Open paragon21 opened 1 month ago
The data 775 indicate that this account is locked out, maybe some other user is trying to login to the Active Directory with the wrong password.
@stonezdj Yes, it does, except if users were to send a lot of invalid requests, they would get a personal AD account lockout. I am getting a Harbor account lockout, which makes it impossible to connect any user and platform component that interacts with Harbor. Dumping the traffic shows that the password becomes corrupted after a while, and only rebooting all components for a while helps.
Dumping the traffic shows that the password becomes corrupted after a while, and only rebooting all components for a while helps. --- Do you have any log or screenshot to prove that The reboot has no relationship with the account unlock, it just happens when the lock is timed out.
@paragon21 , harbor has its state in db and redis. before restarting harbor can you try to restart redis to see if th error resolves?
Also, can you identify what in the password changes? is it the encoding from what to what? Is the user sending the pwd with the wrong encoding maybe? Old shool linux problem?
I have encountered a strange problem when using Harbor - periodically during outgoing connections to the AD server Harbor starts sending a bad password from the server account. It looks like incorrect encoding. This prevents authentication either through the web UI or through the docker client. I have tried saving the LDAP connection settings via the web UI, and statically via the env variable CONFIG_OVERWRITE_JSON, but the problem persists. After rebooting all components, the problem usually goes away for some time, for a couple hours or even days. Password contains only latin letters (eng) and digits, bind dn contains cyrillic and latin characters.