Mapping AD groups with Teampass roles

[Hubertvivien]

Page on which it happened

Mapping AD groups with Teampass roles /index.php?page=roles

Steps to reproduce

1. Button LDAP Synchronization
2. To define a new mapping, click the role you want to define and select it in the list of Teampass roles, and click Submit button.
3. Repeat this operation severals times with other role and mapping
4. quit the page
5. return to this page and click Button LDAP Synchronization

Expected behaviour

Tell us what should happen Defined mapping should be ok

Actual behaviour

Tell us what happens instead Seems all roles are mapped with the last used (mapped)

Server configuration

Operating system: Linux 71ed582b5b71 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64

Web server: nginx/1.24.0

Database: 10.11.5-MariaDB

PHP version: 8.2.7

Teampass version: 3.0.10

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '0',
'log_connections' => '1',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '0',
'item_duplicate_in_same_folder' => '0',
'duplicate_item' => '0',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html',
'cpassman_url' => 'http://<anonym_url>
'favicon' => 'http://<anonym_url>/favicon.ico',
'path_to_upload_folder' => '/var/www/html/upload',
'path_to_files_folder' => '/var/www/html/files',
'url_to_files_folder' => 'http://<anonym_url>/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'teampass_version' => '3.0.10',
'ldap_mode' => '1',
'ldap_type' => 'ActiveDirectory',
'ldap_suffix' => '0',
'ldap_domain_dn' => '0',
'ldap_domain_controler' => '0',
'ldap_user_attribute' => 'samaccountname',
'ldap_ssl' => '0',
'ldap_tls' => '0',
'ldap_search_base' => '0',
'ldap_port' => '389',
'richtext' => '0',
'allow_print' => '0',
'roles_allowed_to_print' => '0',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '0',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => '',
'default_language' => 'french',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'send_stats_time' => '1697642997',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'sending_emails' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => '<removed>'
'email_smtp_auth' => '1',
'email_auth_username' => '<removed>'
'email_auth_pwd' => '<removed>'
'email_port' => '587',
'email_security' => 'tls',
'email_server_url' => '',
'email_from' => '<removed>'
'email_from' => '<removed>'
'pwd_maximum_length' => '40',
'google_authentication' => '0',
'delay_item_edition' => '0',
'allow_import' => '1',
'proxy_ip' => '<removed>'
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for ChangeMe',
'api' => '0',
'subfolder_rights_as_parent' => '0',
'show_only_accessible_folders' => '1',
'enable_suggestion' => '0',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '60',
'duo' => '0',
'enable_server_password_change' => '0',
'ldap_object_class' => '0',
'bck_script_path' => '/var/www/html/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '0',
'syslog_host' => '<removed>'
'syslog_port' => '514',
'manager_move_item' => '0',
'create_item_without_password' => '0',
'otv_is_enabled' => '0',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '0',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'Europe/Paris',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '0',
'disable_show_forgot_pwd_link' => '0',
'offline_key_level' => '0',
'enable_http_request_login' => '0',
'ldap_and_local_authentication' => '1',
'secure_display_image' => '1',
'upload_zero_byte_file' => '0',
'upload_all_extensions_file' => '0',
'bck_script_passkey' => '<removed>'
'admin_2fa_required' => '1',
'password_overview_delay' => '4',
'copy_to_clipboard_small_icons' => '1',
'duo_ikey' => '<removed>'
'duo_skey' => '<removed>'
'duo_host' => '<removed>'
'duo_failmode' => 'secure',
'roles_allowed_to_print_select' => '',
'clipboard_life_duration' => '30',
'mfa_for_roles' => '',
'tree_counters' => '0',
'settings_offline_mode' => '0',
'settings_tree_counters' => '0',
'enable_massive_move_delete' => '0',
'email_debug_level' => '0',
'ga_reset_by_user' => '',
'onthefly-backup-key' => '<removed>'
'onthefly-restore-key' => '<removed>'
'ldap_user_dn_attribute' => 'distinguishedname',
'ldap_dn_additional_user_dn' => '',
'ldap_user_object_filter' => '(&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=Division Approvisionnement,OU=Groupes Utilisateurs D3T,OU=D3T,DC=d3t,DC=lan)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
'ldap_bdn' => 'dc=d3t,dc=lan',
'ldap_hosts' => '<removed>'
'ldap_password' => '<removed>'
'ldap_username' => 'service_ldap_teampass@d3t.lan',
'api_token_duration' => '60',
'last_folder_change' => '',
'enable_tasks_manager' => '1',
'task_maximum_run_time' => '300',
'tasks_manager_refreshing_period' => '20',
'maximum_number_of_items_to_treat' => '100',
'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
'enable_tasks_log' => '0',
'upgrade_timestamp' => '1700234997',
'enable_ad_users_with_ad_groups' => '1',
'enable_ad_user_auto_creation' => '0',
'ldap_group_object_filter' => '(objectClass=group)',
'ldap_guid_attibute' => 'objectguid',
'sending_emails_job_frequency' => '2',
'user_keys_job_frequency' => '1',
'items_statistics_job_frequency' => '5',
'users_personal_folder_task' => '',
'clean_orphan_objects_task' => '',
'purge_temporary_files_task' => '',
'rebuild_config_file' => '',
'reload_cache_table_task' => '',
'maximum_session_expiration_time' => '60',
'items_ops_job_frequency' => '1',

Updated from an older Teampass or fresh install:

Client configuration

Browser: -

Operating system: - bits

Logs

Web server error log

Constant FILTER_SANITIZE_STRING is deprecated - /var/www/html/vendor/elegantweb/sanitizer/src/Filters/EscapeHTML.php (18)

Teampass 10 last system errors

Log from the web-browser developer console (CTRL + SHIFT + i)

Insert the log here and especially the answer of the query that failed.

[useronkel]

Hi. Perhaps you have a misunderstanding on groups and roles. The shortest answer to this is:

1. Roles are sets of rights.
2. Groups are sets of people. Roles have nothing to do with people defined in an ldap or AD.

[Hubertvivien]

Hi @useronkel , Thanks for your response. This is a feature added https://github.com/nilsteampassnet/TeamPass/issues/3578

Seems having a bug ;)

[nilsteampassnet]

@Hubertvivien I've tested in latest release and no issue. Please update and confirm.

[Hubertvivien]

Hi @nilsteampassnet , Updated teampass. Now running 3.1.1.2 Still having the same issue. Here is a screen shot. First I have Mapped AD Group with Teampass role (For example grp1 with role1, grp2 with role2,..... grpx with rolex) Then returned to the same page and see all my AD groups mapped with the same role (the last mapped I do) Regards

[nilsteampassnet]

@Hubertvivien OK, I did a code review of this part of the code. It is indeed possible to happen. So I propose a change, may you test it?

Open file sources/roles.queries.php Find

            $counter = DB::count();

            if ($counter === 0) {
                // Adding new folder is possible as it doesn't exist
                DB::insert(
                    prefixTable('ldap_groups_roles'),
                    array(
                        'role_id' => $post_role_id,
                        'ldap_group_id' => $post_adgroup_id,
                        'ldap_group_label' => $post_adgroup_label,
                    )
                );
                $new_id = DB::insertId();
            } else {
                if ((int) $post_role_id === -1) {
                    // delete
                    DB::delete(
                        prefixTable('ldap_groups_roles'),
                        'increment_id = %i',
                        $data['increment_id']
                    );
                    $new_id = -1;
                } else {
                    // update
                    DB::update(
                        prefixTable('ldap_groups_roles'),
                        array(
                            'role_id' => $post_role_id,
                        ),
                        'increment_id = %i',
                        $data['increment_id']
                    );
                    $new_id = '';
                }
            }

Replace by

            if ($data) {
                // exists in Teampass
                // update or delete
                if ((int) $post_role_id === -1) {
                    // delete
                    DB::delete(
                        prefixTable('ldap_groups_roles'),
                        'increment_id = %i',
                        $data['increment_id']
                    );
                    $new_id = -1;
                } else {
                    if (isset($data['increment_id'])) {
                        // update
                        DB::update(
                            prefixTable('ldap_groups_roles'),
                            array(
                                'role_id' => $post_role_id,
                            ),
                            'increment_id = %i',
                            $data['increment_id']
                        );
                        $new_id = '';
                    }
                }
            } else {
                // Adding new folder is possible as it doesn't exist
                DB::insert(
                    prefixTable('ldap_groups_roles'),
                    array(
                        'role_id' => $post_role_id,
                        'ldap_group_id' => $post_adgroup_id,
                        'ldap_group_label' => $post_adgroup_label,
                    )
                );
                $new_id = DB::insertId();
            }

Give a try and come back please.

[Hubertvivien]

@nilsteampassnet Thanks for your help. Have made changes. Unfortunatly, same issue

[nilsteampassnet]

@Hubertvivien Hum ... don't understand ... Can you provide the export of table 'ldap_groups_roles'?

[nilsteampassnet]

@Hubertvivien Mind you also do this. In the same file, find

            if ($data) {

and replace by

            error_log('SELECT query result: ' . print_r($data, true));
            if ($data) {

PErform the operation in Roles page. Get the log from your Apache error log file, and share it please

[Hubertvivien]

@nilsteampassnet

I've notice this :

• when I map a role with an AD group, only the field 'role_id' is updated in the 'ldap_groups_roles' table. There is always only one record in this table and his field 'role_id' is updated and no record added

[nilsteampassnet]

@Hubertvivien Thanks I believe an AD group ID with 0 value is not good. I think the error comes more from the list of AD roles that is wrong. When refreshing the list of roles from AD, please open a console from Browser. You should see a log as this one. Can you please get the data and share with us?

[Hubertvivien]

@nilsteampassnet Error log file is empty...

Here is the console log (have deleted many lines because was unreadable)

{error: false, teampass_groups: Array(33), ldap_groups: Array(180)} error : false ldap_groups : Array(180) [0 … 99] 0 : {ad_group_id: 0, ad_group_title: 'Opérateurs de configuration réseau', role_id: 8, id: 1, role_title: 'Division BI'} 1 : {ad_group_id: 0, ad_group_title: 'Utilisateurs du journal de performances', role_id: 8, id: 1, role_title: 'Division BI'} 2 : {ad_group_id: 0, ad_group_title: 'Opérateurs de chiffrement', role_id: 8, id: 1, role_title: 'Division BI'} . . . . lines 3 to 98 deleted for better reading . . . 99 : {ad_group_id: 0, ad_group_title: 'Partage_BI', role_id: 8, id: 1, role_title: 'Division BI'} [100 … 179] 100 : {ad_group_id: 0, ad_group_title: 'Division Arrivage', role_id: 8, id: 1, role_title: 'Division BI'} . . . . lines 101 to 179 deleted for better reading . . . : {ad_group_id: 0, ad_group_title: 'Business_Pilote', role_id: 8, id: 1, role_title: 'Division BI'} length : 180 [[Prototype]] : Array(0) teampass_groups : Array(33) 0 : {id: '1', title: 'Default'} 1 : {id: '2', title: 'AdminSys'} 2 : {id: '3', title: 'Service IT'} . . . . lines 4 to 32 deleted for better reading . . . : {id: '33', title: 'Vivetic'} length : 33 [[Prototype]] : Array(0) [[Prototype]] : Object

[nilsteampassnet]

OK thanks. As I expected, all groups from AD have 0 as ID which not what we should have. I will have to investigate on the query sent to the AD to get those groups.

[nilsteampassnet]

What is the value of this setting?

[Hubertvivien]

@nilsteampassnet GUID

[nilsteampassnet]

@Hubertvivien Can you try in lowercase? Have you ensured this attribute directly in the Ad?

[Hubertvivien]

@nilsteampassnet Hi to be certain, I have used 'objectGUID' insteadof 'GUID'. Same issue... Here is table 'ldap_groups_roles'

regards

[nilsteampassnet]

@Hubertvivien Please try in lowercase letter.

[Hubertvivien]

@nilsteampassnet I a really so sorry... same issue in lower case

[asferreir]

I have the same error. I performed the previous steps, and the same error reproduced itself.

[nilsteampassnet]

@Hubertvivien OK that means that your AD server uses another attribute name. You need to check inside the AD what is the attribute for the ID of a group.

[nilsteampassnet]

@Hubertvivien Did you tried all possibilities that I'm providing in the help text?

LDAP attribute to use to identify the GUID of an object. For example: objectGUID, objectSid, GUID, gidNumber, ...

Try each of them both as written and also full lowercase.

[Hubertvivien]

@nilsteampassnet Tested objectGUID, objectguid, objectSid, objectsid, GUID, guid, gidNumber, gidnumber same issue ... :(

[nilsteampassnet]

@Hubertvivien Have you looked on your AD? Here you need to adapt the correct attribute

[Hubertvivien]

@nilsteampassnet By the way, objectGUID and objectSid could be used

[nilsteampassnet]

@Hubertvivien Very interesting. What I see is the GUID is not an INT. That's perhaps the issue. I need to fix using another type.

[nilsteampassnet]

@Hubertvivien Can you do the following.

1- In the database, run the query

ALTER TABLE `teampass_ldap_groups_roles` CHANGE `ldap_group_id` `ldap_group_id` VARCHAR(500) NOT NULL; 

2- In file sources/roles.queries.php, find all WHERE ldap_group_id = %i and replace by WHERE ldap_group_id = %s

3- In same file, find $post_adgroup_id = filter_var($dataReceived['adGroupId'], FILTER_SANITIZE_NUMBER_INT); replace by $post_adgroup_id = filter_var($dataReceived['adGroupId'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);

4- In file pages/roles.js.php, Find var groupId = parseInt($(this).data('id')), replace by var groupId = $(this).data('id'),

Retry

[Hubertvivien]

@nilsteampassnet Done all the 4 modifications Now AD Groups mapped with nothing

[nilsteampassnet]

@Hubertvivien I'm a little blind here. In file sources/roles.queries.php, find

            $retGroups = $connection->query()->where($searchCriteria)->get();

replace by

            $retGroups = $connection->query()->where($searchCriteria)->get();
            error_log("Contenu de l'array : " . print_r($retGroups, true));

Perform the groups refresh Get your apache log and share the content of the array Thanks

[Hubertvivien]

@nilsteampassnet I am running 3.1.1.7 release. In file sources/roles.queries.php, added error_log("Contenu de l'array : " . print_r($retGroups, true)); but it seems the process not pass in this portion of code (not retreiving "Contenu de l'array" in log) I have added echo "test"; print_r($retGroups, true); die(); // yes it is violent but... still nothing otherwise, having this in the log :

 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Warning:  Trying to access array offset on value of type null in /var/www/html/sources/roles.queries.php on line 791"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Stack trace:"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP   1. {main}() /var/www/html/sources/roles.queries.php:0"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Warning:  Undefined array key "objectGUID" in /var/www/html/sources/roles.queries.php on line 778"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Stack trace:"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP   1. {main}() /var/www/html/sources/roles.queries.php:0"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Warning:  Trying to access array offset on value of type null in /var/www/html/sources/roles.queries.php on line 778"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Stack trace:"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP   1. {main}() /var/www/html/sources/roles.queries.php:0"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Warning:  Undefined array key "objectGUID" in /var/www/html/sources/roles.queries.php on line 791"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Stack trace:"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP   1. {main}() /var/www/html/sources/roles.queries.php:0"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Warning:  Trying to access array offset on value of type null in /var/www/html/sources/roles.queries.php on line 791"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Stack trace:"
 [18-Dec-2023 10:51:00] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP   1. {main}() /var/www/html/sources/roles.queries.php:0"
 192.168.22.91 - - [18/Dec/2023:10:51:00 +0000] "POST /sources/roles.queries.php HTTP/1.1" 200 35501 "http://teampass.xxxxxxxxxxx.com/index.php?page=roles" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
 2023-12-18 10:51:01,678 INFO reaped unknown pid 1276 (exit status 0)
 2023-12-18 10:51:01,678 INFO reaped unknown pid 1278 (exit status 0)
 2023-12-18 10:51:01,679 INFO reaped unknown pid 1280 (exit status 0)

[Hubertvivien]

And the line 791 is the line 'ad_group_id' => (int) $group[(isset($SETTINGS['ldap_guid_attibute']) === true && empty($SETTINGS['ldap_guid_attibute']) === false ? $SETTINGS['ldap_guid_attibute'] : 'gidnumber')][0], in this portion code:

                array_push(
                    $retAD,
                    [
                        'ad_group_id' => (int) $group[(isset($SETTINGS['ldap_guid_attibute']) === true && empty($SETTINGS['ldap_guid_attibute']) === false ? $SETTINGS['ldap_guid_attibute'] : 'gidnumber')][0],
                        'ad_group_title' => $group['cn'][0],
                        'role_id' => $counter> 0 ? (int) $role_detail['role_id'] : -1,
                        'id' => $counter > 0 ? (int) $role_detail['increment_id'] : -1,
                        'role_title' => $counter > 0 ? $role_detail['title'] : '',
                    ]
                );

[Hubertvivien]

@nilsteampassnet Hi Nils, Have upgraded this morning with 3.1.1.10. Issue still there

[nilsteampassnet]

@Hubertvivien Logic as it doesn't solve this issue.

but it seems the process not pass in this portion of code (not retreiving "Contenu de l'array" in log)

Let's try something new. In file sources/ldap.activedirectory.php, at the end of file, paste

/**
 * Get all AD groups
 *
 * @param LdapRecord\Connection $connection
 * @return array
 */
function getADGroups(LdapRecord\Connection $connection) {
    // Rechercher tous les groupes
    $groups = Group::on($connection)->get();

    // Convertir les groupes en tableau
    $groupsArray = [];
    foreach ($groups as $group) {
        $groupsArray[] = $group->getAttributes();
    }

    return $groupsArray;
}

In same file, Find use LdapRecord\Models\ActiveDirectory\User; Replace by

use LdapRecord\Models\ActiveDirectory\User;
use LdapRecord\Models\ActiveDirectory\Group;

In file sources/roles.queries.php, find

          // Connect to LDAP
            try {
                $connection->connect();

            } catch (\LdapRecord\Auth\BindException $e) {
                $error = $e->getDetailedError();

                echo prepareExchangedData(
                    array(
                        'error' => true,
                        'message' => "Error : ".$error->getErrorCode()." - ".$error->getErrorMessage(). "<br>".$error->getDiagnosticMessage(),
                    ),
                    'encode'
                );
                break;
            }

just after paste

            // DEBUG #3956
            if ($SETTINGS['ldap_type'] === 'ActiveDirectory') {
                require_once 'ldap.activedirectory.php';
            } else {
                require_once 'ldap.openldap.php';
            }
            $ret = getADGroups($connection, $SETTINGS);
            error_log("Contenu de l'array : " . print_r($ret, true));

Get the log in Apache error log file and share it

[Hubertvivien]

@nilsteampassnet 10.8.0.34 - - [19/Dec/2023:15:19:14 +0000] "POST /sources/main.queries.php HTTP/1.1" 200 1152 "http://teampass.xxxxxxxxx.com/index.php?page=roles" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Deprecated: Creation of dynamic property TeampassClasses\NestedTree\NestedTree::$table is deprecated in /var/www/html/vendor/teampassclasses/nestedtree/src/NestedTree.php on line 34" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Stack trace:" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP 1. {main}() /var/www/html/sources/roles.queries.php:0" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP 2. TeampassClasses\NestedTree\NestedTree->construct($table = 'teampass_nested_tree', $idField = 'id', $parentField = 'parent_id', $sortField = 'title') /var/www/html/sources/roles.queries.php:85" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Deprecated: Creation of dynamic property TeampassClasses\NestedTree\NestedTree::$fields is deprecated in /var/www/html/vendor/teampassclasses/nestedtree/src/NestedTree.php on line 36" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Stack trace:" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP 1. {main}() /var/www/html/sources/roles.queries.php:0" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP 2. TeampassClasses\NestedTree\NestedTree->__construct($table = 'teampass_nested_tree', $idField = 'id', $parentField = 'parent_id', $sortField = 'title') /var/www/html/sources/roles.queries.php:85" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Deprecated: Creation of dynamic property TeampassClasses\NestedTree\NestedTree::$link is deprecated in /var/www/html/vendor/teampassclasses/nestedtree/src/NestedTree.php on line 42" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Stack trace:" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP 1. {main}() /var/www/html/sources/roles.queries.php:0" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP 2. TeampassClasses\NestedTree\NestedTree->construct($table = 'teampass_nested_tree', $idField = 'id', $parentField = 'parent_id', $sortField = 'title') /var/www/html/sources/roles.queries.php:85" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "NOTICE: PHP message: PHP Fatal error: Uncaught Error: Class "Group" not found in /var/www/html/sources/ldap.activedirectory.php:104" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "Stack trace:" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "#0 /var/www/html/sources/roles.queries.php(753): getADGroups(Object(LdapRecord\Connection), Array)" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: "#1 {main}" [19-Dec-2023 15:19:16] WARNING: [pool www] child 51 said into stderr: " thrown in /var/www/html/sources/ldap.activedirectory.php on line 104" 10.8.0.34 - - [19/Dec/2023:15:19:16 +0000] "POST /sources/roles.queries.php HTTP/1.1" 500 5 "http://teampass.xxxxxxxxx.com/index.php?page=roles" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"

[nilsteampassnet]

@Hubertvivien THose warnings have nothing to do with what is expected by the changes (note, I've corrected them in a futur push). Here I would expect to have one line in your log starting with: 'Contenu de l'array : ' If this is not the wase, then you are not in the feature I expected to be.

I need to re-read all the comments.

[Hubertvivien]

@nilsteampassnet Hi Nils, Here is what I have done :

• deleted all files
• updated to version 3.1.1.10
• done the modifications (https://github.com/nilsteampassnet/TeamPass/issues/3956#issuecomment-1862839145)
• run teampass
• got the log and posted it

I agree with you, I was expected a log begining by "Contenu de l'array :"

[Hubertvivien]

Hi Nils, Happy new year, any news ? Regards

[joksa97]

I tried to trubleshoot... from what I understand problem is here, system is not retriveing ObjectGUID from AD and it is always 0 from that point and also just modify then one row in DB. I tried to fix it but for now I am not seeing what variable contains ObjectGUID value...