Auto Sync LDAP Groups to Channels not working

[phatair]

Hello,

we are using the following configuration Server Setup Information Version of Rocket.Chat Server: 2.4.9 Operating System: Ubuntu LTS Deployment Method: snap Number of Running Instances: 1 DB Replicaset Oplog: NodeJS Version: v8.17.0 MongoDB Version: 3.6.14 Proxy: caddy Firewalls involved: no Active Directory: Windows Server 2012R2

If we enable "Auto Sync LDAP Groups to Channels", one user can login. After this login the Channels are created and now no one else can login to rocket chat. They got an error message "wrong user or passwort". If i logout with this user, the user can not login anymore. I have to delete these channels with the rocket chat admin and then the same happens - i can login one time, channels are created and no login is possible after that.

If i disable LDAP Group to Channel Sync the AD Authenthication is working fine.

The Config looks like this: Base DN OU=KTS,DC=my,DC=domain,DC=com User Group Filter (&(sAMAccountName=#{username})(memberOf:1.2.840.113556.1.4.1941:=CN=#{groupName},OU=RocketChat,OU=SecurityGroups,OU=KTS,DC=my,DC=domain,DC=com)) LDAP Group BaseDN OU=KTS,DC=my,DC=domain,DC=com User Search filter (&(objectCategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=RC_Users,OU=RocketChat,OU=SecurityGroup,OU=KTS,DC=my,DC=domain,DC=com))

Any Idea whats going wrong? I was doing my first tests with a earlier version and the Group Sync was working fine.

i wrote a mail to the support but i dont get any feedback to this problem.

[Oleg569]

I have this problem when name of chanell write from another language not english. В общем есть такая же проблема. Создаю канал через мапинг, указывая русское название. Канал создается после пишет логин и пароль не верные. Обходной вариант. Указываю русские названия в маппинге. Каналы создаются, при этом им так же и название на английском дается. После в мапинге пишу названия английские, которые для них определены. Так работает и авторизация и в списках они на русскому отображаются

[phatair]

Really really strange - my last try was to restore a veeam backup of our rocket chat ubuntu server from november. After that rocket chat upgraded the snap version automatically to 2.4.9 and now the LDAP Group to Channels mapping si working fine.... Maybe something goes wrong in the last automatic snap upgrade... i dont know.

[rsjr]

We had some issues with the snap image on version 2.4.2 (not fully related to this issue), so it could be the explanation on why it's working now

[Turbocube644]

Hi, I'm experiencing the same Issue in Version 3.0.4 (Docker). After enabling the Group Sync, the Authentification failes. If the Group Sync is disabled, it works just fine.

Here is some log: LDAP ➔ Search.info Searching user I20200321-12:07:02.636(0) LDAP ➔ Search.debug searchOptions { filter: '(&(objectclass=posixAccount)(|(mail=)(uid=)))', scope: 'sub', sizeLimit: 2000, paged: { pageSize: 250, pagePause: false } } I20200321-12:07:02.637(0) LDAP ➔ Search.debug BaseDN I20200321-12:07:02.645(0) LDAP ➔ Search.info Search result count 1 I20200321-12:07:02.647(0) LDAP ➔ Auth.info Authenticating uid=,ou=users, I20200321-12:07:02.717(0) LDAP ➔ Search.info Search result count 1 I20200321-12:07:02.719(0) LDAP ➔ Auth.info Authenticated uid=,ou=users, I20200321-12:07:02.720(0) LDAP ➔ Search.debug Group filter LDAP: (&(objectclass=groupOfNames)(member=member)(cn=users)) I20200321-12:07:02.729(0) server.js:204 LDAP ➔ Search.error LDAPError [NoSuchObjectError]: No Such Object at messageCallback (/app/bundle/programs/server/npm/node_modules/ldapjs/lib/client/client.js:1419:45) at Parser.onMessage (/app/bundle/programs/server/npm/node_modules/ldapjs/lib/client/client.js:1089:14) at Parser.emit (events.js:210:5) at Parser.EventEmitter.emit (domain.js:475:20) at Parser.write (/app/bundle/programs/server/npm/node_modules/ldapjs/lib/messages/parser.js:111:8) at Socket.onData (/app/bundle/programs/server/npm/node_modules/ldapjs/lib/client/client.js:1076:22) at Socket.emit (events.js:210:5) at Socket.EventEmitter.emit (domain.js:475:20) at addChunk (_stream_readable.js:309:12) at readableAddChunk (_stream_readable.js:290:11) at Socket.Readable.push (_stream_readable.js:224:10) at TCP.onStreamRead (internal/stream_base_commons.js:182:23) { lde_message: 'No Such Object', lde_dn: null }

[pierre-lehnen-rc]

This should've been fixed by #17417

[billypon]

I also have this problem. When I enable LDAP group sync, no one can login anymore. My rocket version is 3.6.1

[billypon]

I had tested my group filter via ldapsearch, it worked fine.