search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.66k stars 543 forks source link

Error in ldap_search when I want to synchronize my users with the AD #3991

Open Blubmann1337 opened 9 months ago

Blubmann1337 commented 9 months ago

Steps to reproduce

  1. Go in admin gui
  2. go in user tab
  3. Press ldap synchonisation

Expected behaviour

After upgrading from version 2 my users are showing as local users, I was hoping that after an LDAP sync they would become LDAP users.

Actual behaviour

When I start the synchronization, the cogwheel turns endlessly and nothing happens. The tp.config also looks a bit strange to me, as it contains settings that are empty on the Web GUI, e.g.: ldap_usergroup. But when I rebuild the config, it doesn't look any different.

Server configuration

Operating system: Debian 11

Web server: Apache/2.4.56

Database: 10.11.6-MariaDB

PHP version: PHP 8.2.14

Teampass version: 3.1.1

Teampass configuration file:

<?php
global $SETTINGS;
$SETTINGS = array (
    'max_latest_items' => '10',
    'enable_favourites' => '1',
    'show_last_items' => '1',
    'enable_pf_feature' => '0',
    'log_connections' => '0',
    'log_accessed' => '1',
    'time_format' => 'H:i:s',
    'date_format' => 'd/m/Y',
    'duplicate_folder' => '1',
    'duplicate_item' => '1',
    'number_of_used_pw' => '3',
    'manager_edit' => '1',
    'cpassman_dir' => '/var/www/teampass',
    'cpassman_url' => 'https://pm.xyz.com/',
    'favicon' => 'https://pm.xyz.com/favicon.ico',
    'path_to_upload_folder' => '/var/www/teampass/upload',
    'url_to_upload_folder' => 'https://pm.xyz.com/upload',
    'path_to_files_folder' => '/var/www/teampass/files',
    'url_to_files_folder' => 'https://pm.xyz.com/files',
    'activate_expiration' => '0',
    'pw_life_duration' => '0',
    'maintenance_mode' => '0',
    'cpassman_version' => '2.1.27',
    'ldap_mode' => '1',
    'richtext' => '0',
    'allow_print' => '0',
    'show_description' => '1',
    'anyone_can_modify' => '0',
    'nb_bad_authentication' => '0',
    'utf8_enabled' => '1',
    'restricted_to' => '0',
    'restricted_to_roles' => '0',
    'enable_send_email_on_user_login' => '0',
    'enable_user_can_create_folders' => '1',
    'insert_manual_entry_item_history' => '0',
    'enable_kb' => '0',
    'enable_email_notification_on_item_shown' => '0',
    'custom_logo' => 'sw.png',
    'custom_login_text' => '',
    'default_language' => 'german',
    'send_stats' => '0',
    'send_mail_on_user_login' => '0',
    'nb_items_by_query' => 'auto',
    'enable_delete_after_consultation' => '0',
    'enable_personal_saltkey_cookie' => '0',
    'personal_saltkey_cookie_duration' => '31',
    'email_smtp_server' => 'mail.xyz.com',
    'email_smtp_auth' => '0',
    'email_auth_username' => '',
    'email_auth_pwd' => '',
    'email_port' => '25',
    'email_from' => 'teampass@xyz.com',
    'email_from_name' => 'TeamPass',
    'pwd_maximum_length' => '70',
    'delay_item_edition' => '0',
    'allow_import' => '1',
    'proxy_ip' => '',
    'proxy_port' => '',
    'upload_maxfilesize' => '128mb',
    'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
    'upload_imagesext' => 'jpg,jpeg,gif,png',
    'upload_pkgext' => '7z,rar,tar,zip',
    'upload_otherext' => 'sql,xml,ppk,pub,eml,msg,p12,crt,key,csr,cabundle',
    'upload_imageresize_options' => '1',
    'upload_imageresize_width' => '800',
    'upload_imageresize_height' => '600',
    'upload_imageresize_quality' => '90',
    'send_stats_time' => '0',
    'ldap_ssl' => '0',
    'ldap_tls' => '0',
    'enable_ad_users_with_ad_groups' => '0',
    'copy_to_clipboard_small_icons' => '0',
    'ldap_suffix' => '@xyz.local',
    'ldap_domain_dn' => 'dc=xyz ,dc=local',
    'ldap_domain_controler' => 'x.x.x.x',
    'timezone' => 'Europe/Berlin',
    'menu_type' => 'context',
    'item_duplicate_in_same_folder' => '1',
    'ldap_type' => 'ActiveDirectory',
    'ldap_user_attribute' => 'samaccountname',
    'roles_allowed_to_print' => '["2"]',
    'anyone_can_modify_bydefault' => '0',
    'get_tp_info' => '1',
    'ga_website_name' => 'TeamPass for ChangeMe',
    'email_post' => '25',
    'enable_email_notification_on_user_pw_change' => '0',
    'enable_sts' => '0',
    'encryptClientServer' => '0',
    'use_md5_password_as_salt' => '0',
    'api' => '1',
    'subfolder_rights_as_parent' => '1',
    'show_only_accessible_folders' => '1',
    'enable_suggestion' => '0',
    'email_server_url' => '',
    'otv_expiration_period' => '7',
    'tree_counters' => '0',
    'item_extra_fields' => '0',
    'enable_attachment_encryption' => '1',
    'settings_offline_mode' => '0',
    'offline_key_level' => '0',
    'bck_script_filename' => 'bck_cpassman',
    'bck_script_path' => '/data/backup',
    'can_create_root_folder' => '0',
    'email_security' => 'none',
    'default_session_expiration_time' => '120',
    'duo' => '0',
    'syslog_enable' => '0',
    'syslog_host' => 'localhost',
    'syslog_port' => '514',
    'enable_server_password_change' => '0',
    'ldap_object_class' => 'user',
    'google_authentication' => '0',
    'saltkey_ante_2127' => 'censored',
    'teampass_version' => '3.1.1',
    'migration_to_2127' => 'done',
    'manager_move_item' => '0',
    'create_item_without_password' => '0',
    'agses_authentication_enabled' => '0',
    'personal_saltkey_security_level' => '0',
    'ldap_new_user_is_administrated_by' => '0',
    'ldap_port' => '389',
    'enable_http_request_login' => '0',
    'admin_2fa_required' => '0',
    'otv_is_enabled' => '0',
    'ldap_and_local_authentication' => '1',
    'secure_display_image' => '1',
    'upload_zero_byte_file' => '0',
    'upload_all_extensions_file' => '0',
    'files_with_defuse' => 'done',
    'send_statistics_items' => '',
    'ldap_bind_dn' => 'cn=censored,OU=censored,OU=censored,OU=censored,DC=xyz,DC=local',
    'ldap_bind_passwd' => 'censored',
    'ldap_search_base' => 'ou=censored=xyz,dc=local',
    'ldap_usergroup' => 'CN=censored,CN=censored,DC=xyz,DC=local',
    'disable_show_forgot_pwd_link' => '1',
    'password_overview_delay' => '4',
    'roles_allowed_to_print_select' => '',
    'clipboard_life_duration' => '30',
    'mfa_for_roles' => '',
    'settings_tree_counters' => '0',
    'enable_massive_move_delete' => '0',
    'email_debug_level' => '0',
    'ga_reset_by_user' => '',
    'onthefly-backup-key' => '',
    'onthefly-restore-key' => '',
    'ldap_user_dn_attribute' => 'distinguishedname',
    'ldap_dn_additional_user_dn' => 'dc=xyz,dc=local',
    'ldap_user_object_filter' => '(&(objectCategory=Person),(sAMAccountName=*))',
    'ldap_bdn' => 'dc=xyz,dc=local',
    'ldap_hosts' => 'xyz1,xyz2',
    'ldap_password' => 'censored',
    'ldap_username' => 'CN=censored,OU=censored,OU=censored,OU=censored,DC=xyz,DC=local',
    'api_token_duration' => '60',
    'enable_tasks_manager' => '1',
    'task_maximum_run_time' => '300',
    'maximum_number_of_items_to_treat' => '300',
    'tasks_manager_refreshing_period' => '100',
    'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
    'enable_tasks_log' => '0',
    'enable_ad_user_auto_creation' => '0',
    'ldap_group_object_filter' => '',
    'ldap_guid_attibute' => 'objectguid',
    'sending_emails_job_frequency' => '2',
    'user_keys_job_frequency' => '1',
    'items_statistics_job_frequency' => '5',
    'reload_cache_table_task' => 'daily;22:00',
    'rebuild_config_file' => '',
    'purge_temporary_files_task' => '',
    'clean_orphan_objects_task' => '',
    'users_personal_folder_task' => '',
    'maximum_session_expiration_time' => '60',
    'items_ops_job_frequency' => '1',
    'upgrade_timestamp' => '1703672841',
    'enable_refresh_task_last_execution' => '1',
);

Screenshot from GUI: image

Logs

Web server error log

[proxy_fcgi:error] [pid 69453:tid 140651077216000] [client 172.31.4.43:19168] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught ErrorException: ldap_search(): Search: Bad search filter in /var/www/teampass/vendor/directorytree/ldaprecord/src/Ldap.php:227\nStack trace:\n#0 [internal function]: LdapRecord\\Ldap->LdapRecord\\{closure}()\n#1 /var/www/teampass/vendor/directorytree/ldaprecord/src/Ldap.php(227): ldap_search()\n#2 /var/www/teampass/vendor/directorytree/ldaprecord/src/HandlesConnection.php(170): LdapRecord\\Ldap->LdapRecord\\{closure}()\n#3 /var/www/teampass/vendor/directorytree/ldaprecord/src/Ldap.php(216): LdapRecord\\Ldap->executeFailableOperation()\n#4 /var/www/teampass/vendor/directorytree/ldaprecord/src/Query/Builder.php(692): LdapRecord\\Ldap->search()\n#5 /var/www/teampass/vendor/directorytree/ldaprecord/src/Connection.php(416): LdapRecord\\Query\\Builder->LdapRecord\\Query\\{closure}()\n#6 /var/www/teampass/vendor/directorytree/ldaprecord/src/Connection.php(359): LdapRecord\\Connection->runOperationCallback()\n#7 /var/www/teampass/vendor/directorytree/ldaprecord/src/Query/Builder.php(68...', referer: https://pm.haake.com/index.php?page=users

reginaldomoreno commented 2 weeks ago

Clear Additional User DN Left empty