[ X] I read the Deployment and Setup section of the OpenCTI documentation as well as the Troubleshooting page and didn't find anything relevant to my problem.
[ X] I went through old GitHub issues and couldn't find anything relevant
[ X] I googled the issue and didn't find anything relevant
Description
Hi,
I've just upgraded my OpenCTI test instance from 5.1.4 to 5.2.1 using docker.
Since then, users are not able to logon with their domain credentials using the LdapStrategy and we need to falback on LocalStrategy.
Has anyone run into the same issue?
The preprod instance is running fine with the same env variables configuration on version 5.1.4.
Thank you in advance.
Environment
OS Ubuntu 21.10 (Linux opencti 5.13.0-30-generic #33-Ubuntu SMP Fri Feb 4 17:03:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux)
OpenCTI version: 5.2.1
OpenCTI client: frontend
Reproducible Steps
Steps to create the smallest reproducible scenario:
User logon with the domain credentials
Logon fails with wrong name/password
Additional information
I send a log excerpt: tail -f opencti.log | egrep -i "LDAP|AUTH|m.rossi"
Prerequisites
Description
Hi, I've just upgraded my OpenCTI test instance from 5.1.4 to 5.2.1 using docker. Since then, users are not able to logon with their domain credentials using the LdapStrategy and we need to falback on LocalStrategy. Has anyone run into the same issue? The preprod instance is running fine with the same env variables configuration on version 5.1.4.
Thank you in advance.
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Logon fails with wrong name/password
Additional information
I send a log excerpt: tail -f opencti.log | egrep -i "LDAP|AUTH|m.rossi"
{"category":"APP","level":"debug","message":"[LOCAL] Successfully logged","timestamp":"2022-03-22T11:49:14.499Z","username":"l.tarulli","version":"5.2.1"} {"category":"APP","level":"debug","message":"[SEARCH ENGINE] paginate","query":{"body":{"query":{"bool":{"must":[{"bool":{"minimum_should_match":1,"should":[{"match_phrase":{"entity_type.keyword":"User"}},{"match_phrase":{"parent_types.keyword":"User"}}]}},{"bool":{"minimum_should_match":1,"should":[{"match_phrase":{"user_email.keyword":"l.tarulli"}}]}}],"must_not":[]}},"size":200,"sort":[{"standard_id.keyword":"asc"}]},"ignore_throttled":false,"index":["opencti_internal_objects","opencti_stix_meta_objects","opencti_internal_relationships","opencti_stix_meta_relationships","opencti_stix_domain_objects","opencti_stix_cyber_observables","opencti_stix_core_relationships","opencti_stix_sighting_relationships","opencti_stix_cyber_observable_relationships","opencti_inferred_entities","opencti_inferred_relationships*"],"track_total_hits":true},"timestamp":"2022-03-22T11:49:14.500Z","version":"5.2.1"} {"category":"APP","error":{"_error":{},"_showLocations":false,"_showPath":false,"data":{"category":"technical","http_status":401},"internalData":{},"name":"AuthFailure","time_thrown":"2022-03-22T11:49:14.588Z"},"level":"warn","message":"[AUTH] local","timestamp":"2022-03-22T11:49:14.588Z","version":"5.2.1"} {"category":"APP","error":null,"info":{"message":"Invalid username/password"},"level":"warn","message":"[AUTH] ldapauth","timestamp":"2022-03-22T11:49:14.659Z","version":"5.2.1"} {"category":"APP","error":{"data":{"category":"technical","http_status":401},"stacktrace":["AuthFailure: Wrong name or password","at Q0 (/opt/opencti/build/src/config/errors.js:8:10)","at tL (/opt/opencti/build/src/config/errors.js:12:56)","at Object.token (/opt/opencti/build/src/resolvers/user.js:117:13)","at processTicksAndRejections (node:internal/process/task_queues:96:5)"]},"inner_relation_creation":0,"level":"warn","message":"API Call","operation":"LoginFormMutation","operation_query":"mutation LoginFormMutation($input:UserLoginInput!){token(input:$input)}","size":59,"time":163,"timestamp":"2022-03-22T11:49:14.663Z","type":"WRITE_ERROR","version":"5.2.1"}