Closed TimmiORG closed 3 years ago
I can confirm this issue. It happens when "Update User Data on Login" is enabled in the LDAP -> Data Sync settings. All roles other than "user" are affected, not just the "admin" role. This is a security issue IMHO. Since the LDAP group to user role mapping was removed from CE, the data sync should not change user roles.
hi, I'd love to contribute in this issue. Can someone guide me where should I start which files I should look into ?
You are right, same happened also for other rights like live chat agents.
I can confirm this issue. It happens when "Update User Data on Login" is enabled in the LDAP -> Data Sync settings. All roles other than "user" are affected, not just the "admin" role. This is a security issue IMHO. Since the LDAP group to user role mapping was removed from CE, the data sync should not change user roles.
I'm facing this issue also. I was able to login again with admin role disabling ldap for my user (change myusername to your user name):
db.users.update({username:"myusername"}, {$set: {'ldap' : false}})
then I added the user to admin role:
db.users.update({username:"myusername"}, {$set: {'roles' : [ "admin" ]}})
I think you may try to login with the same password, but, if it does not work, you can try to reset your user password to 12345 with: db.getCollection('users').update({username:"myusername"}, { $set: {"services" : { "password" : {"bcrypt" : "$2a$10$n9CM8OgInDlwpvjLKLPML.eizXIzLlRtgCh3GRLafOdR9ldAUh/KG" } } } })
I'm not sure if this is the best way to fix it while we wait for 4.0.1, but it worked for me =D
db.users.update({username:"myusername"}, {$set: {'roles' : [ "admin" ]}})
When I do that it returns
WriteResult({ "nMatched" : 0, "nUpserted" : 0, "nModified" : 0 })
And I still don't have admin privileges
@maeries please update to 4.0.1 and give admin from the UI.. there is no need to execute commands on database since the bug was already fixed.
@sampaiodiego I already updated to 4.0.1. My problem is that currently there is no admin that could give admin privileges to other users in the UI
if there is no admin in the whole server, the next user that registers will be admin.
Description:
[4.0.0] -> losing admin role while logging in
Steps to reproduce:
Expected behavior:
The admin role should stay with the user until removal.
Actual behavior:
Admin role removed after login on the user.
Server Setup Information:
Client Setup Information
User accounts are LDAP based.