"list index out of range" error if expected attribute is not found in ldap response

[akramelnouby]

Hi,

matrix-synapse is running on an ubuntu 18.04 and is working fine with manually created users using internal db. I tried setting it up to use the local LDAP server, which seems to be accessible and able to authenticate users, but it still fails (Internal server serror on client) with below error in the logs:

Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,928 - synapse.access.https.8448 - 233 - INFO - GET-2- ::ffff:84.147.42.190 - 8448 - Received request: GET /_matrix/client/versions
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,929 - synapse.access.https.8448 - 302 - INFO - GET-2- ::ffff:84.147.42.190 - 8448 - {None} Processed request: 0.001sec/0.000sec (0.001sec, 0.000sec) (0.000sec/0.000sec/0) 222B 200 "GET /_matrix/client/versions HTTP/1.1" "Riot.im/0.9.8 (Linux; U; Android 9; EML-L29 Build/HUAWEIEML-L2; Flavour GooglePlay; MatrixAndroidSDK 0.9.30)" [0 dbevts]
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,930 - synapse.access.https.8448 - 233 - INFO - POST-3- ::ffff:84.147.42.190 - 8448 - Received request: POST /_matrix/client/r0/login
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,930 - synapse.rest.client.v1.login - 176 - INFO - POST-3- Got login request with identifier: {'type': 'm.id.user', 'user': 'testuser1'}, medium: None, address: None, user: 'testuser1'
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,931 - ldap_auth_provider - 91 - DEBUG - POST-3- Attempting LDAP connection with ldap://localhost:389
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,932 - ldap_auth_provider - 287 - DEBUG - - Established LDAP connection in simple bind mode: ldap://localhost:389 - cleartext - user: uid=testuser1,ou=People,dc=example,dc=com - not lazy - unbound - closed - <no socket> - tls not started - not listening - SyncStrategy - internal decoder
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,934 - ldap_auth_provider - 301 - DEBUG - - LDAP Bind successful in simple bind mode.
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,934 - ldap_auth_provider - 107 - DEBUG - - LDAP authentication method simple bind returned: True (conn: ldap://localhost:389 - cleartext - user: uid=testuser1,ou=People,dc=example,dc=com - not lazy - bound - open - <local: [::1]:50926 - remote: [::1]:389> - tls not started - listening - SyncStrategy - internal decoder)
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,935 - ldap_auth_provider - 133 - INFO - - User authenticated against LDAP server: ldap://localhost:389 - cleartext - user: uid=testuser1,ou=People,dc=example,dc=com - not lazy - bound - open - <local: [::1]:50926 - remote: [::1]:389> - tls not started - listening - SyncStrategy - internal decoder
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,935 - synapse.storage._base - 497 - WARNING - - Starting db txn 'get_users_by_id_case_insensitive' from sentinel context
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,935 - synapse.storage._base - 536 - WARNING - - Starting db connection from sentinel context: metrics will be lost
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,936 - synapse.handlers.auth - 528 - WARNING - - Attempted to login as @testuser1:example.com but they do not exist
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,936 - ldap_auth_provider - 163 - DEBUG - - ldap registration filter: (uid=testuser1)
Nov 15 16:03:24 example.com matrix-synapse[21690]: 2019-11-15 16:03:24,938 - synapse.http.server - 109 - ERROR - - Failed handle request via 'LoginRestServlet': <SynapseRequest at 0x7fb430389a20 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.1' site=8448>
Nov 15 16:03:24 example.com matrix-synapse[21690]: Traceback (most recent call last):
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/synapse/http/server.py", line 77, in wrapped_request_handler
Nov 15 16:03:24 example.com matrix-synapse[21690]:     await h(self, request)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/synapse/http/server.py", line 326, in _async_render
Nov 15 16:03:24 example.com matrix-synapse[21690]:     callback_return = await callback_return
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
Nov 15 16:03:24 example.com matrix-synapse[21690]:     result = result.throwExceptionIntoGenerator(g)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
Nov 15 16:03:24 example.com matrix-synapse[21690]:     return g.throw(self.type, self.value, self.tb)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/synapse/rest/client/v1/login.py", line 149, in on_POST
Nov 15 16:03:24 example.com matrix-synapse[21690]:     result = yield self._do_other_login(login_submission)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
Nov 15 16:03:24 example.com matrix-synapse[21690]:     result = result.throwExceptionIntoGenerator(g)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
Nov 15 16:03:24 example.com matrix-synapse[21690]:     return g.throw(self.type, self.value, self.tb)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/synapse/rest/client/v1/login.py", line 239, in _do_other_login
Nov 15 16:03:24 example.com matrix-synapse[21690]:     identifier["user"], login_submission
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
Nov 15 16:03:24 example.com matrix-synapse[21690]:     result = result.throwExceptionIntoGenerator(g)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
Nov 15 16:03:24 example.com matrix-synapse[21690]:     return g.throw(self.type, self.value, self.tb)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/synapse/handlers/auth.py", line 602, in validate_login
Nov 15 16:03:24 example.com matrix-synapse[21690]:     is_valid = yield provider.check_password(qualified_user_id, password)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/twisted/internet/defer.py", line 1418, in _inlineCallbacks
Nov 15 16:03:24 example.com matrix-synapse[21690]:     result = g.send(result)
Nov 15 16:03:24 example.com matrix-synapse[21690]:   File "/opt/venvs/matrix-synapse/lib/python3.6/site-packages/ldap_auth_provider.py", line 185, in check_password
Nov 15 16:03:24 example.com matrix-synapse[21690]:     name = attrs[self.ldap_attributes['name']][0]
Nov 15 16:03:24 example.com matrix-synapse[21690]: IndexError: list index out of range

Here is my corresponding LDAP configuration in homeserver.yml:

password_providers:
    - module: "ldap_auth_provider.LdapAuthProvider"
      config:
        enabled: true
        uri: "ldap://localhost:389"
        start_tls: false
        base: "ou=People,dc=example,dc=com"
        attributes:
           uid: "uid"
           mail: "mail"
           name: "givenName"
        #bind_dn:
        #bind_password:
        #filter: "(objectClass=posixAccount)"

Cheers Akram

[richvdh]

dup #14 I think