go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.24k stars 5.42k forks source link

After Update to 1.17.4 LDAP Login is not working anymore #22432

Open phatair opened 1 year ago

phatair commented 1 year ago

Description

Hello, we updated our Gitea Server to 1.17.4 and after the Update one user can not login anymore. We use LDAP Authentication and other Users can login without any problem. The user could login with the old version without any problems. In the Log i can see the following error

2023/01/13 07:28:40 ...s/context/context.go:220:HTML() [D] [63c0fa18] Template: home 2023/01/13 07:29:02 ...s/context/context.go:220:HTML() [D] [63c0fa2e] Template: user/auth/signin 2023/01/13 07:29:08 ...dap/source_search.go:98:findUserDN() [D] [63c0fa34] Failed search using filter[(&(objectCategory=Person)(memberOf=CN=Sec_Gitea-Users,OU=Sicherheitsgruppen,OU=xxx,DC=our,DC=internal,DC=domain)(sAMAccountName=<username removed>@domain.com)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))]: <nil> 2023/01/13 07:29:08 ...s/context/context.go:220:HTML() [D] [63c0fa34] Template: user/auth/signin 2023/01/13 07:29:08 ...ers/web/auth/auth.go:200:SignInPost() [I] [63c0fa34] Failed authentication attempt for <username removed> from xxx.xxx.xxx.xxx:57540: user does not exist [uid: 0, name: <username removed>@domain.com, keyid: 0]

The strange thing is this this information in the Log -> (sAMAccountName=@mail.com) The sAMAccountName is not @domain.com, this is normally the userprincipalname.

Does everyone has the same problem or can help me with this problem? Thanks a lot.

Gitea Version

1.17.4

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Ubuntu 20.04.3

How are you running Gitea?

Gitea is running on Ubuntu 20.04.3 Installed with the official binarys.

Database

MySQL

phatair commented 1 year ago

Found the problem. For this User the username for authentictaion in the Gitea Local user was set to username@domain.com and not to username So Gitea searches for username@domain.com in the sAMAccountName and that was wrong.

We didnt changed anything on the LDAP/Gitea Account. So i think maybe there was changed something in the 1.17.4 version (or ealier, we used befor a version from 1.16.x).

Maybe this help someone.

yp05327 commented 1 year ago

Maybe this PR is related? https://github.com/go-gitea/gitea/pull/18789