Host OS: RHEL 8.4
OOD deployed with Puppet OOD module
I’m setting up OOD to authenticate through ACCESS and I’m having an issue with user mapping. After going through ACCESS, I get an error instead of being sent to the dashboard.
Your timing is excellent! Remote user is being URL encoded, so what’s being passed during the actual execution is not yanzhan2@ncsa.illinois.edu but is in fact yanzhan2%40ncsa.illinois.edu.
I’ve updated our 2.1 documentation and will update our latest documentation tomorrow (2-28).
It’s good to use your own mapping script. We stopped shipping our own, and it’s unclear how long ood_auth_map.mapfile has worked and indeed if it even continues to work.
Check /var/log/httpd24-httpd/error_log for any errors that script may throw. I’m thinking loading/library errors from python. The environment this is executed under is limited in the sense that it may not have all the things you’ve loaded in a shell environment.
Use the syslogger if you can to print any errors or debug information to journalctl.
Okay, I tried logging to syslog and found that the script didn’t finish.
Script:
#!/bin/python3
mapfile="/sw/admin/grid-security/oauth-mapfile.cron"
import sys
import syslog
syslog.syslog("importing urllib")
import urllib.parse as urlparse
syslog.syslog("finished import")
inputuser=urlparse.unquote(sys.argv[1])
syslog.syslog("input user: "+inputuser)
usermapping=dict(authuser="",mapped="")
for line in open(mapfile,'r'):
(authuser,mapped) = line.split()
usermapping[authuser.strip("\"")]=mapped
syslog.syslog("finished reading "+str(len(usermapping))+" entries")
if inputuser in usermapping:
print(usermapping[inputuser])
syslog.syslog("mapped "+inputuser+" to "+usermapping[inputuser])
else:
print("")
syslog.syslog("unable to map "+inputuser)
Logs:
Feb 28 10:45:22 ood-test.delta.internal.ncsa.edu /ood-gridmap.py[42122]: importing urllib
Feb 28 10:45:22 ood-test.delta.internal.ncsa.edu /ood-gridmap.py[42122]: finished import
Feb 28 10:45:22 ood-test.delta.internal.ncsa.edu /ood-gridmap.py[42122]: input user: yanzhan2@ncsa.illinois.edu
So looks like it didn’t have problems loading libraries but for some reason stopped at the for loop loading the mapfile. Is there a memory restriction here?
I don’t think so. I just tested against just over 3,000 entries. I’d guess there’s some sort of error it encountered. Is there anything in /var/log/httpd24-httpd/error_log? If not, add a try and except block and log the error.
Feb 28 17:08:47 97b05dc2ed01 /test.py[733]: importing urllib
Feb 28 17:08:47 97b05dc2ed01 /test.py[733]: finished import
Feb 28 17:08:47 97b05dc2ed01 /test.py[733]: input user: jeff@localhost
Feb 28 17:08:47 97b05dc2ed01 /test.py[733]: finished reading 3017 entries
Feb 28 17:08:47 97b05dc2ed01 /test.py[733]: mapped jeff@localhost to jeff
Sorry, I can never tell who’s on what system. It would be /var/log/httpd/error_log. Just error_log with no extension or ssl or hostname in the filename.
Also I’m finding that /opt/ood/ood_auth_map/bin/ood_auth_map.mapfile does continue to work, although just with the test file I generated - 3,000 users generated from random strings. So there could be something I’m missing in the test file generation.
Got it, yea it’s likely encoding like the LANG environment variable is C_ASCII - that’s not right, I’m blanking on what the bad/old encoding LANG could be, but you’d see it in a crontab output. in any case, it’s not UTF-8.
Try forcing utf-8 encoding here when you’re rading the file.