leenooks / phpLDAPadmin

phpLDAPadmin - Web based LDAP administration tool
www.phpldapadmin.org
GNU General Public License v2.0
536 stars 171 forks source link

You found a non-fatal phpLDAPadmin bug! #231

Closed Sasquacz1 closed 1 year ago

Sasquacz1 commented 1 year ago

I have a problem after updating phpldapadmin (1.2.6.3) I ran the command apt-get upgrade where, among other things, phpldapadmin updated itself

Unpacking phpldapadmin (1.2.6.3-0.3) over (1.2.6.3-0.2) ...

After restarting apache2 in incognito mode, I get an error UNHANDLED, $resource is not a resource

But for that, in normal mode, I get an error

E_WARNING: openssl_decrypt(): Setting of IV length for AEAD mode failed You found a non-fatal phpLDAPadmin bug!

ERROR1 ERROR2

What could be the problem and how to solve it?

Debian=12 PHP= 7.4.30 Apache=2.4.54-1

williamdes commented 1 year ago

Hi @Sasquacz1

Unpacking phpldapadmin (1.2.6.3-0.3) over (1.2.6.3-0.2) ...

You are using the Debian package version

I am the one responsible for the packaging since 1.2.6.3-0.3, for it to work you have to use PHP 8.2 since Debian is provided with PHP 8.2 Or remove the Debian package, and install manually 1.2.6.6 from this repository

williamdes commented 1 year ago

Alternative solution to the login problem, remove the two lines https://sources.debian.org/src/phpldapadmin/1.2.6.3-0.3/lib/ds_ldap.php/#L219

Or update it to https://github.com/leenooks/phpLDAPadmin/blob/BRANCH-1.2/lib/ds_ldap.php#L219

And update https://sources.debian.org/src/phpldapadmin/1.2.6.3-0.3/lib/ds_ldap.php/#L340 to https://github.com/leenooks/phpLDAPadmin/blob/BRANCH-1.2/lib/ds_ldap.php#L340

Sasquacz1 commented 1 year ago

Alternative solution to the login problem, remove the two lines https://sources.debian.org/src/phpldapadmin/1.2.6.3-0.3/lib/ds_ldap.php/#L219

Or update it to https://github.com/leenooks/phpLDAPadmin/blob/BRANCH-1.2/lib/ds_ldap.php#L219

And update https://sources.debian.org/src/phpldapadmin/1.2.6.3-0.3/lib/ds_ldap.php/#L340 to https://github.com/leenooks/phpLDAPadmin/blob/BRANCH-1.2/lib/ds_ldap.php#L340

Thanks for the quick reply !

I tried first deleting the two lines you provided however then I get this error

Failed to Authenticate to server

Invalid Username or Password.

Will now try to update PHP

williamdes commented 1 year ago

Would you mind opening a Debian bug for this so I can forward an update to the version of the line that was shipped in newer versions ? I can give you some help to do it

Sasquacz1 commented 1 year ago

PHP 8.2.7 (cli) (built: Jun 9 2023 19:37:27) (NTS) Copyright (c) The PHP Group Zend Engine v4.2.7, Copyright (c) Zend Technologies with Zend OPcache v8.2.7, Copyright (c), by Zend Technologies

Fatal error: Uncaught Error: Undefined constant "LDAP_DEREF_NEVER" in /usr/share/phpldapadmin/lib/config_default.php:387 Stack trace: #0 /usr/share/phpldapadmin/lib/functions.php(266): Config->__construct() #1 /usr/share/phpldapadmin/htdocs/index.php(116): check_config() #2 {main} thrown in /usr/share/phpldapadmin/lib/config_default.php on line 387

After uploading PHP 8.2 errors as above.

What is your debug plan? I can easily restore the version that works and do the steps you want?

williamdes commented 1 year ago

Ha, first guess: you are most probably missing php8.2-ldap deb/extension

Sasquacz1 commented 1 year ago

Ehh yes that was it.

And the installation of php-xml

williamdes commented 1 year ago

It's difficult to ensure you have them, but I checked and they are required in the DEB: Depends: php, php-ldap, php-xml Maybe some code should be added at the top to catch this

Edit: it seems that there is a check:

  Missing required extension

Your install of PHP appears to be missing LDAP support.Please install LDAP support before using phpLDAPadmin.(Dont forget to restart your web server afterwards)   | Missing required extension Your install of PHP appears to be missing XML support.Please install XML support before using phpLDAPadmin.(Dont forget to restart your web server afterwards)

Sasquacz1 commented 1 year ago

Ok... the panel has started up however.... when clicking e.g. on USER I get an error

There was a problem with the request.

obraz

williamdes commented 1 year ago

That's weird, can you debug a bit further ? I re installed the package on my laptop Debian bookworm and it works fine with my two remote servers. That said I am curious about the openssl_decrypt error, do you have an SSL config ?

Sasquacz1 commented 1 year ago

apache2 error log

[Mon Sep 04 12:09:09.499909 2023] [php:error] [pid 1054000] [client XXXX:49138] PHP Fatal error: Uncaught TypeError: ldap_get_entries(): Argument #2 ($result) must be of type LDAP\\Result, bool given in /usr/share/phpldapadmin/lib/ds_ldap.php:1476\nStack trace:\n#0 /usr/share/phpldapadmin/lib/ds_ldap.php(1476): ldap_get_entries()\n#1 /usr/share/phpldapadmin/lib/ds_ldap.php(1748): ldap->getRawSchema()\n#2 /usr/share/phpldapadmin/lib/ds_ldap.php(1676): ldap->SchemaObjectClasses()\n#3 /usr/share/phpldapadmin/lib/Template.php(104): ldap->getSchemaObjectClass()\n#4 /usr/share/phpldapadmin/lib/xmlTemplates.php(293): Template->storeTemplate()\n#5 /usr/share/phpldapadmin/lib/Template.php(61): xmlTemplate->__construct()\n#6 /usr/share/phpldapadmin/lib/xmlTemplates.php(132): Template->__construct()\n#7 /usr/share/phpldapadmin/lib/PageRender.php(43): xmlTemplates->__construct()\n#8 /usr/share/phpldapadmin/lib/PageRender.php(324): PageRender->getTemplates()\n#9 /usr/share/phpldapadmin/lib/TemplateRender.php(46): PageRender->getTemplateChoice()\n#10 /usr/share/phpldapadmin/htdocs/template_engine.php(48): TemplateRender->accept()\n#11 /usr/share/phpldapadmin/htdocs/cmd.php(59): include('...')\n#12 {main}\n thrown in /usr/share/phpldapadmin/lib/ds_ldap.php on line 1476, referer: https://ldap-dev.temp/admin/cmd.php?server_id=1&redirect=true

As for SSL, I do not use encryption configuration in openldap. Even SSL for apache2 is added via haproxy

williamdes commented 1 year ago

I am working on a update for Debian, it seems that PHP 7.4 works great too after changing the login lines.

Reading https://www.php.net/manual/function.ldap-get-entries.php and https://www.php.net/manual/function.ldap-connect.php

I think you may have some login problem, can you check with a command line first ? Or rollback to PHP 7.4 with tweaking the two lines, not sure it will output something more friendly

Sasquacz1 commented 1 year ago

I just started checking my LDAP management scripts
And I actually have an error

LDAP vendor version mismatch: library 20513, header 20516

I will try to solve the problem today

williamdes commented 1 year ago

Let me know how this is going :) Can you open a Debian bug for the PHP 7.4 compat ?

Sasquacz1 commented 1 year ago

I'm honestly still struggling with the library replacement But due to an important tasks and my vacation I gave this task a lower priority

"Can you open a Debian bug for the PHP 7.4 compat ?" What do you mean?

williamdes commented 1 year ago

What do you mean?

Well, since this login issue is entirely due to my patch if you can use the tool: reportbug Or (the same but without the burden of this tool) send an email to submit@bugs.debian.org

Subject: phpldapadmin: unable to login with PHP 7.4 Body:

Package: phpldapadmin
Version: 1.2.6.3-0.3
Severity: normal

.. Say some words about you are unable to login...

email it Success you reported your first public Debian bug 👌 And then I can process the bug and make an update for Debian In a point release, let's say Debian 12.3

Sasquacz1 commented 1 year ago

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051391

williamdes commented 1 year ago

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051391

Awesome!! Thank you so much

leenooks commented 1 year ago

Closing, as this is a packaging issue, not a PLA issue?

williamdes commented 1 year ago

Closing, as this is a packaging issue, not a PLA issue?

Yes, I am handing it on my side