2

I am porting a django project over from RHEL5 to RHEL7 and python 2.5 to 2.7.5 and am having certificate problems. The bit of code I am troubleshooting is a suds Client invocation of a web service WSDL client = Client(_LDAP_URLS[env]) where LDAP_URLS is already defined in the code. I imported it using from suds.client import Client

I think this may be more of a Linux and Python interaction problem between the two versions rather than an issue with the code, but I could be wrong. Here is the full code. (this is django by the way, so this is a view.py file)

from django.conf import settings
from django.core.urlresolvers import reverse
from django.http import HttpResponseRedirect, HttpResponse
from django.shortcuts import render_to_response

from suds.client import Client
from suds.wsse import Security
import suds
from gaic.security.sso import BinarySecurityToken
from ud_data_extract import UDDataExtractForm



_LDAP_URLS = {WSDL URLS HARD CODED HERE}

def _get_person(env='production', hid=None, vid=None, token=None, group=None):
    if env not in _LDAP_URLS:
        env = 'production'
    if token:
        client = Client(_SSO_URLS[env])
        try:
            person = client.service.getPersonFromToken(token)
            hid = person['hid']
        except Exception:
            return None
    try:
        client = Client(_LDAP_URLS[env])
    except Exception as e:
        log.error("line 165: %s", e)

    if group:
        grp = client.factory.create('groupDto')
        grp.name = group
        users = client.service.getGroupMembers(grp)
        groups = []
        try:
            group_ = client.service.getGroup(grp)
            gnamere = re.compile(r'cn=([^,]+),')
            for gname in group_.uniqueMembers:
                m = gnamere.match(gname)
                if m:
                    group_name = m.groups(1)[0]
                    groups.append(group_name)
            groups.sort()
        except Exception, e:
            pass  # groups = [str(e)]
        return [users, groups]
    person = client.factory.create('personDto')
    if hid:
        person.hid = hid
    if vid:
        person.vid = vid
    user = None

The issue in my logging points to around line 165, I took out some code with our company wsdl urls so it may be in the 150s. It's in a try statement.

try:
            client = Client(_LDAP_URLS[env])
        except Exception as e:
            log.error("line 165: %s", e)

I have looked around and this page said that it may be a problem with newer version of python and pointed to this redhat documentation to fix it, but I really don't know what to do with it.

Thanks in advance for the help.

iNeedScissors61
  • 191
  • 1
  • 4
  • 16
  • this is entirely too much code, please provide a minimal clean viable example – gold_cy Feb 12 '19 at 17:58
  • Sorry about that. I trimmed it down to the imports and the main function where I am seeing the error. The `try:` statement in question is pasted at the bottom of my post. – iNeedScissors61 Feb 12 '19 at 18:04
  • this is still too much code unfortunately – gold_cy Feb 12 '19 at 18:06
  • I trimmed it down more. – iNeedScissors61 Feb 12 '19 at 18:10
  • 1
    still too much but whatever, look at this link --> https://stackoverflow.com/a/37331984/6817835 it should give you what you want – gold_cy Feb 12 '19 at 18:12
  • 1
    If you're using linux you need to add the certificate to your certificate root. Run `python -c "import ssl; print(ssl.get_default_verify_paths())"` to see where is your `ca-bundle.crt` and add your certificate to it. – yorodm Feb 12 '19 at 18:13
  • I ran the command and get this. `[ ~ ] $ python -c "import ssl; print(ssl.get_default_verify_paths())" DefaultVerifyPaths(cafile='/etc/pki/tls/cert.pem', capath='/etc/pki/tls/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/etc/pki/tls/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/etc/pki/tls/certs')` I also did a locate on that file. `[ ~ ] $ locate ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt` – iNeedScissors61 Feb 12 '19 at 18:17
  • 1
    You can also check `man update-ca-trust` for help. The "QUICK HELP" says you can copy certificates to `/etc/pki/ca-trust/source/anchors/` and then run `update-ca-trust extract` to add certificates on SL7 (which is very similar to RHEL7 in my experience). – Daniel Abercrombie Feb 12 '19 at 19:02
  • 1
    @DanielAbercrombie That did it. Thanks! – iNeedScissors61 Feb 12 '19 at 21:01

0 Answers0