Failing to retrieve user list from Active Directory server

We’re trying out PrivacyIDEA. Installed Version 1.4.1 from Ubuntu
repositories. We setup a default realm and a userid from the local passwd
file. That worked well enough, but when setting up a LDAP connection to our
AD controllers we can’t get any users accounts to show up. We’re using the
default setting for AD in the LDAP UserIDResolvers. When testing the
connection it returns with the correct number of users. Checking the log
file shows up the following error:

2014/12/24 - 12:08:57 ERROR {140040261662656}
[privacyidea.lib.user][getUserList #637] Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
622, in getUserList
ulist = y.getUserList(searchDict)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 232, in getUserList
uid = entry.get(self.uidtype)[0]
TypeError: ‘NoneType’ object has no attribute ‘getitem

Any idea on what we should check?

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVbXo2WkFBb0pFQkJoWkZVdWpZRkp4NWNQLzFoOXcra0t0TzVWYU9MV3hFTVlr
Z25jDQpPUUJrUFEvU1NjZ2pZSlZxRkd3R2ZmMTdPMHVKMmhoeUtvc2R0VEJISHprNFZHUXVZTWEw
K3YzZk8xQkVjRmcrDQpLQThOMVZsUTlpWVpYVGgzWWhSUENZVCttcHIvdlRrVm1nYjlKbjRuYXBa
dFMzUC9LME1nMWhYOFdRNkFoT2VmDQpQTjh0ZjA2QnpuZkV0VWJ1eXdzNDdxdTNLNkNlOXNiZWxK
TDQyc0VrMlVXTFpER1YwdWRlY000SlNtOWMzR1FODQppOUNidmNuRGpNLzl1RkFJTlJBMFZUbWVp
djRudHUyN0Y3a0FuYys1eWI4NzN3RkczMkwrYTFhcXNlL1kyMUN2DQpnLzFISE56SGU2bkVCMTZs
VXB6WThmU3JJZy94VWQxcnVvK0sxamRtR3FWVW51a0daU0hRK2ZtSUwvSisrK2s1DQplQ3ZiMFZC
Q0IrSVMrMW1nQ0JsU1BHRE9XczJORVVhV0xwVi9JRFJtSDlpWGhRUlVDRG0zbTdaOXBGTUpmQlZH
DQp0d0hxVGFCU0ptdFVaS0RGOGYydlE5WWNENnBwLzFKVDE1bkpSMC9pdmpuRXE1MG9hT1FKQlpq
aERWVmtFSUpzDQozT0RnYjVPZEl3NDNXS2tJQ2ttaWQ3cnZUWGlLditnTkRneVllcjNZcFFJK0xQ
TXRnZnB3eTBIUnd2MUNwMVl2DQpYeWNPVmJSL01YUnNSS25vaE16VXNPaWNkc05jM3dDMElMRWhz
MDdZUVZWT2o4TEZkaCtVVE9kbWd6eEU3MUlaDQorSWhhVUdmT2RPRk5PUGNldkwzVVhCaUNtQjFl
UVZySWoxcmJ6WlRqcHNOWTB2QWFYTEtNdXMxYjVUWWlCYVRnDQpJM3pick9hNW12MG45RDZGOG81
aA0KPU54VDQNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVbXp4TkFBb0pFQkJoWkZVdWpZRkpuaEVRQUtpTXZPYnhueWQ5S2JGYW5Fazdq
UEVPDQpTSE95U1BGWklVSEJ3SVcwdC96WGJ2ZDJ2c2toZGdneVI0NTllMVkvMnMzcFFjYnJUeU9N
L2VkWmtqTGZpdTJsDQpKZVh6ZEJwLzhmRktGdnlZYlhZb3lFL2JwMzNVMnF4N3pzT2x1SXEwbVBW
SzRGNzdsRmpkRnF6VmQzNGd5N012DQpYdEdLamgrcHBtMW8zV1g1MkZnYVVkVUNEQmN6Z0tRa05N
NkpURUh4KzhxeFdyNDRRUWRxSXRKK3BzcjhteXBaDQpQbTVvWDY0YWtZTllsZUNtZ1Z2R1o1enRr
dDN2am9UVUV3Uno4YkxweWh1ODlzNUV1WHhnVzJRVWVzazhvbE91DQphR1VzQnBaSEc1c2NLZWhl
ODBTeXFVNi9ubVlzaS90Uy9TTW1NQkNybDQ2d3paT3JKcTQrNXJHbWZnbzBTNVB0DQpIM0ZJZlVj
QTAwUWoxeHhlM1pMVUFpYitjZVJzcEdxNU84RU1xc1hSSUVwN0h1ZVBzK211bmJrcjRzeWtPcDZY
DQpTd2l2ZG5zRVpIOVR5K0ROczNGUUEwdnZmL1U2WEg0anE1c3dMYUNQbUE4bnRwZUhmNERPTmV0
dlVpZmFVZDl6DQp1THYyNlAxK2xEdWJSUUR1L2dBcnFtekhWWFZwQ0gyK2dIdGY0YlFoOGcyNzR5
WCtNckNYdXlFSFVldGUyc2NaDQpNUTh2a3F0SlVpdVIwcFMxMzc5ZC9hYnJQQmVkUXNCa0Jtc2w5
L1UwZGNsYzdIanRlMDQwak1HcExzRTBKZUdVDQpRd0R1ZzM2WXFFMXNGaTdGa21BcGFWdEgyeUpa
cFRhMExxMVZPM3RTMEFZLzYvaUtSNE5zczNpTUo2bGtWb254DQpuNU9VK2k1WFdQVERzcStMZ3JV
Zg0KPW1UOFoNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVbkI4dEFBb0pFQkJoWkZVdWpZRkpCZXdRQU1qSVUxakhHQXFlM1VtRDFsalFU
TFRBDQpQUXd1WVdheENla20zSXlMblhXMzdKQVlTUnZmQ1lSdE52MUhCMUlqNDNLS2QrZkVqUnh4
dzIzVWhkUmRWN0RxDQpTM1FNb3YzdU90Nzk1bEg0a3g5VUZyWjIvNEhjYWZiUGtOOEhCaHB3NXU3
d0kwU25IWkNoWUNtMUIvQUh6YXZwDQpnT2lMVU1nK2VzZjh3c2JPdlVtWUFaZVZFSUJPNUNqMnor
S2dYTVdHWHU2bmJiN1dXamxEY3NXbWUxeFQrNHNqDQp5RVR3NWN4N0hnNEJiUlJ3VUFTZnRoSGlM
eDVxdVVKMkNDQ0JNZXVUZk5zZmwvMms4VjBhZjBYNlZHWGlEWHRPDQozU1VyRjRYV2FmNWhIUVlZ
YVpNZ3gwanJRMzZnbG9PT2R6OFFQMVBFamNCLzhROWhvcHJhSmkyS1c0Zjk3dDI0DQppRkVlQUEv
eTdmdkU5OUMzZUtXUTY3Yk9qVmxxZkVPTGJpR1pNblNOMkFHclVFTVZUWnE5TVk2MUl4TnAwaUE4
DQphWmFDRDJ1ZDNqYmw4bjFzNlN5amxJam1zWTRjTmxXcmM2YWF3UWR3NGxLOWp6U1BCc3NGcXgw
T2RVWkRqNW5nDQpuUWRiK1lnR0syQmZ1eHNpblpQNmpkeklCYjhRNEt3SmF4RHQrOVRINGNISExl
aGVFOWpBOUtadENLSXcvanFXDQo4dnk0TUsxdEE2aDJtTGFsMVVvSkFyeGRvWGI3WGRXNDB3N2Q2
RXRIa05ONkJxQWVuTFN6MWVGR21ibHp5ZDhtDQpwSm1iNmFGZHhzMVJoQ0ZpMk93c1UzbkpIT2ZQ
V3grNXQ2Uzk3ZVdST2tZMkVPZ09XTVdKTW02YlZ4YnQ2bjZiDQo0KzN1MGN3akg4VWZrelduZTdC
Rg0KPTZlTlYNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVbS94bUFBb0pFQkJoWkZVdWpZRkpBWWNRQUxkOVpJZVVVMktuYUZDTUloUUdm
dE9WDQp1TGlCM0Q0WCtoYTZkcHgxMFNLZm8xeXJoQTJ2T2RnakI1RnNYSFNtRnRabGQ2anhVSXhp
MnNOaGhINVY5eW9iDQpaWjNEcWMrR1FZcm9LbzA4Y2lKMEhBVjZzeG9KNFlRU29ScFRRRlBsSllT
K1pDSkd6aDlFT2xIeHdOa2RLSkIwDQplOXM0d0xEUTJEWWo0ckR0dzNyN2VxNVVsTWVCdDR1WjVl
dlZ1d1p6MGpjaTJQR1VycXNyTHBzN0JNTEJic3VTDQowV2tVcHdlSWoySFhmUGJUdEIvS3k1eEM1
T1B2OTVacHVJK0RDUExRczQxcG0zdVNaMk0wVlJGUDBQaUdWOFA2DQpYQzdJb2NVNGpyUGg2SEVE
TmNzbVNreDFmclVVclVPSHRrRS9QcWU0YWY2THVGK3F3ZnVZbTFnbWtYbDZobGxFDQo4WEx2Slcw
NE1Lb3hXRllYdFR5RnY5OEdQVjBvb2YwWGhCTzIrZUpYMjBJbmpqVFZKU29vM3dQL2pBeVJJbmtq
DQpjaFl1SEtEdzFYb01ZR2VneEMwUGFlN3k0RkdlMHdYcGt6MjYxcVl1KzhrOTgrWjlja1d1d2J1
OUUxVHFUa2cwDQpJQkpVallMaWhRUEdCR0J5VVRoUlY1Q0tseTlzdUUzcUs4T0dEcGlkQlJqYjc2
cU1Xalh6MHUwdm5RZDRDNmFWDQpJQi9idWRBMFZ3VzV0TElIR2MydGY5RlIvWFo1UDYrMmJPbXli
dmRESHQ0T0UvcC9SSzJsZEovejFyK3lnUzNlDQpnbml3cEZjU3ZrU1NvVHMyQ0RkR3NScnVNc0k3
aldMMG0wV0NWbkN4Qit1L0VwUjRrcS9uTk13WjIrRmlzV1N6DQpiQTRyZXNIMGtEMEdVeHA1czZO
cw0KPTE2OXcNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVbkNvcEFBb0pFQkJoWkZVdWpZRkpmaXNQLzE3R01TdThpL0ZYZXRtUzdER2xk
U3hVDQpHYnJyQmJ2UHIrcUdlNTllTUo1SGYwYTNHUUdEVDhhdmY1aXZTUXducXU4TnRYQVh0aW94
V0tzY2RkeU8wMTc5DQpHKzlCeVRJeXpFYjdXbHJWaTVjOWhKOXBPaHBtbERaZDRNaFlQNWlwR0Yz
QmIxdkF6SEp2TWtCM2ZFQVlVdjhtDQpLUHlvOHZ3WTlscCtiQVJwdUdNd1NqOGxhaUJzZmdoV1lo
VXIzT05PWmdDN3NiakVHSW1tVGg4K2hnb2Fpbzd0DQpDb1owdjhuYlE1cUZNcnVwMDRndUwwVG5m
WWpRS05RVStuVjVoNU4zc2o0aC9iczVJc3MyaExVNVJsa1UwdUVQDQpzNlBENTM1V2pBVDJGUWls
SlJLbTdkQmZ5ak41ejk1VU9hUTRFQXA3aTNwK0ZQc2tIc2s4OG8zMXlBMUY1ZDdwDQpnbDRjaEdC
YUcvenFpVkFFLzMrVzVIbVp2TjM3ekhaQkh6dWV1cEtSYng5bUY1aGN0M0dVWDlIVDhKR0pNK2U4
DQo2RVJ1OThONkpJQXJoL2dDQk9tMGx1VjVGZjZWT2lDMExTaFM0YnlHaHNZQlNMazNXN1ZwN0VH
ZmhxbjZaR3FzDQpBbHpIY2dnREhlWllGL0lDdjhwTDRMbEZQUVVSWlM1enE0MjVaclRqT0VXWEp5
T1FCT2h3alFadkJsL0NnR0hRDQpBbEtxaWhnWGNWa3FKVGM2NlJocFc2bGFmOFgydS9EYVU4VEkw
ajV1cVFDNGZSZDNwSzY4bEM3OWtJN2svaGpYDQpWQ3phOTFOazdBZXpueTVBd3lsSDJGODlSb1o0
UG9nYXJnbzNKUDdRN1RWcmowVEtHcU16S0NDQ1Nnci8xQkdoDQpBdmFqeTY5SDhWdEpCMlRYWXds
dg0KPXFJdDINCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Hmm, interesting results:

I’m using Windows 2008 R2 Domain controllers. I was binding the connection
at the top of Active Directory tree.
Using UID Type: objectGUID I get the following error on screen: 'utf8’
codec can’t decode byte 0xb4 in position 0: invalid start byte
Changing the search filter
to (sAMAccountName=*)(objectClass=user)(objectClass=person) and the BaseDN
to a different OU I was able to retrive my user list.

Thank you for your help!On Wednesday, December 24, 2014 12:30:48 PM UTC-5, John Moore wrote:

We’re trying out PrivacyIDEA. Installed Version 1.4.1 from Ubuntu
repositories. We setup a default realm and a userid from the local passwd
file. That worked well enough, but when setting up a LDAP connection to our
AD controllers we can’t get any users accounts to show up. We’re using the
default setting for AD in the LDAP UserIDResolvers. When testing the
connection it returns with the correct number of users. Checking the log
file shows up the following error:

2014/12/24 - 12:08:57 ERROR {140040261662656}
[privacyidea.lib.user][getUserList #637] Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
622, in getUserList
ulist = y.getUserList(searchDict)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 232, in getUserList
uid = entry.get(self.uidtype)[0]
TypeError: ‘NoneType’ object has no attribute ‘getitem

Any idea on what we should check?

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVbTlqdUFBb0pFQkJoWkZVdWpZRkpscTBRQUowOW9RY1VhVTh6ZE1qSXE3NXM4
N2l5DQpXRWNSVWR3OWhzZDZpTW9ZUkJRVW9ETVJQejZVVkYrblMzN0tDZkhrVUJ3TTNXUU1FeDll
bTVNWEJYZDN0TjdqDQpwUFZVeWxGRmlhUS9rdkRhZlRuNE5uOWN3VlI3QmJtcDQ5T0FiSVEydXhn
QVZncUVTdkZ3aTMyNitEcGtQOWtDDQpUcEVtWWVNNnNTVG56VGs2UTBndUlpTTU2UDNycW9OMW9l
cEg1UDAzWnhSREt4MHF0dHNhZGx3SnZyY1lkNzBtDQpnSjlZMml6Q2tzMGNVYzRYeHR5UW1EVk8x
TUtyRlpHeC9pcE9zU2RXMFBBYzdpRHdleERRUUt6THpQVUFTVXhDDQpyVlQwYmd0Y0d0T3NwZG14
Tm53SWcxdWlxV3Y0UWdXaXhBeFRxYzZxakFtWkVhcEdVMDlCZjIrTkJOZ3BSZUs1DQp6aGwzUkE1
eWV0WjhhdFNUZmYvWlEwdmcrelZwTFA0ZjFyOS9qczkvTmlEZTdhUDZWOEFrQUNZSXRsNXFmMWlX
DQorZTM1MzdQUGZMRU1jT0NSMWNRZFVNOU1nb2JpY1QwVWpkOStRVGo3bXpwVkRXS0Q4R0JLdi81
M2pBV0U1OGZmDQp2V1RWeEt1RXZjQnY4dlZlYU9xSlZNejJjeDdjVURxSVdHa3RSQXE5YjVBeUZp
ZFpSSkRXUlkrTXVvbDNNT1V5DQpnU2wvQ01CZW9IN3UrcS9LL1N0UFNReVErYVc3clFRSlNUS0Na
UXlneWRSMGxXdXZhSnpudHZ2anBMdkYwOHAzDQprQUdjbG5xcVFocFhFVVhzUjcydHdKNmZlaGJw
SE0rSDNtTXlhSjBqUktsSndGaCtBcVBxbVhGOTkzYnNmTTRYDQorZytIdnR2WWZoZzBzU3NhYmhJ
UQ0KPXYrWVoNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Thanks for the quick reply. The default value for UID is set to DN. However
changing it to lower case dn didn’t correct the issue.On Wednesday, December 24, 2014 5:30:55 PM UTC-5, Cornelius Kölbel wrote:

After checking it on my site, I very much guess this is the issue and I
opened an issue for this.

https://github.com/privacyidea/privacyidea/issues/63

Kind regards
Cornelius

Am 24.12.2014 um 18:30 schrieb John Moore:

We’re trying out PrivacyIDEA. Installed Version 1.4.1 from Ubuntu
repositories. We setup a default realm and a userid from the local passwd
file. That worked well enough, but when setting up a LDAP connection to our
AD controllers we can’t get any users accounts to show up. We’re using the
default setting for AD in the LDAP UserIDResolvers. When testing the
connection it returns with the correct number of users. Checking the log
file shows up the following error:

2014/12/24 - 12:08:57 ERROR {140040261662656}
[privacyidea.lib.user][getUserList #637] Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
622, in getUserList
ulist = y.getUserList(searchDict)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 232, in getUserList
uid = entry.get(self.uidtype)[0]
TypeError: ‘NoneType’ object has no attribute ‘getitem

Any idea on what we should check?

You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/bccfbae6-d737-4036-8575-c5076e3f2f6e%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/bccfbae6-d737-4036-8575-c5076e3f2f6e%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbelcorneliu…@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbHhttp://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel