LDAP doesn't work as expected

[HaziFlorinMarian]

Page on which it happened

index.php?page=ldap

Steps to reproduce

1. Configure Active Directory as LDAP server

Expected behaviour

Authentication to work properly.

Actual behaviour

I get the error below when I enter the username / password to test the LDAP connection: Error : 49 - Invalid credentials 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

Server configuration

Operating system: Linux getafix2 5.4.0-104-generic #118-Ubuntu SMP Wed Mar 2 19:02:41 UTC 2022 x86_64

Web server: Apache/2.4.41 (Ubuntu)

Database: 5.5.5-10.3.34-MariaDB-0ubuntu0.20.04.1

PHP version: 7.4.3

Teampass version: 3.0.0.14

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '1',
'log_connections' => '0',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '1',
'item_duplicate_in_same_folder' => '0',
'duplicate_item' => '0',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html',
'cpassman_url' => 'https://<anonym_url>
'favicon' => 'https://getafix.newro.co/favicon.ico',
'path_to_upload_folder' => '/var/www/html/upload',
'url_to_upload_folder' => 'https://getafix.newro.co/upload',
'path_to_files_folder' => '/var/www/html/files',
'url_to_files_folder' => 'https://getafix.newro.co/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'cpassman_version' => '3.0.0.14',
'ldap_mode' => '0',
'ldap_type' => 'ActiveDirectory',
'ldap_suffix' => '0',
'ldap_domain_dn' => '0',
'ldap_domain_controler' => '0',
'ldap_user_attribute' => 'sAMAccountName',
'ldap_ssl' => '1',
'ldap_tls' => '0',
'ldap_elusers' => '0',
'ldap_search_base' => '0',
'richtext' => '0',
'allow_print' => '0',
'roles_allowed_to_print' => '0',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '0',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => '',
'default_language' => 'english',
'send_stats' => '0',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => '<removed>'
'email_smtp_auth' => '0',
'email_auth_username' => '<removed>'
'email_auth_pwd' => '<removed>'
'email_port' => '25',
'email_security' => '',
'email_server_url' => '',
'email_from' => '<removed>'
'email_from' => '<removed>'
'pwd_maximum_length' => '40',
'google_authentication' => '0',
'delay_item_edition' => '0',
'allow_import' => '0',
'proxy_ip' => '',
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for newro.co',
'api' => '0',
'subfolder_rights_as_parent' => '1',
'show_only_accessible_folders' => '0',
'enable_suggestion' => '0',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '60',
'duo' => '0',
'enable_server_password_change' => '0',
'ldap_object_class' => '0',
'bck_script_path' => '/opt/teampass-dump',
'bck_script_filename' => 'teampass-dump',
'syslog_enable' => '0',
'syslog_host' => 'localhost',
'syslog_port' => '514',
'saltkey_ante_2127' => 'yNGhUYJeTCe6VEEC',
'teampass_version' => '2.1.27',
'migration_to_2127' => 'done',
'manager_move_item' => '0',
'create_item_without_password' => '0',
'send_stats_time' => '1558767450',
'agses_authentication_enabled' => '0',
'timezone' => 'UTC',
'personal_saltkey_security_level' => '0',
'item_extra_fields' => '0',
'ldap_new_user_is_administrated_by' => '3',
'ldap_port' => '636',
'offline_key_level' => '0',
'enable_http_request_login' => '0',
'admin_2fa_required' => '1',
'otv_is_enabled' => '0',
'ldap_and_local_authentication' => '1',
'secure_display_image' => '1',
'upload_zero_byte_file' => '0',
'upload_all_extensions_file' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'files_with_defuse' => 'done',
'password_overview_delay' => '4',
'roles_allowed_to_print_select' => '',
'clipboard_life_duration' => '30',
'mfa_for_roles' => '',
'tree_counters' => '0',
'settings_offline_mode' => '0',
'settings_tree_counters' => '0',
'copy_to_clipboard_small_icons' => '1',
'enable_massive_move_delete' => '0',
'email_debug_level' => '0',
'ldap_hosts' => '*******-dc1.*******.local',
'ldap_bdn' => 'CN=Users,DC=*******,DC=local',
'ldap_password' => '',
'ldap_username' => 'CN=******,CN=Users,DC=*******,DC=local',
'ldap_user_object_filter' => '(&(objectCategory=Person)(sAMAccountName=*))',
'ldap_dn_additional_user_dn' => '',
'ldap_new_user_role' => '1',
'ldap_user_dn_attribute' => '',

Updated from an older Teampass or fresh install:

Client configuration

Browser: Chrome - 99.0.4844.51

Operating system: Windows - 64bits

Logs

Web server error log

Undefined index: path - /var/www/html/sources/main.queries.php (1106)

Teampass 10 last system errors

 * 06/07/2018 12:34:39 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@  * 02/02/2018 11:58:40 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@  * 27/11/2017 09:18:29 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@  * 27/11/2017 09:17:19 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@  * 29/09/2017 12:28:26 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@  * 29/09/2017 12:24:49 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@  * 29/09/2017 12:24:11 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@  * 20/09/2017 07:40:30 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@  * 18/09/2017 13:23:54 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@  * 18/09/2017 11:46:09 - Query: SELECT u.login as login, i.id as id, i.label as label, i.id_tree as id_tree, l.date as date, n.title as folder_title
            FROM teampass_log_items as l
            INNER JOIN teampass_items as i ON (l.id_item=i.id)
            INNER JOIN teampass_users as u ON (l.id_user=u.id)
            INNER JOIN teampass_nested_tree as n ON (i.id_tree=n.id)
            WHERE i.inactif = 1
            AND l.action = 'at_delete'
            GROUP BY l.id_item<br />Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'teampass.u.login' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by<br />@ 

Log from the web-browser developer console (CTRL + SHIFT + i)

Insert the log here and especially the answer of the query that failed.

Relevant apache2 errorlog: [Tue Mar 15 13:30:01.462218 2022] [php7:warn] [pid 59721] [client 172.17.16.10:59198] PHP Warning: Illegal offset type in /var/www/html/includes/libraries/LdapRecord/Connection.php on line 495, referer: https://getafix-temp.newro.co/index.php?page=ldap

[useronkel]

Hi. If it is not relevant for you, just ignore my comment. Otherwise: Delete username and password from your provided ldap-config :-)

[alexlorvi]

In realization by LdapRecord, parameter ldap_user_object_filter is totally ignored. Filter hardcoded in sources/users.queries.php But why You not used rawFilter method? I can't understand why I need get all 3000+ records, when I can write filter to get only 10+ of them (

[LuckyFrost]

+1 to alexlorvi, ldap_user_object_filter totally ignored.