Open bef0r3station opened 1 week ago
Node1 and Node2 are using the same Redis setup, right?
First, could you please test the LDAP connection in the system settings of both Node1 and Node2 separately to check if the connection is successful?
Yes, redis is one for two nodes. Synchronization is successful on both nodes. Where was the last time synchronization was performed - LDAP authentication works
Will the test for connectivity be successful?
Hello! The connection is being established successfully
Was the test login successful?
The fact is that the test login is successful and the LDAP authentication is successful on the node on which I made a test connection to LDAP through the administrator's personal account. But the problem is that LDAP authentication stops working on the second node.
Could you perform the above test verification on the second node?
Yes, of course. The test passes, authentication is successful, but at the same time, an authentication problem is observed on the first node
If login or test failures only occur occasionally, it’s very likely an issue with Redis.
I saw you mentioned above that you’re using an external Redis. What version is it?
Hello. The problem repeats itself all the time. Redis version: 6.2.13
I tried to update redis to version 7.2.5. It didn't help, the error is repeated
I can’t pinpoint the issue right now.
Can I connect to your computer remotely and help you check it using AnyDesk or a similar remote tool?
Hello! Yes, of course, I would be very grateful. When is it convenient for you to connect? I will provide access via AnyDesk
Ok. One moment
Okay. You can add me as a friend on Discord.
I apologize. Some circumstances have arisen, I suggest postponing the solution of the problem indefinitely. Thanks for the feedback!
Product Version
4.3.0
Product Edition
Installation Method
Environment Information
Cluster Jumpserver
🐛 Bug Description
Hello. After installing the Jump server, synchronization with LDAP was performed on the first node. When trying to log in, the message "Server error occur, contact the administrator" appears on the second page, and the following is in the jumpserver.log
2024-10-21 23:45:19 [INFO] Authentication LDAP backend 2024-10-21 23:45:19 [ERRO] result(2) raised OPERATIONS_ERROR({'msgtype': 101, 'msgid': 2, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': '000004DC: LdapErr: DSID-0C090C77, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563'}) 2024-10-21 23:45:19 [WARN] password is mandatory in simple bind while authenticating example@example.com 2024-10-21 23:45:19 [ERRO] Internal Server Error: /core/auth/login/ Traceback (most recent call last): File "/opt/py3/lib/python3.11/site-packages/asgiref/sync.py", line 518, in thread_handler raise exc_info[1] File "/opt/py3/lib/python3.11/site-packages/django/core/handlers/exception.py", line 43, in inner response = await get_response(request) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/asgiref/sync.py", line 518, in thread_handler raise exc_info[1] File "/opt/py3/lib/python3.11/site-packages/django/core/handlers/base.py", line 253, in _get_response_async response = await wrapped_callback( ^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/asgiref/sync.py", line 468, in call ret = await asyncio.shield(exec_coro) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/asgiref/current_thread_executor.py", line 40, in run result = self.fn(*self.args, self.kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/asgiref/sync.py", line 522, in thread_handler return func(*args, *kwargs) ^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/views/generic/base.py", line 103, in view return self.dispatch(request, args, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/utils/decorators.py", line 46, in _wrapper return bound_method(*args, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/views/decorators/debug.py", line 92, in sensitive_post_parameters_wrapper return view(request, *args, *kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/utils/decorators.py", line 46, in _wrapper return bound_method(args, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/utils/decorators.py", line 134, in _wrapped_view response = view_func(request, *args, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/utils/decorators.py", line 46, in _wrapper return bound_method(*args, *kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/views/decorators/cache.py", line 62, in _wrapped_view_func response = view_func(request, args, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/views/generic/base.py", line 142, in dispatch return handler(request, args, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/views/generic/edit.py", line 153, in post return self.form_valid(form) ^^^^^^^^^^^^^^^^^^^^^ File "/opt/jumpserver/apps/authentication/views/login.py", line 251, in form_valid self.check_user_auth(form.cleaned_data) File "/opt/jumpserver/apps/authentication/mixins.py", line 470, in check_user_auth user = self._check_auth_user_is_valid(username, password, public_key) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/jumpserver/apps/authentication/mixins.py", line 438, in _check_auth_user_is_valid user = authenticate( ^^^^^^^^^^^^^ File "/opt/jumpserver/apps/authentication/mixins.py", line 72, in authenticate user = backend.authenticate(request, credentials) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/jumpserver/apps/authentication/backends/ldap.py", line 95, in authenticate user = self.authenticate_ldap_user(ldap_user, password) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 206, in authenticate_ldap_user return ldap_user.authenticate(password) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 348, in authenticate self._authenticate_user_dn(password) File "/opt/py3/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 478, in _authenticate_user_dn if self.dn is None: ^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 443, in dn self._load_user_dn() File "/opt/py3/lib/python3.11/site-packages/django_auth_ldap/backend.py", line 514, in _load_user_dn self._user_dn = cache.get_or_set( ^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/django/core/cache/backends/base.py", line 228, in get_or_set default = default() ^^^^^^^^^ File "/opt/jumpserver/apps/authentication/backends/ldap.py", line 186, in _search_for_user_dn user_dn = self._search_for_user_dn_from_ldap_util() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/jumpserver/apps/authentication/backends/ldap.py", line 152, in _search_for_user_dn_from_ldap_util user_dn = util.search_for_user_dn(self._username) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/jumpserver/apps/settings/utils/ldap.py", line 217, in search_for_user_dn user_entries = self.search_user_entries(search_users=[username]) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/jumpserver/apps/common/utils/common.py", line 222, in wrapper result = func(args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^ File "/opt/jumpserver/apps/settings/utils/ldap.py", line 178, in search_user_entries self.search_user_entries_ou(search_ou) File "/opt/jumpserver/apps/settings/utils/ldap.py", line 151, in search_user_entries_ou self.connection.search( ^^^^^^^^^^^^^^^ File "/opt/jumpserver/apps/settings/utils/ldap.py", line 107, in connection conn.bind() File "/opt/py3/lib/python3.11/site-packages/ldap3/core/connection.py", line 604, in bind request = bind_operation(self.version, self.authentication, self.user, self.password, auto_encode=self.auto_encode) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/py3/lib/python3.11/site-packages/ldap3/operation/bind.py", line 59, in bind_operation raise LDAPPasswordIsMandatoryError('password is mandatory in simple bind') ldap3.core.exceptions.LDAPPasswordIsMandatoryError: password is mandatory in simple bind
logs synchronization was performed on port 389 and 636, but all attempts were unsuccessful. When synchronizing LDAP on the second node, this node works correctly, all problems are transferred to the first one, but yes, please tell me how to solve this problem?
Recurrence Steps
Synchronize one node, verify authentication on the second node
Expected Behavior
Internal server error, unsuccessful LDAP authentication
Additional Information
No response
Attempted Solutions
I tried to change port 636 and 389, replaced the user for reading the directory, as well as authentication