Error in WebUI after Upgrade from 2.13 to 2.17

I have privacyIDEA version 2.13 running on Ubuntu 14.04. It was installed
via apt-get from the repository in the documentation. It’s been running
like a champ, but then a while ago we went to do Ubuntu upgrades on the
system and, as a result, privacyIDEA was upgraded to version 2.17.
Afterward, when users logged in to the WebUI and clicked “Enroll Token”,
they received an error: “‘NoneType’ object has no attribute ‘split’”. The
token enrollment page would still come up, but the fields for setting the
PIN would not display. We ended up rolling back the virtual machine to a
snapshot and leaving it. I’ve since created a clone of the system in order
to recreate the issue. If I apply all of the system updates EXCEPT
privacyidea-apache2, privacyidea-radius, and python-privacyidea, everythign
continues to work just fine. but as soon as I upgrade the actual
privacyidea packages, it breaks. Interestingly, if I stand up a brand NEW
UBuntu 14.04 system, perform all ubuntu updates, and then install a brand
NEW install of privacyIDEA 2.17 it works just fine. Something about the
apt-get upgrade process, though, fubar’s it…

I’ll post the backtrace from the privacyidea.log below. However, as far as
I can tell, correcting the OTP Pin in the WebUI policy (changing SetPIN to
EnrollPIN basically) seems to have caused the error to go away. I found
that the error could sometimes just not show up, but if you kept clicked
back and forth between Enroll token and All Tokens (as a user) it would
eventually pop up. After correcting the WebUI policy, though, even doing
that wouldn’t cause the error to crop up so I’m thinking it’s probably
fixed. So thanks for the help gents! Like I said, here is the backtrace
from the log file, though, for posterity (and the off chance that it rings
a bell with someone about some OTHER issue that isn’t readily apparent):

[2017-03-03 09:42:36,343][1408][-1357743296][ERROR][privacyidea.app:1423]
Exception on /caconnector/ [GET]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1473, in
full_dispatch_request
rv = self.preprocess_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1666, in
preprocess_request
rv = func()
File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”, line
324, in decorated_function
return f(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/before_after.py”,
line 76, in before_user_request
before_request()
File “/usr/lib/python2.7/dist-packages/privacyidea/api/before_after.py”,
line 157, in before_request
"realm")})
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 187,
in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
560, in get_user_from_param
user_object.get_resolvers()
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
189, in get_resolvers
uid = y.getUserId(self.login)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 154, in cache_wrapper
f_result = func(self, *args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 443, in getUserId
self._bind()
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 343, in _bind
server_pool = self.get_serverpool(self.uri, self.timeout)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 651, in get_serverpool
for uri in urilist.split(","):
AttributeError: ‘NoneType’ object has no attribute 'split’On Friday, March 3, 2017 at 5:37:38 AM UTC-5, Cornelius Kölbel wrote:

As for the missing OTP PIN:
A policy for setting OTP PIN was added lately. So you need to update
either the user-policy or the admin-policy and the OTP PIN field will be
available again.

As for the NoneType: Check what Jochen pointed out and review the log file.
It could also be a problematic user in your user directory.
Kind regards
Cornelius

Am Donnerstag, 2. März 2017 22:51:01 UTC+1 schrieb Aaron Smith:

I have privacyIDEA version 2.13 running on Ubuntu 14.04. It was
installed via apt-get from the repository in the documentation. It’s been
running like a champ, but then a while ago we went to do Ubuntu upgrades on
the system and, as a result, privacyIDEA was upgraded to version 2.17.
Afterward, when users logged in to the WebUI and clicked “Enroll Token”,
they received an error: “‘NoneType’ object has no attribute ‘split’”. The
token enrollment page would still come up, but the fields for setting the
PIN would not display. We ended up rolling back the virtual machine to a
snapshot and leaving it. I’ve since created a clone of the system in order
to recreate the issue. If I apply all of the system updates EXCEPT
privacyidea-apache2, privacyidea-radius, and python-privacyidea, everythign
continues to work just fine. but as soon as I upgrade the actual
privacyidea packages, it breaks. Interestingly, if I stand up a brand NEW
UBuntu 14.04 system, perform all ubuntu updates, and then install a brand
NEW install of privacyIDEA 2.17 it works just fine. Something about the
apt-get upgrade process, though, fubar’s it…

As for the missing OTP PIN:
A policy for setting OTP PIN was added lately. So you need to update either
the user-policy or the admin-policy and the OTP PIN field will be available
again.

As for the NoneType: Check what Jochen pointed out and review the log file.
It could also be a problematic user in your user directory.
Kind regards
CorneliusAm Donnerstag, 2. März 2017 22:51:01 UTC+1 schrieb Aaron Smith:

I have privacyIDEA version 2.13 running on Ubuntu 14.04. It was installed
via apt-get from the repository in the documentation. It’s been running
like a champ, but then a while ago we went to do Ubuntu upgrades on the
system and, as a result, privacyIDEA was upgraded to version 2.17.
Afterward, when users logged in to the WebUI and clicked “Enroll Token”,
they received an error: “‘NoneType’ object has no attribute ‘split’”. The
token enrollment page would still come up, but the fields for setting the
PIN would not display. We ended up rolling back the virtual machine to a
snapshot and leaving it. I’ve since created a clone of the system in order
to recreate the issue. If I apply all of the system updates EXCEPT
privacyidea-apache2, privacyidea-radius, and python-privacyidea, everythign
continues to work just fine. but as soon as I upgrade the actual
privacyidea packages, it breaks. Interestingly, if I stand up a brand NEW
UBuntu 14.04 system, perform all ubuntu updates, and then install a brand
NEW install of privacyIDEA 2.17 it works just fine. Something about the
apt-get upgrade process, though, fubar’s it…

Aaron Smith ministeroftruth@gmail.com writes:

I have privacyIDEA version 2.13 running on Ubuntu 14.04. It was installed
via apt-get from the repository in the documentation. It’s been running
like a champ, but then a while ago we went to do Ubuntu upgrades on the
system and, as a result, privacyIDEA was upgraded to version 2.17.
Afterward, when users logged in to the WebUI and clicked “Enroll Token”,
they received an error: “‘NoneType’ object has no attribute ‘split’”.

Can you get the backtrace from /var/log/privacyidea/privacyidea.log? I
had similar messages, which were caused by database inconsistencies, I
think between the token and tokeninfo table. I had to clean that up
manually.

Jochen

Aaron Smith ministeroftruth@gmail.com writes:

that the error could sometimes just not show up, but if you kept clicked
back and forth between Enroll token and All Tokens (as a user) it would
eventually pop up.

Yes, that’s what I saw too.

[2017-03-03 09:42:36,343][1408][-1357743296][ERROR][privacyidea.app:1423]
Exception on /caconnector/ [GET]

That’s not what I expected…

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
560, in get_user_from_param
user_object.get_resolvers()
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
189, in get_resolvers
uid = y.getUserId(self.login)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 154, in cache_wrapper
f_result = func(self, *args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 443, in getUserId
self._bind()
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 343, in _bind
server_pool = self.get_serverpool(self.uri, self.timeout)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 651, in get_serverpool
for uri in urilist.split(","):
AttributeError: ‘NoneType’ object has no attribute ‘split’

My guess would something wrong in table resolverid and resolverconfig.
I guess my system has a problem too:

mysql> select * from resolver;±—±-------------------±-------------+
| id | name | rtype |
±—±-------------------±-------------+
| 3 | ldap-special-users | ldapresolver |
| 5 | kolab | ldapresolver |
| 6 | IPA | ldapresolver |
| 7 | IPA-admins | ldapresolver |
±—±-------------------±-------------+
4 rows in set (0,00 sec)
mysql> select resolver_id from resolverconfig;
±------------+
| resolver_id |
±------------+
| NULL |
| NULL |

I guess I’ll remove the rows with resolver_id == NULL;

Jochen

Hi Aaron,Am Freitag, 3. März 2017 15:51:45 UTC+1 schrieb Aaron Smith:

File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 443, in getUserId
self._bind()
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 343, in _bind
server_pool = self.get_serverpool(self.uri, self.timeout)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 651, in get_serverpool
for uri in urilist.split(","):
AttributeError: ‘NoneType’ object has no attribute ‘split’

Please check the definition of your LDAP Resolver.
The error occurs, because it does not get a configured URI list for your
LDAP URIs!
Kind regards
COrnelius