search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.66k stars 543 forks source link

Passwords not accessible after external LDAP user password change #3157

Open juokelis opened 2 years ago

juokelis commented 2 years ago

Page on which it happened

Home screen

Steps to reproduce

  1. Login with LDAP user created before.
  2. Create one or more passwords
  3. Log out
  4. Change LDAP user password
  5. Log into TP again
  6. You will not see any passwords, just an error "Warning: mysqli_fetch_object() expects parameter 1 to be mysqli_result, bool given in /var/www/html/includes/libraries/Tree/NestedTree/NestedTree.php on line 174 nah7YlNTU1Mg6l4aTwaZYKX7nC5+kZeN2JGgdmD6D3inmwPhHl4MOBj8cVIAwBjfJ1qwVP+uFBP6MvXfWqfck7Sy"

Expected behaviour

Password folders/list should be visible.

Actual behaviour

Password list progress scroll keeps scrolling "Loading ..." and error message displayed "Warning: mysqli_fetch_object() expects parameter 1 to be mysqli_result, bool given in /var/www/html/includes/libraries/Tree/NestedTree/NestedTree.php on line 174 nah7YlNTU1Mg6l4aTwaZYKX7nC5+kZeN2JGgdmD6D3inmwPhHl4MOBj8cVIAwBjfJ1qwVP+uFBP6MvXfWqfck7Sy"

Server configuration

Operating system: Linux ac278386727e 4.9.0 #1 SMP Tue Aug 25 11:59:26 MSK 2020 x86_64

Web server: nginx/1.18.0

Database: 5.7.33

PHP version: 7.4.9

Teampass version: 3.0.0.17

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '1',
'log_connections' => '1',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'Y-m-d',
'duplicate_folder' => '0',
'item_duplicate_in_same_folder' => '0',
'duplicate_item' => '0',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html',
'cpassman_url' => 'https://<anonym_url>
'favicon' => 'https://<anonym_url>/favicon.ico',
'path_to_upload_folder' => '/var/www/html/upload',
'path_to_files_folder' => '/var/www/html/files',
'url_to_files_folder' => 'https://<anonym_url>/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'cpassman_version' => '3.0.0.7',
'ldap_mode' => '1',
'ldap_type' => 'OpenLDAP',
'ldap_suffix' => '0',
'ldap_domain_dn' => '0',
'ldap_domain_controler' => 'ldaptunnel',
'ldap_user_attribute' => 'uid',
'ldap_ssl' => '0',
'ldap_tls' => '0',
'ldap_elusers' => '0',
'ldap_search_base' => 'dc=iterato,dc=lt',
'ldap_port' => '389',
'richtext' => '0',
'allow_print' => '0',
'roles_allowed_to_print' => '0',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '1',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => '',
'default_language' => 'english',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'send_stats_time' => '1616590431',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => '<removed>'
'email_smtp_auth' => '',
'email_auth_username' => '<removed>'
'email_auth_pwd' => '<removed>'
'email_port' => '',
'email_security' => '',
'email_server_url' => '',
'email_from' => '<removed>'
'email_from' => '<removed>'
'pwd_maximum_length' => '40',
'google_authentication' => '1',
'delay_item_edition' => '0',
'allow_import' => '0',
'proxy_ip' => '',
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for Iterato',
'api' => '0',
'subfolder_rights_as_parent' => '1',
'show_only_accessible_folders' => '0',
'enable_suggestion' => '0',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '60',
'duo' => '0',
'enable_server_password_change' => '0',
'ldap_object_class' => '0',
'bck_script_path' => '/var/www/html/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '0',
'syslog_host' => 'localhost',
'syslog_port' => '514',
'manager_move_item' => '1',
'create_item_without_password' => '0',
'otv_is_enabled' => '0',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '0',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'Europe/Vilnius',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '1',
'disable_show_forgot_pwd_link' => '1',
'offline_key_level' => '60',
'enable_http_request_login' => '0',
'ldap_and_local_authentication' => '0',
'secure_display_image' => '1',
'upload_zero_byte_file' => '0',
'upload_all_extensions_file' => '0',
'bck_script_passkey' => '<removed>'
'admin_2fa_required' => '0',
'password_overview_delay' => '4',
'copy_to_clipboard_small_icons' => '1',
'duo_akey' => '',
'duo_ikey' => '',
'duo_skey' => '',
'duo_host' => '',
'teampass_version' => '',
'roles_allowed_to_print_select' => '',
'clipboard_life_duration' => '30',
'ldap_hosts' => 'ldaptunnel',
'ldap_bdn' => 'dc=iterato,dc=lt',
'ldap_username' => '********',
'ldap_password' => '********',
'ldap_dn_additional_user_dn' => 'ou=Users',
'ldap_new_user_role' => '1',
'can_create_root_folder' => '1',
'ga_reset_by_user' => '1',
'ldap-test-config-username' => '',
'ldap-test-config-pwd' => '',

Updated from an older Teampass or fresh install: Fresh install.

Client configuration

Browser: - Chrome

Operating system: - Windows

Logs

Web server error log

Undefined index: path - /var/www/html/sources/main.queries.php (1139)

Teampass 10 last system errors

[17-May-2022 12:10:08] WARNING: [pool www] child 22 said into stderr: "NOTICE: PHP message: PHP Warning:  mysqli_fetch_object() expects parameter 1 to be mysqli_result, bool given in /var/www/html/includes/libraries/Tree/NestedTree/NestedTree.php on line 174"
2022/05/17 12:10:09 [error] 18#18: *30 FastCGI sent in stderr: "PHP message: PHP Warning:  mysqli_fetch_object() expects parameter 1 to be mysqli_result, bool given in /var/www/html/includes/libraries/Tree/NestedTree/NestedTree.php on line 174" while reading response header from upstream, client: 192.168.176.1, server: _, request: "GET /index.php?page=items HTTP/1.0", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "localhost:8081", referrer: "https://xx.xx.lt/index.php"
2022/05/17 12:10:09 [warn] 18#18: *30 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/1/00/0000000001 while reading upstream, client: 192.168.176.1, server: _, request: "GET /index.php?page=items HTTP/1.0", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "localhost:8081", referrer: "https://xx.xx.lt/index.php"
[17-May-2022 12:10:10] WARNING: [pool www] child 21 said into stderr: "NOTICE: PHP message: PHP Warning:  mysqli_fetch_object() expects parameter 1 to be mysqli_result, bool given in /var/www/html/includes/libraries/Tree/NestedTree/NestedTree.php on line 174"
2022/05/17 12:10:10 [error] 18#18: *40 FastCGI sent in stderr: "PHP message: PHP Warning:  mysqli_fetch_object() expects parameter 1 to be mysqli_result, bool given in /var/www/html/includes/libraries/Tree/NestedTree/NestedTree.php on line 174" while reading response header from upstream, client: 192.168.176.1, server: _, request: "POST /sources/items.queries.php HTTP/1.0", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "localhost:8081", referrer: "https://xx.xx.lt/index.php?page=items"

Log from the web-browser developer console (CTRL + SHIFT + i)

Uncaught TypeError: Cannot read properties of undefined (reading 'folders')
    at Object.success (index.php?page=items:6197:40)
    at c (jquery.min.js:2:28327)
    at Object.fireWith [as resolveWith] (jquery.min.js:2:29072)
    at l (jquery.min.js:2:79901)
    at XMLHttpRequest.<anonymous> (jquery.min.js:2:82355)

DevTools failed to load source map: Could not load content for https://xx.xx.lt/plugins/summernote/summernote-bs4.css.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE
Nachtlichtermeer commented 2 years ago

same problem here

i found a workaround:

  1. disable LDAP-Sync for that user
  2. change password of that (local) user
  3. Send new password by mail
  4. now the user have to login and change his password
  5. activate LDAP-Sync for that user
annguyendl commented 1 year ago

same problem here

i found a workaround:

1. disable LDAP-Sync for that user

2. change password of that (local) user

3. Send new password by mail

4. now the user have to login and change his password

5. activate LDAP-Sync for that user

After re-activate LDAP-Sync for that user, user login successful by LDAP password then TeamPass asked to Synchronize new password

If user input:

Anyone can help?

lamdaiphong commented 9 months ago

Same for me, my scenario is: Existing users after changing their password from LDAP server, after that when logging into Teampass, they will lost permission to see or copy the password. They can have the permission back only if click on Synchronize new password or generate a new OTP for them if they forgot the old password. Is there any way to sync new password from LDAP automatically for all existing Teampass's users?