LDAP multiple email parsing error

tsurai commented 5 years ago

Description:

LDAP entries of user with multiple email addresses fail to parse rendering them unable to login.

Steps to reproduce:

Try to login or sync data of a user with multiple email LDAP entries.

Expected behavior:

The first email that has been found should be used as the users email address.

Actual behavior:

Login and data sync fails for users with multiple email addresses.

Server Setup Information:

Version of Rocket.Chat Server: 1.1.1
Operating System: Centos 7
Deployment Method: docker-compose
Number of Running Instances: 1
DB Replicaset Oplog: Enabled
NodeJS Version: 8.11.4
MongoDB Version: 4.0.10

Additional context

This is similar to a previous issue #2642 that has supposedly been fixed. I'm using FreeIPA as the LDAP provider.

Relevant logs:

server.js:207 LDAPSync ➔ error Error creating user { Error: Match error: Expected string, got object in field email
    at check (packages/check/match.js:36:17)
    at createUser (packages/accounts-password/password_server.js:1052:3)
    at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1147:10)
    at addLdapUser (app/ldap/server/sync.js:264:29)
    at MethodInvocation.<anonymous> (app/ldap/server/loginHandler.js:150:17)
    at tryLoginMethod (packages/accounts-base/accounts_server.js:460:31)
    at tryLoginMethod (packages/accounts-base/accounts_server.js:1294:14)
    at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:458:22)
    at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.js:7:35)
    at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:518:31)
    at MethodInvocation.methodMap.(anonymous function) (packages/rocketchat_monitoring.js:2731:30)
    at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1767:12)
    at DDP._CurrentMethodInvocation.withValue (packages/ddp-server/livedata_server.js:719:19)
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1304:12)
    at DDPServer._CurrentWriteFence.withValue (packages/ddp-server/livedata_server.js:717:46)
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1304:12)
    at Promise (packages/ddp-server/livedata_server.js:715:46)
    at new Promise (<anonymous>)
    at Session.method (packages/ddp-server/livedata_server.js:689:23)
    at packages/ddp-server/livedata_server.js:559:43
  message: 'Match error: Expected string, got object in field email',
  path: 'email',
  sanitizedError: 
   { Error: Match failed [400]
    at errorClass.<anonymous> (packages/check/match.js:91:27)
    at new errorClass (packages/meteor.js:725:17)
    at check (packages/check/match.js:36:17)
    at createUser (packages/accounts-password/password_server.js:1052:3)
    at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1147:10)
    at addLdapUser (app/ldap/server/sync.js:264:29)
    at MethodInvocation.<anonymous> (app/ldap/server/loginHandler.js:150:17)
    at tryLoginMethod (packages/accounts-base/accounts_server.js:460:31)
    at tryLoginMethod (packages/accounts-base/accounts_server.js:1294:14)
    at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:458:22)
    at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.js:7:35)
    at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:518:31)
    at MethodInvocation.methodMap.(anonymous function) (packages/rocketchat_monitoring.js:2731:30)
    at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1767:12)
    at DDP._CurrentMethodInvocation.withValue (packages/ddp-server/livedata_server.js:719:19)
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1304:12)
    at DDPServer._CurrentWriteFence.withValue (packages/ddp-server/livedata_server.js:717:46)
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1304:12)
    at Promise (packages/ddp-server/livedata_server.js:715:46)
    at new Promise (<anonymous>)
    at Session.method (packages/ddp-server/livedata_server.js:689:23)
    at packages/ddp-server/livedata_server.js:559:43
     isClientSafe: true,
     error: 400,
     reason: 'Match failed',
     details: undefined,
     message: 'Match failed [400]',
     errorType: 'Meteor.Error' },
  errorType: 'Match.Error' }

reetp commented 5 years ago

Probably a duplicate of: https://github.com/RocketChat/Rocket.Chat/issues/10247

This may be related as well: https://github.com/RocketChat/Rocket.Chat/issues/12565

I think this was meant to be closed here: https://github.com/RocketChat/Rocket.Chat/issues/2642

With this PR: https://github.com/RocketChat/Rocket.Chat/pull/8372

There seem to be several other Issues all related - I haven't got the time to go through and tie them all up. Perhaps the OP would like to pull them all together?

Start with something like this:

https://github.com/RocketChat/Rocket.Chat/issues?utf8=%E2%9C%93&q=is%3Aissue+got+object+in+field+email

kingspride commented 4 years ago

Can we get an update on this? I have users with dual mail addresses in the LDAP.

I added "mail":"emails" to the sync settings and get the following error when trying to add a new user by auth on LDAP: (Rocketchat 3.5.1)

I20200903-11:36:31.204(2) server.js:200 LDAPSync ➔ error errorClass [Error]: LDAP Authentication succeeded, there is no email to create an account. Have you tried setting your Default Domain in LDAP Settings? [LDAP-login-error]     at addLdapUser (app/ldap/server/sync.js:453:3)     at MethodInvocation.<anonymous> (app/ldap/server/loginHandler.js:147:17)     at packages/accounts-base/accounts_server.js:462:31     at tryLoginMethod (packages/accounts-base/accounts_server.js:1291:14)     at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:460:22)     at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.js:7:35)     at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:520:31)     at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12)     at packages/ddp-server/livedata_server.js:719:19     at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)     at packages/ddp-server/livedata_server.js:717:46     at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)     at packages/ddp-server/livedata_server.js:715:46     at new Promise (<anonymous>)     at Session.method (packages/ddp-server/livedata_server.js:689:23)     at packages/ddp-server/livedata_server.js:559:43 {   isClientSafe: true,   error: 'LDAP-login-error',   reason: 'LDAP Authentication succeeded, there is no email to create an account. Have you tried setting your Default Domain in LDAP Settings?',   details: undefined,   message: 'LDAP Authentication succeeded, there is no email to create an account. Have you tried setting your Default Domain in LDAP Settings? [LDAP-login-error]',   errorType: 'Meteor.Error' }

without "mail":"emails" rocketchat would garble up the email address completely and only store some octal(?) represention of garbage in the email field, which leads to the inability of users to write in chats.

my workaround is currently to omit the "mail":"email" and "mail":"emails" sync attributes and let rocketchat create the mail address from the username + default domain instead.

RocketChat / Rocket.Chat