hashishaw
commented
1 year ago Hi @sdetoni ! Thank you for the excellent documentation on this bug report. Unfortunately I'm unable to reproduce locally, so will have to lean on you for some more context to track down where this is happening. If you could please share:
- the network request and response from the browser network tab (should be the
POSTmethod to/v1/auth/ldap/login/your-username) with any sensitive information redacted - a gif of you attempting to log in via the UI
Those items together should help us track down what's happening. Thanks!
sdetoni
**Describe the bug** A recent update to 1.12.1 release of Vault is preventing LDAP auth from Web UI from working successfully. However login via vault console is successful with : 'vault login -method=ldap' Password (will be hidden): Success! You are now authenticated. The token information displayed below is already stored in the token helper. You do NOT need to run "vault login" again. Future Vault requests will automatically use this token. Key Value --- ----- token hvs.C*********U token_accessor k*******3 token_duration 4h token_renewable true token_policies ["default" "ldap_auth_policy"] identity_policies ["s****" "systems"] policies ["default" "ldap_auth_policy" "s****" "systems"] token_meta_username s**** Placing Vault config in debug mode produces the following error is produced when trying to login via LDAP web UI 2022-11-07T14:42:19.157+1300 [ERROR] core: failed to create token: error="failed to persist accessor index entry: context canceled" Vault is also able to query all of the required LDAP groups for the logging user, but then produces the above error. **To Reproduce** Steps to reproduce the behavior: Try and authenticate using LDAP using Web UI. **Expected behavior** I expect the LDAP auth to complete as in previous releases of Vault. **Environment:** vault status Key Value --- ----- Recovery Seal Type shamir Initialized true Sealed false Total Recovery Shares 5 Threshold 3 Version 1.12.1 Build Date 2022-10-27T12:32:05Z Storage Type file Cluster Name vault-cluster-89cb21f3 Cluster ID 2d54ffc8-af6a-0c93-2fa6-24b7f2e8288c HA Enabled false * Vault CLI Version (retrieve with `vault version`): vault version Vault v1.12.1 (e34f8a14fb7a88af4640b09f3ddbb5646b946d9c), built 2022-10-27T12:32:05Z * Server Operating System/Architecture: cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="8.6 (Ootpa)" Vault server configuration file(s): # Full configuration options can be found at https://www.vaultproject.io/docs/configuration ui = true #Enables the built-in web UI, which is available on all listeners (address + port) log_level = "Debug" #Supported log levels: Trace, Debug, Error, Warn, Info. #log_level = "Info" #Supported log levels: Trace, Debug, Error, Warn, Info. #plugin_directory = "/srv/vault/plugins" #Vault must have permission to read files in this directory to successfully load plugins, and the value cannot be a symbolic link. api_addr = "http://*****************:8200" cluster_addr = "http://*************:8201" disable_mlock = true storage "file" { path = "/srv/vault_tst" } # HTTPS listener listener "tcp" { address = "**************:8200" #tls_disable = 0 tls_cert_file = "/etc/pki/tls/certs/*************.crt" tls_key_file = "/etc/pki/tls/private/***********.key" } listener "tcp" { address = "127.0.0.1:8200" #tls_disable = 0 tls_cert_file = "/etc/pki/tls/certs/***************.crt" tls_key_file = "/etc/pki/tls/private/************.key" } seal "transit" { address = "https://*******************:8300" token = "s.***************" disable_renewal = "false" key_name = "autounseal" mount_path = "transit/" tls_skip_verify = "false" } **Additional context** Add any other context about the problem here.