kamax-matrix / mxisd

Federated Matrix Identity Server
GNU Affero General Public License v3.0
224 stars 115 forks source link

LDAP Identity store - Connection reset by peer #115

Closed PiotrIr closed 5 years ago

PiotrIr commented 5 years ago

Hi, I've installed the mxsid but have no luck. When I try to authenticate I'm getting error message as in subject. Could you help please?

Feb 04 19:52:28 myserver mxisd[5119]: .775  INFO [nio-8090-exec-1]      i.k.m.c.auth.v1.AuthController : Requested to check credentials for @testuser:matrix.mydomain.com
Feb 04 19:52:28 myserver mxisd[5119]: .778  INFO [nio-8090-exec-1]     io.kamax.mxisd.auth.AuthManager : Attempting authentication with store LdapAuthProvider
Feb 04 19:52:28 myserver mxisd[5119]: .778  INFO [nio-8090-exec-1]       i.k.m.b.ldap.LdapAuthProvider : Performing auth for @testuser:matrix.mydomain.com
Feb 04 19:52:29 myserver mxisd[5119]: .064  WARN [ NioProcessor-1]   o.a.d.l.c.a.LdapNetworkConnection : Connection reset by peer
Feb 04 19:52:29 myserver mxisd[5119]: java.io.IOException: Connection reset by peer
Feb 04 19:52:29 myserver mxisd[5119]:         at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[na:1.8.0_191]
Feb 04 19:52:29 myserver mxisd[5119]:         at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[na:1.8.0_191]
Feb 04 19:52:29 myserver mxisd[5119]:         at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[na:1.8.0_191]
Feb 04 19:52:29 myserver mxisd[5119]:         at sun.nio.ch.IOUtil.read(IOUtil.java:197) ~[na:1.8.0_191]
Feb 04 19:52:29 myserver mxisd[5119]:         at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) ~[na:1.8.0_191]
Feb 04 19:52:29 myserver mxisd[5119]:         at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:317) ~[mina-core-2.0.16.jar!/:na]
Feb 04 19:52:29 myserver mxisd[5119]:         at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:45) ~[mina-core-2.0.16.jar!/:na]
Feb 04 19:52:29 myserver mxisd[5119]:         at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:683) [mina-core-2.0.16.jar!/:na]
Feb 04 19:52:29 myserver mxisd[5119]:         at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:659) [mina-core-2.0.16.jar!/:na]
Feb 04 19:52:29 myserver mxisd[5119]:         at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:648) [mina-core-2.0.16.jar!/:na]
Feb 04 19:52:29 myserver mxisd[5119]:         at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.16.jar!/:na]
Feb 04 19:52:29 myserver mxisd[5119]:         at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1120) [mina-core-2.0.16.jar!/:na]
Feb 04 19:52:29 myserver mxisd[5119]:         at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.16.jar!/:na]
Feb 04 19:52:29 myserver mxisd[5119]:         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_191]
Feb 04 19:52:29 myserver mxisd[5119]:         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_191]
Feb 04 19:52:29 myserver mxisd[5119]:         at java.lang.Thread.run(Thread.java:748) [na:1.8.0_191]
Feb 04 19:52:29 myserver mxisd[5119]: .224 ERROR [nio-8090-exec-1]   o.a.d.l.c.a.LdapNetworkConnection : Message failed : something wrong has occurred
Feb 04 19:52:29 myserver mxisd[5119]: .227 ERROR [nio-8090-exec-1]     i.k.m.c.DefaultExceptionHandler : Reference #1549309949225 - Connection reset by peer
Feb 04 19:52:29 myserver mxisd[5119]: .227  INFO [nio-8090-exec-1]     i.k.m.c.DefaultExceptionHandler : Request POST http://127.0.0.1:8090/_matrix-internal/identity/v1/check_credentials - Error M_UNKNOWN: An internal server error occured. If this error persists, please contact support with reference #1549309949225

Config:

ldap:
  enabled: true
  connection:
    host: 'DC_IP_Address'
    tls: true
    port: 389
    bindDn: 'CN=user,OU=users,DC=mydomain,DC=local'
    bindPassword: 'password'
    baseDNs: 'OU=Users,DC=mydomain,DC=local'
  attribute:
    uid:
      type: 'uid'
      value: 'sAMAccountName'
trusted_third_party_id_servers:
     - matrix.mydomain.com

password_providers:
  - module: "rest_auth_provider.RestAuthProvider"
    config:
        endpoint: "http://127.0.0.1:8090"
    location /_matrix/client/r0/user_directory {
        proxy_pass http://localhost:8090/_matrix/client/r0/user_directory;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

    location /_matrix/identity {
        proxy_pass http://localhost:8090/_matrix/identity;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

    location /_matrix {
        proxy_pass http://localhost:8008/_matrix;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
maxidorius commented 5 years ago

You use port 389 which is a non-TLS port but set TLS to true, which causes the connection to fail.

You need to either:

PiotrIr commented 5 years ago

Hi Max, Thank you for your reply and help. Now I'm getting another error - password is right, could you help me please?:

Feb  5 09:16:09 server mxisd[2271]: .302  INFO [nio-8090-exec-2]      i.k.m.c.auth.v1.AuthController : Requested to check credentials for @testuser:matrix.mydomain.com
Feb  5 09:16:09 server mxisd[2271]: .302  INFO [nio-8090-exec-2]     io.kamax.mxisd.auth.AuthManager : Attempting authentication with store LdapAuthProvider
Feb  5 09:16:09 server mxisd[2271]: .302  INFO [nio-8090-exec-2]       i.k.m.b.ldap.LdapAuthProvider : Performing auth for @testuser:matrix.mydomain.com
Feb  5 09:16:09 server mxisd[2271]: .310 ERROR [nio-8090-exec-2]     i.k.m.c.DefaultExceptionHandler : Reference #1549358169310 - 80090308: LdapErr: DSID-0C090421, comment: AcceptSecurityContext error, data 52e, v23f0
Feb  5 09:16:09 server mxisd[2271]: .310  INFO [nio-8090-exec-2]     i.k.m.c.DefaultExceptionHandler : Request POST http://127.0.0.1:8090/_matrix-internal/identity/v1/check_credentials - Error M_UNKNOWN: An internal server error occured. If this error persists, please contact support with reference #1549358169310
PiotrIr commented 5 years ago

Hi Max, eventually I found where the problem is so this issue can be closed. Once again - thank you for your help.

drseussofporn commented 5 years ago

What was the solution to this problem? Having the exact same LdapErr.

maxidorius commented 5 years ago

@drseussofporn See my previous comment

drseussofporn commented 5 years ago

@maxidorius My problem was actually his later issue. But I found out the issue and it very well may have been the solution @PiotrIr came across as well. Because I was connecting to AD, the Users line needs to be CN rather than OU smacks head. Thanks for monitoring the issue though!

maxidorius commented 5 years ago

Right - thank you for reporting on your findings! Always happy to help anytime in the future if you encounter any issue. Thank you for using mxisd!