weixin_39635314
weixin_39635314
2020-11-20 22:10

LDAPS login issue

sysPass Version sysPass version | 3.0 (300.18122601) - Docker

Database | SERVER_VERSION : 5.5.5-10.2.21-MariaDB-1:10.2.21+maria~bionic CLIENT_VERSION : mysqlnd 5.0.12-dev - 20150407 - $Id: b5c5906d452ec590732a93b051f3827e02749b83 $  SERVER_INFO : Uptime: 1269 Threads: 7 Questions: 1160 Slow queries: 0 Opens: 42 Flush tables: 1 Open tables: 36 Queries per second avg: 0.914 CONNECTION_STATUS : db via TCP/IP Name: syspass

PHP | Version: 7.0.33-0+deb9u1 Extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, apache2handler, mysqlnd, PDO, xml, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, intl, json, ldap, exif, mcrypt, mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, Zend OPcache Used Memory: 4096 KB User: root Download rate: 43 MB/s OP Cache num_cached_scripts : 417 num_cached_keys : 789 max_cached_keys : 3907 hits : 20585 start_time : 1548768749 last_restart_time : 0 oom_restarts : 0 hash_restarts : 0 manual_restarts : 0 misses : 448 blacklist_misses : 0 blacklist_miss_ratio : 0 opcache_hit_rate : 97.870013787857

Server | Apache/2.4.25 (Debian)

Describe the bug I must have switched to LDAPS. With LDAP everything worked fine. Now when I check the settings it can bind and says everything works, but when I enable LDAP and logout and cannot login anymore with Connection error (BIND) error.

Screenshots 2019-01-29 15_04_34-window 2019-01-29 15_05_49-window

Event log


2019-01-29 13:33:13 [EXCEPTION] [N/A] Connection error (BIND)
#0 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(114): SP\Providers\Auth\Ldap\LdapConnection->bind()
#1 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(95): SP\Providers\Auth\Ldap\LdapConnection->connectAndBind()
#2 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/Ldap.php(96): SP\Providers\Auth\Ldap\LdapConnection->checkConnection()
#3 /var/www/html/sysPass/lib/SP/Providers/Auth/AuthProvider.php(150): SP\Providers\Auth\Ldap\Ldap::factory(Object(SP\Providers\Auth\Ldap\LdapParams), Object(SP\Core\Events\EventDispatcher), false)
#4 /var/www/html/sysPass/lib/SP/Providers/Auth/AuthProvider.php(112): SP\Providers\Auth\AuthProvider->getLdapAuth()
#5 /var/www/html/sysPass/lib/SP/Providers/Auth/AuthProvider.php(93): SP\Providers\Auth\AuthProvider->authLdap()
#6 /var/www/html/sysPass/lib/SP/Services/Auth/LoginService.php(146): SP\Providers\Auth\AuthProvider->doAuth(Object(SP\DataModel\UserLoginData))
#7 /var/www/html/sysPass/app/modules/web/Controllers/LoginController.php(62): SP\Services\Auth\LoginService->doLogin()
#8 [internal function]: SP\Modules\Web\Controllers\LoginController->loginAction()
#9 /var/www/html/sysPass/lib/SP/Bootstrap.php(234): call_user_func_array(Array, Array)
#10 [internal function]: SP\Bootstrap->SP\{closure}(Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#11 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(886): call_user_func(Object(Closure), Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#12 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route), Object(Klein\DataCollection\RouteCollection), Array)
#13 /var/www/html/sysPass/lib/SP/Bootstrap.php(456): Klein\Klein->dispatch(Object(Klein\Request))
#14 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap::run(Object(DI\Container))
#15 /var/www/html/sysPass/index.php(28): require('/var/www/html/s...')
#16 {main}


2019-01-29 13:53:40 [EXCEPTION] [N/A] Integrity check failed.
#0 /var/www/html/sysPass/vendor/defuse/php-encryption/src/Crypto.php(153): Defuse\Crypto\Crypto::decryptInternal('\xDE\xF5\x02\x00NunlockKey('a01df56fc6e6fa6...')
#3 /var/www/html/sysPass/lib/SP/Core/Crypt/Crypt.php(110): SP\Core\Crypt\Crypt::unlockSecuredKey('def10000def5020...', 'a01df56fc6e6fa6...', false)
#4 /var/www/html/sysPass/lib/SP/Core/Crypt/Vault.php(88): SP\Core\Crypt\Crypt::decrypt('def502000fb46dc...', 'def10000def5020...', 'a01df56fc6e6fa6...')
#5 /var/www/html/sysPass/lib/SP/Services/Crypt/SecureSessionService.php(84): SP\Core\Crypt\Vault->getData('a01df56fc6e6fa6...')
#6 /var/www/html/sysPass/app/modules/web/Init.php(264): SP\Services\Crypt\SecureSessionService->getKey(Object(SP\Core\Crypt\UUIDCookie))
#7 /var/www/html/sysPass/app/modules/web/Init.php(144): SP\Modules\Web\Init->initSession(true)
#8 /var/www/html/sysPass/lib/SP/Bootstrap.php(228): SP\Modules\Web\Init->initialize('configGeneral')
#9 [internal function]: SP\Bootstrap->SP\{closure}(Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#10 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(886): call_user_func(Object(Closure), Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#11 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route), Object(Klein\DataCollection\RouteCollection), Array)
#12 /var/www/html/sysPass/lib/SP/Bootstrap.php(456): Klein\Klein->dispatch(Object(Klein\Request))
#13 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap::run(Object(DI\Container))
#14 /var/www/html/sysPass/index.php(28): require('/var/www/html/s...')
#15 {main}

Platform (please complete the following information): - Environment: Docker - Browser: Chrome

Additional context The application is behind an Apache reverse-proxy.

该提问来源于开源项目:nuxsmin/sysPass

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

7条回答

  • weixin_39636164 weixin_39636164 5月前

    You may make a copy of your config.xml file and reset your LDAP settings there.

    点赞 评论 复制链接分享
  • weixin_39635314 weixin_39635314 5月前

    Unfortunately it didn't work. Deleted all the lines related to LDAP and set them again but the error remained.

    What is more annoying and I forgot to mention is that the MySQL fallback doesn't work either. I have to change the config.xml every time to be able to login even with the default admin user.

    点赞 评论 复制链接分享
  • weixin_39603598 weixin_39603598 5月前

    Hello, could you post some more lines after the LDAP exception?. It isn't clear what caused the bind exception.

    The integrity check error isn't related to LDAP though.

    Regards

    点赞 评论 复制链接分享
  • weixin_39635314 weixin_39635314 5月前

    Thanks for your help! Here are the logs from the last two days. I hope they help.

    syspass.log

    点赞 评论 复制链接分享
  • weixin_39603598 weixin_39603598 5月前

    Hello, unfortunately there aren't any clues about what's going on. The stacktrace points to a connection checking using the user and password entered on LDAP configuration. Does the password contain any special characters?, if so, are they correctly saved in config.xml file?

    点赞 评论 复制链接分享
  • weixin_39635314 weixin_39635314 5月前

    Found the problem. It was the enabled TLS. When it was enabled it could connct to the domain controller can get the user details for the test but the login didn't work. When I changed the host to ldaps:// and disabled TLS it works and the login works as well.

    点赞 评论 复制链接分享
  • weixin_39603598 weixin_39603598 5月前

    great news!

    If TLS is set it's used for every LDAP connection, so I can't figure out why it worked on checking the configuration and not on login.

    点赞 评论 复制链接分享

相关推荐