trasher
commented
2 years ago As requested, please use english only.
Closed calmettesj closed 1 year ago
trasher
commented
2 years ago As requested, please use english only.
calmettesj
commented
2 years ago Since the upgrade on 10.0.2 LDAP is not working anymore (link to Microsoft Active Directory) The LDAP configuration is the same as in 10.0.1 When I check the configuration and make a test it tells connection Ok But nor syncrhonization, import or connection is possible
calmettesj
commented
2 years ago Here is AuthLDAP.php line 3374
if ($result = ldap_search($ds, $values['basedn'], $filter, $ldap_parameters)) {
and the 3390 throw new \RuntimeException('Something went wrong searching in LDAP directory');
calmettesj
commented
2 years ago Hi, Does someone have a solution? It is impossible to manage more than 2000 users without LDAP :-(
I got this message in error logs AH01071: Got error 'PHP message: PHP Warning: ldap_search(): Search: Operations error in /var/www/glpi-support/src/AuthLDAP.php on line 3372
aguinaldoabbj
commented
2 years ago Hi @calmettesj Unhappily I don't have a solution for you. But I believe you can help me. I also have a problem. LDAP in my GLPI has just stopped working for no reason (Test just returns a generic error). I can't get the logs to debug, as php-erros.log is empty. I was using 9.5. and then installed the 10.0.2, nothing changed. How do you managed to debug LDAP in GLPI?
calmettesj
commented
2 years ago Hi I still have the problem and no informations from the dev... You can find logs in /GLPI_Directory/fies/_log/ SQL error and Php error logs You can also find error logs depending the configuration you have (IIS, Apache etc...)
aguinaldoabbj
commented
2 years ago @calmettesj Yes, that's the problem. I activated the debug mode and I can't see anything helpful. My logs in the files/ directory don't show anything related to LDAP. Apache logs don't help either, any error related to LDAP is shown. Is there a way to enable a debug/verbose mode for the logs?
keguira
commented
2 years ago I have the same issue here. The message in the UI and the one in the log are not really helpfull. As i do not have a subscription for LDAP tools by Techlib' i cannot identify if it comes from my side or another. I'm going to try an 9.x version and see the differences. If i have enough revelant information, i'll put it here
aguinaldoabbj
commented
2 years ago I have the same issue here. The message in the UI and the one in the log are not really helpfull. As i do not have a subscription for LDAP tools by Techlib' i cannot identify if it comes from my side or another. I'm going to try an 9.x version and see the differences. If i have enough revelant information, i'll put it here
That's what I'm suspecting. I've used past GLPI versions and any problem I had with LDAP I could flawlessly debug it. No, it seems to be impossible.
stonebuzz
commented
2 years ago Are you using anonymous connection ?
Have you tested this new option ?
Best regards
keguira
commented
2 years ago So, before doing much more tests, as far as i know, here is the context :
I have the same errors :
[2022-09-13 14:54:31] glpiphplog.WARNING: *** PHP Warning (2): ldap_search(): Search: Operations error in C:\glpi\src\AuthLDAP.php at line 3372
Backtrace :
src\AuthLDAP.php:3372 ldap_search()
src\AuthLDAP.php:2770 AuthLDAP::searchUserDn()
src\AuthLDAP.php:2696 AuthLDAP::ldapImportUserByServerId()
front\user.form.php:117 AuthLDAP::forceOneUserSynchronization()
[2022-09-13 14:54:31] glpiphplog.CRITICAL: *** Uncaught Exception RuntimeException: Something went wrong searching in LDAP directory in C:\glpi\src\AuthLDAP.php at line 3388
Backtrace :
src\AuthLDAP.php:2770 AuthLDAP::searchUserDn()
src\AuthLDAP.php:2696 AuthLDAP::ldapImportUserByServerId()
front\user.form.php:117 AuthLDAP::forceOneUserSynchronization()It does not come from AD LDAP I have the same application and same settings on 10.0.1 and it works (same server, same AD...) So seems that the problem comes from GLPI 10.0.2 I tried to check the difference between files in 10.0.1 and 10.0.2 but I have not enough time...
@stonebuzz : yes, i have tried and change nothing :-(
keguira
commented
2 years ago Ok so, to not spam here : i made some tests with the 10.0.1 and 10.0.2. After a "lot" of trials, i can now see my users. I can still have some errors during import if i use the "simple" mode. If i use the expert mode, i have a correct paginated list. Also the expert mode helped me with the configuration.
Right now, without further tricks, the configuration is quite out-of-the-box :
(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))dcsamaccountnameobjectguidI'll try to keep you updated with everything i can see with my other trials and (21) Active Directories
calmettesj
commented
2 years ago Same problem with theses informations I have tried to fill exactly the same informations but i could not connect to GLPI using LDAP and could not import/sync users
PS : I am in 10.0.2 Same configuration works in 10.0.1
I haven't seen a modification on this purpose on 10.0.3 so I have not upgrade
calmettesj
commented
2 years ago I have found a part of the problem Two points
cedric-anne
commented
2 years ago I have found a part of the problem Two points
- During migration the auth_ldap files had a problem (i have resintall all 10.0.2 files like a new/fresh update)
- The password stored for the AD request was corrupted (I use the same between my 2 GLPI and in database the password was different. I have check my database backup before upgrade and it was the same than my other GLPI ...)
During installation/update, if encryption key file is not present on file system, GLPI generates a new random encryption key, resulting in the impossibility to decrypt content that was stored using previous key. It seems that you did not update your GLPI instance using expected process. See https://glpi-install.readthedocs.io/en/latest/update.html for expected update process.
github-actions[bot]
commented
1 year ago There has been no activity on this issue for some time and therefore it is considered stale and will be closed automatically in 10 days.
If this issue is related to a bug, please try to reproduce on latest release. If the problem persist, feel free to add a comment to revive this issue. If it is related to a new feature, please open a topic to discuss with community about this enhancement on suggestion website.
You may also consider taking a subscription to get professionnal support or contact GLPI editor team directly.
Code of Conduct
Is there an existing issue for this?
Version
10.0.2
Bug description
Hi Since the upgrade on 10.0.2 LDAP is not working anymore (link to Microsoft Active Directory) The LDAP configuration is the same as in 10.0.1 When I check the configuration and make a test it tells connection Ok But nor syncrhonization, import or connection is possible
Relevant log output
Page URL
No response
Steps To reproduce
No response
Your GLPI setup information
Informations sur le système, l'installation et la configuration
Server
Operating system: Linux 5.10.0-11-amd64 #1 SMP Debian 5.10.92-1 (2022-01-18) x86_64 PHP 8.0.22 fpm-fcgi (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, bz2, calendar, cgi-fcgi, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, readline, session, shmop, snmp, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm, tokenizer, xml, xmlreader, xmlwriter, xsl, zip, zlib) Setup: max_execution_time="30" memory_limit="256M" post_max_size="8M" safe_mode="" session.save_handler="files" upload_max_filesize="2M" Software: Apache/2.4.54 (Debian) (Apache/2.4.54 (Debian) Server at ********** Port 80 ) Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Server Software: Debian 11 Server Version: 10.5.15-MariaDB-0+deb11u1 Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION Parameters: glpi@localhost/support-info Host info: Localhost via UNIX socket PHP version (8.0.22) is supported. Sessions configuration is OK. Allocated memory is sufficient. mysqli extension is installed. Following extensions are installed: dom, fileinfo, json, simplexml. curl extension is installed. gd extension is installed. intl extension is installed. libxml extension is installed. zlib extension is installed. The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present. Database engine version (10.5.15) is supported. The log file has been created successfully. Write access to /var/www/glpi-support/files/_cache has been validated. Write access to /var/www/glpi-support/config has been validated. Write access to /var/www/glpi-support/files/_cron has been validated. Write access to /var/www/glpi-support/files has been validated. Write access to /var/www/glpi-support/files/_dumps has been validated. Write access to /var/www/glpi-support/files/_graphs has been validated. Write access to /var/www/glpi-support/files/_lock has been validated. Write access to /var/www/glpi-support/files/_pictures has been validated. Write access to /var/www/glpi-support/files/_plugins has been validated. Write access to /var/www/glpi-support/files/_rss has been validated. Write access to /var/www/glpi-support/files/_sessions has been validated. Write access to /var/www/glpi-support/files/_tmp has been validated. Write access to /var/www/glpi-support/files/_uploads has been validated. Web access to the files directory should not be allowed but this cannot be checked automatically on this instance. Make sure access to error log file (/files/_log/php-errors.log) is forbidden; otherwise review .htaccess file and web server configuration. exif extension is installed. ldap extension is installed. openssl extension is installed. zip extension is installed. bz2 extension is installed. Zend OPcache extension is installed. Following extensions are installed: ctype, iconv, mbstring, sodium. Write access to /var/www/glpi-support/marketplace has been validated. Timezones seems not loaded, see https://glpi-install.readthedocs.io/en/latest/timezones.html.GLPI constants
Libraries
LDAP directories
Server: '*****', Port: '389', BaseDN: 'OU=Utilisateurs,DC=*********', Connection filter: none, RootDN: 'CN=********,OU=*******,OU=Utilisateurs,DC=**********', Use TLS: noneSQL replicas
Notifications
Plugins list
order Name: Gestion des commandes Version: 2.9.0 State: Enabled Install Method: Marketplace oauthimap Name: Oauth IMAP Version: 1.4.0 State: Enabled Install Method: MarketplaceAnything else?
No response