OK, I have figured this out myself -- is there somewhere I should put
in a bug report?
It seems that if you are using the ldap authentication backend,
setting AUTH_LDAP_FIND_GROUP_PERMS can result in generating sql that
tries to look up group membership in an empty set. When this value is
true, def _load_group_permissions is called.
It doesn't seem to matter whether or not I have a group defined (and
the users assigned accordingly), the intended sql query (which is
described as thus:
# SELECT ct."app_label", p."codename"
# FROM "auth_permission" p, "auth_group_permissions" gp,
"auth_group" g, "django_content_type" ct
# WHERE p."id" = gp."permission_id"
# AND gp."group_id" = g."id"
# AND ct."id" = p."content_type_id"
# AND g."name" IN (%s, %s, ...)""", ['group1',
'group2', ...])
is coming up with no results for that last [group1, group2, ...]
Could be a difference between django 1.1 & 1.2 that ldap auth is
tripping on, but I note that there's no check on whether the
discovered groups is an empty set or not.
For now I can work around this by setting that to false, and making
sure all my users are explicitly assigned some sort of permissions.
Has anyone else run into this?
It's also possible that I have an old version of ldap-auth-backend; I
am using 1.0.6 and haven't so far googled up a newer version.
Thanks,
--Cindy
On Sep 10, 2:47 pm, Cindy <[email protected]> wrote:
> I'm not completely certain what is going on here, but somewhere in the
> authentication stuff, a bad MySQL query is being generated:
>
> ListType
> <type 'list'>
> TupleType
> <type 'tuple'>
> args
> []
> charset
> 'utf8'
> db
> <weakproxy at 0x80acb30a8 to Connection at 0x80abe7620>
> exc
> <class '_mysql_exceptions.ProgrammingError'>
> exc_info
> <built-in function exc_info>
> query
> '\n SELECT ct.`app_label`, p.`codename`\n FROM `auth_permission` p,
> `auth_group_permissions` gp, `auth_group` g, `django_content_type` ct
> \n WHERE p.`id` = gp.`permission_id`\n AND gp.`group_id` = g.`id`\n
> AND ct.`id` = p.`content_type_id`\n AND g.`name` IN ()'
> self
> <MySQLdb.cursors.Cursor object at 0x80acbc910>
> value
> ProgrammingError(1064, "You have an error in your SQL syntax; check
> the manual that corresponds to your MySQL server version for the right
> syntax to use near ')' at line 6")
>
> Notice the empty join clause in that query :/
>
> This seemed to start up after I added a group permission and set all
> the users except the superuser to that group permission, but I have a
> development setup (using django 1.1) set up the same way that works.
> Any thoughts? I may well have set something here that isn't kosher,
> but neither do I think that django's authentication should be throwing
> up a query with IN () ... ! Note that though I have ldap
> authentication set up, this seems to be having issues before getting
> to ldap (and simple ldap queries are working fine, as are other mysql
> queries, so I know these are good to go) based on where it hangs up:
>
> Request Method: GET
> Request URL: [...]/admin
> Django Version: 1.2.1
> Exception Type: DatabaseError
> Exception Value:
>
> (1064, "You have an error in your SQL syntax; check the manual that
> corresponds to your MySQL server version for the right syntax to use
> near ')' at line 6")
>
> Exception Location: /usr/local/lib/python2.6/site-packages/
> MySQLdb/
> connections.py in defaulterrorhandler, line 35
> Python Executable: /usr/local/bin/python
> Python Version: 2.6.5
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
