DeployHubProject / DeployHub-Pro

DeployHub Pro Pipeline Status Project
https://www.openmakesoftware.com/application-release-automation-for-continuous-delivery/
Other
11 stars 4 forks source link

ldap login issue #268

Closed piyush94 closed 5 years ago

piyush94 commented 5 years ago

@sbtaylor15 Hi, for a set of users this issue is happening. After they login they are not able to see their domain and other objects. I have attached the log. ad_error4 - Copy.log

username: JAbrahaP

CC: @svisagan83

sbtaylor15 commented 5 years ago

@piyush94 - Looks like the credentials are invalid for the login. https://social.technet.microsoft.com/Forums/ie/en-US/474abb8f-cfc6-4cac-af79-c3e80e80291f/ldap-authentication-error-ldap-error-code-49-80090308-ldaperr-dsid0c090334-comment?forum=winserverDS

The first userid being tried is JAbrahaP@ap. Is ap the correct domain name? Should it be a fully qualified domain name?

and the second try to login is using uid=JAbrahaP,dc=uis,dc=unisys,dc=com. Is this a valid search string for your LDAP server?

CC: @svisagan83

piyush94 commented 5 years ago

@sbtaylor15 The user has tried login multiple times, so i think credentials are correct.

The login log is same for me and it works:

sohalpiy@ap
uid=sohalpiy,dc=uis,dc=unisys,dc=com
Trying AD fast bind sohalpiy@ap
sohalpiy@ap is authenticated

In my case the second try doesn't happens, don't know why it's happening in this user's case.

CC: @svisagan83

sbtaylor15 commented 5 years ago

Login happens 3 times, first successful, 2 & 3 fail.

sbtaylor15 commented 5 years ago

@piyush94 - we updated the login process to login only once. Please pull the latest image.

CC: @svisagan83

piyush94 commented 5 years ago

@sbtaylor15 working now.

CC: @svisagan83

piyush94 commented 5 years ago

ad_error_log.log

@sbtaylor15 the issue is happening again for one of the users.

CC: @svisagan83

sbtaylor15 commented 5 years ago

@piyush94 is the user's password contain any special characters in the password... :;>)+ there was a known issues with binding with a special character. Try using a simple password and see if the fixes it.

CC: @svisagan83

piyush94 commented 5 years ago

@sbtaylor15 The user is not having any of the above special characters in the password. Will this also cause issue for a local non LDAP user?

CC: @svisagan83

sbtaylor15 commented 5 years ago

@piyush94 the special characters should be find. Just one thing to check. The LDAP error taking place is either an invalid username or an in invalid password.

I believe that the users are validating using the fast bind method that includes the domain name. (I would need to see a valid LDAP validation in the log to be sure). Is that AD user accessible from the LDAP server that DeployHub is using for validation?

CC: @svisagan83

sbtaylor15 commented 5 years ago

@piyush94 the password was being double encoded for the @ sign. Please pull the latest image.

CC: @svisagan83