LDAP function not working after upgrade to 5.12.3

[buzz13]

Description

After OCTI upgrade from 5.7.6 to the 5.12.3 cannot login with AD account anymore. As soon as I revert back to the 5.7.6 ldap function is back. Upgrade is done just by pulling new docker images. Error is Bad login or password. All the rest working fine.

Am I missing something or there is a bug?

Environment

OS: LINUX (Ubuntu 22.04.3) OCTI version: 5.12.3 OCTI client frontend

Other environment details:

deployed using docker-compose.yml

  - PROVIDERS__LDAP__STRATEGY=LdapStrategy
  - PROVIDERS__LDAP__CONFIG__URL=ldap://ldapserver:389
  - PROVIDERS__LDAP__CONFIG__BIND_DN=cn=connectuser,ou=USR,dc=example,dc=com
  - PROVIDERS__LDAP__CONFIG__BIND_CREDENTIALS=connectpassword
  - PROVIDERS__LDAP__CONFIG__SEARCH_BASE=ou=USR,dc=example,dc=com
  - PROVIDERS__LDAP__CONFIG__SEARCH_FILTER=(sAMAccountName={{username}})
  - PROVIDERS__LDAP__CONFIG__MAIL_ATTRIBUTE=mail
  - PROVIDERS__LDAP__CONFIG__ACCOUNT_ATTRIBUTE=givenName
  - PROVIDERS__LDAP__CONFIG__ALLOW_SELF_SIGNED=true
  - PROVIDERS__LDAP__CONFIG__GROUP_SEARCH_BASE=ou=GRP,dc=example,dc=com
  - PROVIDERS__LDAP__CONFIG__GROUP_SEARCH_FILTER=(member={{dn}})
  - PROVIDERS__LDAP__CONFIG__GROUPS_MANAGEMENT__GROUP_ATTRIBUTE=cn
  - PROVIDERS__LDAP__CONFIG__GROUPS_MANAGEMENT__GROUPS_MAPPING=["Group1:Admin", "Group2:Default"]
  - PROVIDERS__LOCAL__STRATEGY=LocalStrategy

Screenshots (optional)

[SamuelHassine]

Hello @buzz13,

Can you please put your platform in log level "info" and get us the log output when you try to login?

Thanks!

Kind regards, Samuel

[buzz13]

Hi Samuel,

Here is the log. Doesn't matter if i try to login with ad username or email. In 5.7.6 was working with username with no issues.

WRN [AUTH] local | category=APP error={"context":{"category":"technical","http_status":401},"message":"Bad login or password","name":"AuthFailure","stack":"AuthFailure: Bad login or password\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at AuthenticationFailure (/opt/opencti/build/src/config/errors.js:12:56)\n at login (/opt/opencti/build/src/domain/user.js:965:20)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)"} timestamp=2023-12-07T10:44:33.021Z version=5.12.3

WRN [AUTH] ldapauth | category=APP error=null info={"message":"Invalid username/password"} timestamp=2023-12-07T10:44:33.036Z version=5.12.3 1970/01/01 01:00AM ERR API Call | category=APP error={"data":{"category":"technical","http_status":401},"stacktrace":["AuthFailure: Bad login or password","at error (/opt/opencti/build/src/config/errors.js:8:10)","at AuthenticationFailure (/opt/opencti/build/src/config/errors.js:12:56)","at Object.token (/opt/opencti/build/src/resolvers/user.js:125:13)","at processTicksAndRejections (node:internal/process/task_queues:95:5)"]} inner_relation_creation=0 operation=LoginFormMutation operation_query=mutation LoginFormMutation($input:UserLoginInput!){token(input:$input)} size=55 timestamp=2023-12-07T10:44:33.038Z type=WRITE_ERROR variables={"input":{"email":"user","password":" Redacted "}} version=5.12.3

WRN [AUTH] local | category=APP error={"context":{"category":"technical","http_status":401},"message":"Bad login or password","name":"AuthFailure","stack":"AuthFailure: Bad login or password\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at AuthenticationFailure (/opt/opencti/build/src/config/errors.js:12:56)\n at login (/opt/opencti/build/src/domain/user.js:965:20)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)"} timestamp=2023-12-07T10:45:28.759Z version=5.12.3

WRN [AUTH] ldapauth | category=APP error=null info={"message":"Invalid username/password"} timestamp=2023-12-07T10:45:28.775Z version=5.12.3 1970/01/01 01:00AM ERR API Call | category=APP error={"data":{"category":"technical","http_status":401},"stacktrace":["AuthFailure: Bad login or password","at error (/opt/opencti/build/src/config/errors.js:8:10)","at AuthenticationFailure (/opt/opencti/build/src/config/errors.js:12:56)","at Object.token (/opt/opencti/build/src/resolvers/user.js:125:13)","at processTicksAndRejections (node:internal/process/task_queues:95:5)"]} inner_relation_creation=0 operation=LoginFormMutation operation_query=mutation LoginFormMutation($input:UserLoginInput!){token(input:$input)} size=63 timestamp=2023-12-07T10:45:28.778Z type=WRITE_ERROR variables={"input":{"email":"user@domain","password":" Redacted "}} version=5.12.3 INF [OPENCTI] Expiration manager will revoke 1 elements | category=APP timestamp=2023-12-07T10:45:33.086Z version=5.12.3

[buzz13]

Same issue with 5.12.4

WRN [AUTH] local | category=APP error={"context":{"category":"technical","http_status":401},"message":"Bad login or password","name":"AuthFailure","stack":"AuthFailure: Bad login or password\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at AuthenticationFailure (/opt/opencti/build/src/config/errors.js:12:56)\n at login (/opt/opencti/build/src/domain/user.js:965:20)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)"} timestamp=2023-12-09T20:05:32.705Z version=5.12.4

WRN [AUTH] ldapauth | category=APP error=null info={"message":"Invalid username/password"} timestamp=2023-12-09T20:05:32.714Z version=5.12.4 1970/01/01 01:00AM ERR API Call | category=APP error={"data":{"category":"technical","http_status":401},"stacktrace":["AuthFailure: Bad login or password","at error (/opt/opencti/build/src/config/errors.js:8:10)","at AuthenticationFailure (/opt/opencti/build/src/config/errors.js:12:56)","at Object.token (/opt/opencti/build/src/resolvers/user.js:125:13)","at processTicksAndRejections (node:internal/process/task_queues:95:5)"]} inner_relation_creation=0 operation=LoginFormMutation operation_query=mutation LoginFormMutation($input:UserLoginInput!){token(input:$input)} size=63 timestamp=2023-12-09T20:05:32.719Z type=WRITE_ERROR variables={"input":{"email":"user","password":" Redacted "}} version=5.12.4

[buzz13]

Dear all,

I had to reacreate stack from the scratch and all is working fine now. Have no idea what went wrong on update only. Especially I am using same volumes.