search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.67k stars 544 forks source link

LDAP log in issue with version 3.0.10.112 #3933

Closed hitenmandalia closed 11 months ago

hitenmandalia commented 11 months ago
### Steps to reproduce 1. Upgrade version 3.0.10.79 2. Log in using existing AD account 3. ### Expected behaviour AD user should be able to log in ### Actual behaviour In progress bar continuously turning ### Server configuration **Operating system**: Alpine Linux **Web server:** Nginx **Database:** MySQL 8 **PHP version:** 8 **Teampass version:** 3.0.10.112 **Teampass configuration file:** ``` '10', 'enable_favourites' => '1', 'show_last_items' => '1', 'enable_pf_feature' => '0', 'log_connections' => '1', 'log_accessed' => '1', 'time_format' => 'H:i:s', 'date_format' => 'd/m/Y', 'duplicate_folder' => '1', 'item_duplicate_in_same_folder' => '0', 'duplicate_item' => '1', 'number_of_used_pw' => '3', 'manager_edit' => '1', 'cpassman_dir' => '/var/www/html', 'cpassman_url' => 'https://password.xxxxxx.tech', 'favicon' => 'https://www.xxxxxx.com/media/favicon.png', 'path_to_upload_folder' => '/var/www/html/upload', 'path_to_files_folder' => '/var/www/html/files', 'url_to_files_folder' => 'http://localhost/files', 'activate_expiration' => '0', 'pw_life_duration' => '0', 'maintenance_mode' => '0', 'enable_sts' => '0', 'encryptClientServer' => '1', 'teampass_version' => '3.0.10', 'ldap_mode' => '1', 'ldap_type' => 'ActiveDirectory', 'ldap_suffix' => '0', 'ldap_domain_dn' => '0', 'ldap_domain_controler' => '0', 'ldap_user_attribute' => 'samaccountname', 'ldap_ssl' => '0', 'ldap_tls' => '0', 'ldap_search_base' => '0', 'ldap_port' => '389', 'richtext' => '0', 'allow_print' => '0', 'roles_allowed_to_print' => '0', 'show_description' => '0', 'anyone_can_modify' => '0', 'anyone_can_modify_bydefault' => '0', 'nb_bad_authentication' => '0', 'utf8_enabled' => '1', 'restricted_to' => '0', 'restricted_to_roles' => '0', 'enable_send_email_on_user_login' => '0', 'enable_user_can_create_folders' => '0', 'insert_manual_entry_item_history' => '0', 'enable_kb' => '0', 'enable_email_notification_on_item_shown' => '0', 'enable_email_notification_on_user_pw_change' => '0', 'custom_logo' => '', 'custom_login_text' => '', 'default_language' => 'english', 'send_stats' => '0', 'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysq 'send_stats_time' => '1690977063', 'get_tp_info' => '0', 'send_mail_on_user_login' => '0', 'nb_items_by_query' => 'auto', 'enable_delete_after_consultation' => '0', 'enable_personal_saltkey_cookie' => '0', 'personal_saltkey_cookie_duration' => '31', 'email_smtp_server' => 'email-smtp.xxxxxx.amazonaws.com', 'email_smtp_auth' => '1', 'email_auth_username' => 'AKIAxxxxxxxxxx', 'email_auth_pwd' => 'BCQkXaJ034m3xxxxxxxxxxWvFVpVl0MnW', 'email_port' => '587', 'email_security' => 'tls', 'email_server_url' => '', 'email_from' => 'passwordmanager@xxxxxx.com', 'email_from_name' => 'Password', 'pwd_maximum_length' => '100', 'google_authentication' => '1', 'delay_item_edition' => '0', 'allow_import' => '0', 'proxy_ip' => '', 'proxy_port' => '', 'upload_maxfilesize' => '10mb', 'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx', 'upload_imagesext' => 'jpg,jpeg,gif,png', 'upload_pkgext' => '7z,rar,tar,zip', 'upload_otherext' => 'sql,xml', 'upload_imageresize_options' => '1', 'upload_imageresize_width' => '800', 'upload_imageresize_height' => '600', 'upload_imageresize_quality' => '90', 'use_md5_password_as_salt' => '0', 'ga_website_name' => 'Password', 'api' => '0', 'subfolder_rights_as_parent' => '1', 'show_only_accessible_folders' => '1', 'enable_suggestion' => '0', 'otv_expiration_period' => '1', 'default_session_expiration_time' => '60', 'duo' => '0', 'enable_server_password_change' => '0', 'ldap_object_class' => '0', 'bck_script_path' => '/var/www/html/backups', 'bck_script_filename' => 'bck_teampass', 'syslog_enable' => '0', 'syslog_host' => 'localhost', 'syslog_port' => '514', 'manager_move_item' => '0', 'create_item_without_password' => '0', 'otv_is_enabled' => '0', 'agses_authentication_enabled' => '0', 'item_extra_fields' => '0', 'saltkey_ante_2127' => 'none', 'migration_to_2127' => 'done', 'files_with_defuse' => 'done', 'timezone' => 'UTC', 'enable_attachment_encryption' => '1', 'personal_saltkey_security_level' => '50', 'ldap_new_user_is_administrated_by' => '0', 'disable_show_forgot_pwd_link' => '0', 'offline_key_level' => '0', 'enable_http_request_login' => '0', 'ldap_and_local_authentication' => '0', 'secure_display_image' => '1', 'upload_zero_byte_file' => '0', 'upload_all_extensions_file' => '1', 'bck_script_passkey' => 'zSdyLcM2TdPUrgzemXdpZ3xxxxxxxxxxx', 'admin_2fa_required' => '0', 'password_overview_delay' => '4', 'copy_to_clipboard_small_icons' => '1', 'duo_ikey' => '', 'duo_skey' => '', 'duo_host' => '', 'duo_failmode' => 'secure', 'roles_allowed_to_print_select' => '', 'clipboard_life_duration' => '30', 'mfa_for_roles' => '', 'tree_counters' => '1', 'settings_offline_mode' => '0', 'settings_tree_counters' => '0', 'enable_massive_move_delete' => '0', 'email_debug_level' => '0', 'ga_reset_by_user' => '1', 'onthefly-backup-key' => '', 'onthefly-restore-key' => '', 'ldap_user_dn_attribute' => '', 'ldap_dn_additional_user_dn' => '', 'ldap_user_object_filter' => '(&(objectcategory=person)(memberof=cn=teampassaccessgroup,ou=xxx,ou=groups,dc=ad,dc=xxx,dc=com))', 'ldap_bdn' => 'dc=ad,dc=xxxx,dc=com', 'ldap_hosts' => '10.x.x.x,10.x.x.xx', 'ldap_password' => 'xxxxxd!23', 'ldap_username' => 'cn=Svc_TeamPass_LDAP,ou=Service Accounts,dc=ad,dc=xxxxx,dc=com', 'api_token_duration' => '60', 'enable_tasks_manager' => '1', 'task_maximum_run_time' => '300', 'tasks_manager_refreshing_period' => '20', 'maximum_number_of_items_to_treat' => '100', 'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER', 'enable_tasks_log' => '1', 'upgrade_timestamp' => '1699629688', 'enable_ad_users_with_ad_groups' => '1', 'enable_ad_user_auto_creation' => '0', 'ldap_group_object_filter' => '(extensionattribute7=teampassgroup)', 'ldap_guid_attibute' => 'extensionattribute8', 'sending_emails_job_frequency' => '2', 'user_keys_job_frequency' => '1', 'items_statistics_job_frequency' => '5', 'users_personal_folder_task' => '', 'clean_orphan_objects_task' => 'saturday;05:00', 'purge_temporary_files_task' => 'saturday;00:00', 'rebuild_config_file' => '', 'reload_cache_table_task' => 'saturday;03:00', 'maximum_session_expiration_time' => '60', 'rebuild_config_file_task' => 'saturday;01:30', 'items_ops_job_frequency' => '1', ); ``` **Updated from an older Teampass or fresh install:** Upgrade from version 3.0.10.79 ### Client configuration **Browser:** **Operating system:** ### Logs #### Web server error log (username and password removed for obvious reasons) ``` 2023-11-10 15:36:01,229 INFO reaped unknown pid 200 (exit status 0) [10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP Deprecated: Creation of dynamic property TeampassClasses\PerformChecks\PerformChecks::$postType is deprecated in /var/www/html/includes/libraries/teampassclasses/performchecks/src/PerformChecks.php on line 35" [10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP Stack trace:" [10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP 1. {main}() /var/www/html/sources/identify.php:0" [10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP 2. TeampassClasses\PerformChecks\PerformChecks->__construct($postType = ['type' => 'get2FAMethods'], $sessionVar = ['user_id' => 0, 'user_key' => 'P3gR2cW3Znwn5p3MaSqznMQdz5RTS5Lxxxxxxxxxxxxxxxxx', 'CPM' => 1, 'login' => 'xxxx.xxxxx']) /var/www/html/sources/identify.php:62" [10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP Deprecated: Creation of dynamic property TeampassClasses\PerformChecks\PerformChecks::$sessionVar is deprecated in /var/www/html/includes/libraries/teampassclasses/performchecks/src/PerformChecks.php on line 36" [10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP Stack trace:" [10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP 1. {main}() /var/www/html/sources/identify.php:0" [10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP 2. TeampassClasses\PerformChecks\PerformChecks->__construct($postType = ['type' => 'get2FAMethods'], $sessionVar = ['user_id' => 0, 'user_key' => 'P3gR2cW3Znwn5p3MaSqznMQdz5RTS5LRxxxxxxxxxxxxx', 'CPM' => 1, 'login' => 'xxxx.xxxxx']) /var/www/html/sources/identify.php:62" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Deprecated: Creation of dynamic property TeampassClasses\PerformChecks\PerformChecks::$postType is deprecated in /var/www/html/includes/libraries/teampassclasses/performchecks/src/PerformChecks.php on line 35" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Stack trace:" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP 1. {main}() /var/www/html/sources/identify.php:0" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP 2. TeampassClasses\PerformChecks\PerformChecks->__construct($postType = ['type' => 'identify_user'], $sessionVar = ['user_id' => 0, 'user_key' => 'P3gR2cW3Znwn5p3MaSqznMQdz5RTSxxxxxxxxxxxxx', 'CPM' => 1, 'login' => 'xxxx.xxxxx']) /var/www/html/sources/identify.php:62" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Deprecated: Creation of dynamic property TeampassClasses\PerformChecks\PerformChecks::$sessionVar is deprecated in /var/www/html/includes/libraries/teampassclasses/performchecks/src/PerformChecks.php on line 36" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Stack trace:" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP 1. {main}() /var/www/html/sources/identify.php:0" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP 2. TeampassClasses\PerformChecks\PerformChecks->__construct($postType = ['type' => 'identify_user'], $sessionVar = ['user_id' => 0, 'user_key' => 'P3gR2cW3Znwn5p3Mxxxxxxxxxxxxxx', 'CPM' => 1, 'login' => 'xxxx.xxxxx']) /var/www/html/sources/identify.php:62" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Fatal error: Uncaught TypeError: userIsEnabled(): Return value must be of type array, bool returned in /var/www/html/sources/ldap.activedirectory.php:93" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "Stack trace:" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#0 /var/www/html/sources/identify.php(1202): userIsEnabled('CN=xxxx xxxxx...', Object(LdapRecord\Connection))" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#1 /var/www/html/sources/identify.php(2317): authenticateThroughAD('xxxx.xxxxx', Array, 'xxxxxxxxx', Array)" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#2 /var/www/html/sources/identify.php(289): identifyDoLDAPChecks(Array, Array, 'xxxx.xxxxx', 'xxxxxxxxx', 0, '', 2)" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#3 /var/www/html/sources/identify.php(132): identifyUser('eyJjaXBoZXJ0ZXh...', Array)" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#4 {main}" [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: " thrown in /var/www/html/sources/ldap.activedirectory.php on line 93" ``` #### Log from the web-browser developer console (CTRL + SHIFT + i) ``` Insert the log here and especially the answer of the query that failed. ``` The issue seems to be from the check to see if the AD user is active by look at the following in the error log: [10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Fatal error: Uncaught TypeError: userIsEnabled(): Return value must be of type array, bool returned in /var/www/html/sources/ldap.activedirectory.php:93"
nilsteampassnet commented 11 months ago

Oops Code mistake (cannot test AD). Please open file sources/ldap.activedirectory.php Replace

 * @return array
 */
function userIsEnabled(string $userDN, Connection $connection): array
{

by

 * @return bool
 */
function userIsEnabled(string $userDN, Connection $connection): bool
{
hitenmandalia commented 11 months ago

@nilsteampassnet Perfect. works :)