbox_1       | ▶️ Running the startup script /opt/netbox/startup_scripts/270_primary_ips.py
netbox_1       | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1       |
netbox_1       | 0 static files copied to '/opt/netbox/netbox/static', 979 unmodified.
netbox_1       | ✅ Initialisation is done.
netbox_1       | [2020-10-27 09:16:48 +0000] [1] [INFO] Starting gunicorn 20.0.4
netbox_1       | [2020-10-27 09:16:48 +0000] [1] [INFO] Listening at: http://0.0.0.0:8001 (1)
netbox_1       | [2020-10-27 09:16:48 +0000] [1] [INFO] Using worker: sync
netbox_1       | [2020-10-27 09:16:48 +0000] [24] [INFO] Booting worker with pid: 24
netbox_1       | [2020-10-27 09:16:48 +0000] [25] [INFO] Booting worker with pid: 25
netbox_1       | [2020-10-27 09:16:48 +0000] [26] [INFO] Booting worker with pid: 26
netbox_1       | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/ldap/ldap_config.py'
netbox_1       | 🧬 loaded config '/etc/netbox/config/ldap/ldap_config.py'
netbox_1       | 172.21.0.6 - - [27/Oct/2020:09:16:50 +0000] "GET /login/?next=/ HTTP/1.0" 200 21556 "
netbox_1       | AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance. while authenticating philip.chan@xxx.net
netbox_1       | AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance. while authenticating philip.chan@xxx.net
netbox_1       | AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance. while authenticating philip.chan@xxx.net
netbox_1       | AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance. while authenticating philip.chan@xxx.net
netbox_1       | AUTH_LDAP_USER_SEARCH must be an LDAPSearch instance. while authenticating philip.chan@xxx.net
netbox_1       | 172.21.0.6 - - [27/Oct/2020:09:16:54 +0000] "POST /login/ HTTP/1.0" 500 1829 "https://netbox.xxx.xxx/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0"

The output of docker-compose logs nginx:

nginx_1        | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
nginx_1        | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
nginx_1        | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx_1        | 10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
nginx_1        | 10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
nginx_1        | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
nginx_1        | /docker-entrypoint.sh: Configuration complete; ready for start up
nginx_1        | 2020/10/27 09:16:39 [notice] 1#1: using the "epoll" event method
nginx_1        | 2020/10/27 09:16:39 [notice] 1#1: nginx/1.19.3
nginx_1        | 2020/10/27 09:16:39 [notice] 1#1: built by gcc 9.3.0 (Alpine 9.3.0)
nginx_1        | 2020/10/27 09:16:39 [notice] 1#1: OS: Linux 5.4.67-flatcar
nginx_1        | 2020/10/27 09:16:39 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
nginx_1        | 2020/10/27 09:16:39 [notice] 1#1: start worker processes
nginx_1        | 2020/10/27 09:16:39 [notice] 1#1: start worker process 29

[cimnine]

Please provide a complete bug report, i.e. with log output.

[comphilip]

@cimnine log uploaded

[comphilip]

I found where the problem is. It is cause by docker/ldap_config.docker.py. docker/ldap_config.docker.py act as dynamic loader for /etc/netbox/config/ldap/ldap_config.py, after loading the python module, it will forward caller's getattr operation with __getattr__.

While in netbox.authentication.LDAPBackend, after loading ldap configration module, it enumerate all attribute of ldap configuraion module with dir operation to find properties with prefix AUTH_LDAP_ and set those value to django ldap setting. (https://github.com/netbox-community/netbox/blob/3047208e6a635441863a648a2a2993d9b0841ae6/netbox/netbox/authentication.py#L166) docker/ldap_config.docker.py does not foward dir operation and LDAPBackend failed to set LDAP configration.

[cimnine]

This should now be fixed in 0.26.2. Thanks for the help!

[tyldum]

@cimnine @comphilip
Kudos for being on the ball here and getting this fixed quickly!