Open evertton opened 8 months ago
Another observed issue: when inserting a username that is not in the LDAP database, an exception is displayed instead of an error message.
Hello @nilsteampassnet, good morning,
I would like to inform you that I am also facing the same problem, where LDAP Sync is working correctly, but I cannot LOG IN to Teampass.
Below is evidence of LDAP Sync working normally:
Here is the LDAP configuration:
Now what happens when I try to perform an LDAP connection test through a legitimate user:
Below is the Apache error log:
Now when I try to LOGIN with a legitimate user registered with Teampass through LDAP Sync:
Below is the Apache error log in LOGIN:
Personally, I have been working and using Teampass for a few years and since I came across this problem, so far I haven't found any solution, so I hope I can contribute to resolving this issue, as I really like the tool and wouldn't want to trade for the competition on the market. .
Below is information about my environment:
Teampass: 3.1.1.17 SO: Ubuntu Server 22.04.3 LTS PHP: 8.1.2-1ubuntu2.14 Apache: Apache/2.4.52 (Ubuntu) DB: mysql Ver 8.0.35-0ubuntu0.22.04.1
Thank you very much for your attention and I am at your disposal.
Happy New Year!!!!
Sorry, but what command did you used to get AD Group ObjectClasses attribute (because i think now is not the same thing as the other versions)
Alpine Linux v3.18 PHP version: 8.2.7 Server version: 11.2.2-MariaDB-1:11.2.2+maria~ubu2204 Team Pass Version 3.1.1.17 Environment : Direct access to docker port
TP Config File:
global $SETTINGS; $SETTINGS = array ( 'max_latest_items' => '10', 'enable_favourites' => '1', 'show_last_items' => '1', 'enable_pf_feature' => '0', 'log_connections' => '1', 'log_accessed' => '1', 'time_format' => 'H:i:s', 'date_format' => 'd/m/Y', 'duplicate_folder' => '0', 'item_duplicate_in_same_folder' => '0', 'duplicate_item' => '0', 'number_of_used_pw' => '3', 'manager_edit' => '1', 'cpassman_dir' => '/var/www/html', 'cpassman_url' => 'http://192.168.15.50', 'favicon' => 'http://192.168.15.50/favicon.ico', 'path_to_upload_folder' => '/var/www/html/upload', 'path_to_files_folder' => '/var/www/html/files', 'url_to_files_folder' => 'http://192.168.15.50/files', 'activate_expiration' => '0', 'pw_life_duration' => '0', 'maintenance_mode' => '0', 'enable_sts' => '0', 'encryptClientServer' => '1', 'teampass_version' => '3.1.1', 'ldap_mode' => '1', 'ldap_type' => 'ActiveDirectory', 'ldap_suffix' => '0', 'ldap_domain_dn' => '0', 'ldap_domain_controler' => '0', 'ldap_user_attribute' => 'samaccountname', 'ldap_ssl' => '0', 'ldap_tls' => '0', 'ldap_search_base' => '0', 'ldap_port' => '389', 'richtext' => '0', 'allow_print' => '0', 'roles_allowed_to_print' => '0', 'show_description' => '1', 'anyone_can_modify' => '0', 'anyone_can_modify_bydefault' => '0', 'nb_bad_authentication' => '0', 'utf8_enabled' => '1', 'restricted_to' => '0', 'restricted_to_roles' => '0', 'enable_send_email_on_user_login' => '0', 'enable_user_can_create_folders' => '0', 'insert_manual_entry_item_history' => '0', 'enable_kb' => '0', 'enable_email_notification_on_item_shown' => '0', 'enable_email_notification_on_user_pw_change' => '0', 'custom_logo' => '', 'custom_login_text' => '', 'default_language' => 'english', 'send_stats' => '1', 'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;', 'send_stats_time' => '1701695108', 'get_tp_info' => '1', 'send_mail_on_user_login' => '0', 'sending_emails' => '0', 'nb_items_by_query' => 'auto', 'enable_delete_after_consultation' => '0', 'enable_personal_saltkey_cookie' => '0', 'personal_saltkey_cookie_duration' => '31', 'email_smtp_server' => 'smtp.gmail.com', 'email_smtp_auth' => '1', 'email_auth_username' => 'Hidden', 'email_auth_pwd' => 'Hidden', 'email_port' => '587', 'email_security' => 'tls', 'email_server_url' => '', 'email_from' => 'Hidden', 'email_from_name' => 'Teampass_admin', 'pwd_maximum_length' => '40', 'google_authentication' => '0', 'delay_item_edition' => '0', 'allow_import' => '0', 'proxy_ip' => '', 'proxy_port' => '', 'upload_maxfilesize' => '10mb', 'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx', 'upload_imagesext' => 'jpg,jpeg,gif,png', 'upload_pkgext' => '7z,rar,tar,zip', 'upload_otherext' => 'sql,xml', 'upload_imageresize_options' => '1', 'upload_imageresize_width' => '800', 'upload_imageresize_height' => '600', 'upload_imageresize_quality' => '90', 'use_md5_password_as_salt' => '0', 'ga_website_name' => 'TeamPass for ChangeMe', 'api' => '0', 'subfolder_rights_as_parent' => '0', 'show_only_accessible_folders' => '0', 'enable_suggestion' => '0', 'otv_expiration_period' => '7', 'default_session_expiration_time' => '60', 'duo' => '0', 'enable_server_password_change' => '0', 'ldap_object_class' => '0', 'bck_script_path' => '/var/www/html/backups', 'bck_script_filename' => 'bck_teampass', 'syslog_enable' => '0', 'syslog_host' => 'localhost', 'syslog_port' => '514', 'manager_move_item' => '0', 'create_item_without_password' => '0', 'otv_is_enabled' => '0', 'agses_authentication_enabled' => '0', 'item_extra_fields' => '0', 'saltkey_ante_2127' => 'none', 'migration_to_2127' => 'done', 'files_with_defuse' => 'done', 'timezone' => 'UTC', 'enable_attachment_encryption' => '1', 'personal_saltkey_security_level' => '50', 'ldap_new_user_is_administrated_by' => '1', 'disable_show_forgot_pwd_link' => '0', 'offline_key_level' => '0', 'enable_http_request_login' => '0', 'ldap_and_local_authentication' => '1', 'secure_display_image' => '1', 'upload_zero_byte_file' => '0', 'upload_all_extensions_file' => '0', 'bck_script_passkey' => 'WbwucYJmMDYLgRGmzYeXQJM6EmXHhTCe4V8tUm58', 'admin_2fa_required' => '1', 'password_overview_delay' => '4', 'copy_to_clipboard_small_icons' => '1', 'duo_ikey' => '', 'duo_skey' => '', 'duo_host' => '', 'duo_failmode' => 'secure', 'roles_allowed_to_print_select' => '', 'clipboard_life_duration' => '30', 'mfa_for_roles' => '', 'tree_counters' => '0', 'settings_offline_mode' => '0', 'settings_tree_counters' => '0', 'enable_massive_move_delete' => '0', 'email_debug_level' => '0', 'ga_reset_by_user' => '', 'onthefly-backup-key' => '', 'onthefly-restore-key' => '', 'ldap_user_dn_attribute' => '', 'ldap_dn_additional_user_dn' => '', 'ldap_user_object_filter' => '(&(objectClass=user)(uid=*))', 'ldap_bdn' => 'dc=Hidden,dc=Hidden', 'ldap_hosts' => '192.168.13.4,192.168.13.5', 'ldap_password' => 'Hidden', 'ldap_username' => 'cn=Hidden,ou=Hidden,ou=Hidden,ou=Hidden,dc=Hidden,dc=Hidden', 'api_token_duration' => '60', 'last_folder_change' => '', 'enable_tasks_manager' => '1', 'task_maximum_run_time' => '300', 'tasks_manager_refreshing_period' => '20', 'maximum_number_of_items_to_treat' => '100', 'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER', 'enable_tasks_log' => '1', 'upgrade_timestamp' => '1704287108', 'enable_ad_users_with_ad_groups' => '1', 'enable_ad_user_auto_creation' => '0', 'ldap_group_object_filter' => '', 'ldap_guid_attibute' => 'objectGUID', 'sending_emails_job_frequency' => '2', 'user_keys_job_frequency' => '1', 'items_statistics_job_frequency' => '5', 'users_personal_folder_task' => '', 'clean_orphan_objects_task' => '', 'purge_temporary_files_task' => '', 'rebuild_config_file' => '', 'reload_cache_table_task' => '', 'maximum_session_expiration_time' => '60', 'items_ops_job_frequency' => '1', 'enable_refresh_task_last_execution' => '1', 'ldap_group_objectclasses_attibute' => '',
I am also facing the same issue may i know how to fix the issue.
Thanks Boopathy T
In version 3.1.0 the files ldap.openldap.php and ldap.activedirectory.php are missing in the sources directory. Copying them from version 3.0.10 everything works correctly.
Sorry, but what command did you used to get AD Group ObjectClasses attribute (because i think now is not the same thing as the other versions)
Hello,
Yes, in fact, in release 2, we did not have the "AD Group ObjectClasses attribute" parameter, but in 3 we did, and in this case I did not change it, but kept the default, as shown below:
Thank you very much.
Didn't worked for me leaving it default
In version 3.1.0 the files ldap.openldap.php and ldap.activedirectory.php are missing in the sources directory. Copying them from version 3.0.10 everything works correctly.
Hello,
In fact, I hadn't noticed this detail, but the respective PHP files that perform the LDAP functions are missing in version "3.1.1", so after your tip above, I took the files from version "3.1.0" and placed them in the directory SOURCES, and after that, the problem was corrected and the LDAP queries worked perfectly.
PS.: Even after the above procedure, when trying to log in to the system, I encountered problems, and after performing a debug, I identified that the PHP file "identify.php" was causing the failure, so I also got the file from version "3.1.0" as performed above, and I was successful in logging in, without any further problems.
IMPORTANT: Due to the problems I have had so far with version "3.1.1", I tried to install the latest release made available by @nilsteampassnet , "3.1.0", but I encountered problems at the beginning of the installation, where the following message was displayed: "ANSWER FROM SERVER IS EMPTY".
Particularly speaking, I believe that version "3.1.1" is not 100% approved yet, but as it was not possible to install the others as reported above, I kept "3.1.1", but with the files from "3.1.0 " and so far the tool is running normally.
Thank you very much.
Thank you So much for the information. I will do the same and update here.
hi
In version 3.1.0 the files ldap.openldap.php and ldap.activedirectory.php are missing in the sources directory. Copying them from version 3.0.10 everything works correctly.
Hello,
In fact, I hadn't noticed this detail, but the respective PHP files that perform the LDAP functions are missing in version "3.1.1", so after your tip above, I took the files from version "3.1.0" and placed them in the directory SOURCES, and after that, the problem was corrected and the LDAP queries worked perfectly.
PS.: Even after the above procedure, when trying to log in to the system, I encountered problems, and after performing a debug, I identified that the PHP file "identify.php" was causing the failure, so I also got the file from version "3.1.0" as performed above, and I was successful in logging in, without any further problems.
IMPORTANT: Due to the problems I have had so far with version "3.1.1", I tried to install the latest release made available by @nilsteampassnet , "3.1.0", but I encountered problems at the beginning of the installation, where the following message was displayed: "ANSWER FROM SERVER IS EMPTY".
Particularly speaking, I believe that version "3.1.1" is not 100% approved yet, but as it was not possible to install the others as reported above, I kept "3.1.1", but with the files from "3.1.0 " and so far the tool is running normally.
Thank you very much.
Hi,as your instructions i have copied ldap.openldap.php and ldap.activedirectory.php ,"identify.php" but still i getting the following error even with correct credentials
please let me know where i am getting wrong
Didn't worked for me leaving it default
Hello,
Just to inform you that I was also unable to make the filter by group work through this field, even though I tested several possibilities, I was not successful, so I don't know what this could be, as in release 2 it was simply to enter the name of the group and that was it.
Thanks.
hi
In version 3.1.0 the files ldap.openldap.php and ldap.activedirectory.php are missing in the sources directory. Copying them from version 3.0.10 everything works correctly.
Hello, In fact, I hadn't noticed this detail, but the respective PHP files that perform the LDAP functions are missing in version "3.1.1", so after your tip above, I took the files from version "3.1.0" and placed them in the directory SOURCES, and after that, the problem was corrected and the LDAP queries worked perfectly. PS.: Even after the above procedure, when trying to log in to the system, I encountered problems, and after performing a debug, I identified that the PHP file "identify.php" was causing the failure, so I also got the file from version "3.1.0" as performed above, and I was successful in logging in, without any further problems. IMPORTANT: Due to the problems I have had so far with version "3.1.1", I tried to install the latest release made available by @nilsteampassnet , "3.1.0", but I encountered problems at the beginning of the installation, where the following message was displayed: "ANSWER FROM SERVER IS EMPTY". Particularly speaking, I believe that version "3.1.1" is not 100% approved yet, but as it was not possible to install the others as reported above, I kept "3.1.1", but with the files from "3.1.0 " and so far the tool is running normally. Thank you very much.
Hi,as your instructions i have copied ldap.openldap.php and ldap.activedirectory.php ,"identify.php" but still i getting the following error even with correct credentials
please let me know where i am getting wrong
Hello,
In this specific case, the invalid credentials error refers to the username and password that connects to the server through the LDAP protocol, and is not the credential that is actually being used to test the query.
As a solution, I suggest entering the Username field exactly as shown in the example on the left, or you can also use the following format:
username@yourdomain.com
The above way also works, as I tested and validated it myself.
Thanks.
I'm struggling with a similar issue; when enabling and testing LDAP on 3.1.1 I get the message "Error - LDAP bind : ldap_bind(): Unable to bind to server: Can't contact LDAP server".
I've tried all of the above to no avail. There is no firewall in the way, I have tried IP addresses and host names, nothing works.
I'm using Ubuntu 22.04 LTS with PHP 8.2 and Apache. I can't see anything in the Apache error.log file and using the "$debugLdap = 1;" option does nothing, it doesn't create any debug file. What can I try? I've already spen6 about 6 hours upgrading from an older version, having fixed about 15 different things along the way, hopefully this is the last one.
Dear all,
Same issue here ("In progress" message forever when testing LDAP connection) , I like risk and adventure so I have installed TeamPass 3.1.2.29 in a: Amazon Linux 2023.4.20240416 PHP version: 8.2.15 10.5.23-MariaDB
In my case I'm trying to access ActiveDirectory
I enumerate all things I have tested:
copy files ldap.activedirectory.php and ldap.openldap.php from 3.1.0 -> Error still there
in apache logs nothing wrong ...but in /var/log/php-fpm/www-error.log :
[23-Apr-2024 14:00:59 UTC] PHP Fatal error: Uncaught ErrorException: ldap_search(): Search: Operations error in /var/www/html/TeamPass/vendor/directorytree/ldaprecord/src/Ldap.php:227 ... Next LdapRecord\LdapRecordException: ldap_search(): Search: Operations error in /var/www/html/TeamPass/vendor/directorytree/ldaprecord/src/LdapRecordException.php:25
I tried with user format user@domain.net -> the same issue, it shows "in progress" forever and in google console: Failed to load resource: the server responded with a status of 500 () /sources/ldap.queries.php:1
LDAP configuration used: Hosts : yourdomain.com BASE DN : dc=yourdomain,dc=com Username : cn=username,cn=users,dc=yourdomain,dc=com Password : youruserpassword User Distinguished Name : distinguishedname User name attribute : samaccountname Additional User DN : cn=user LDAP server type : Active Directory Certificate check for LDAP TLS : LDAP_OPT_X_TLS_NEVER Local and LDAP users : YES Newly created user is administrated by : Managers of role Administrators Newly created user has role : Default
In order to discard a problem with the user and password I run the following command in my linux: ldapsearch -x -h hostname.domain.net -p 389 -D "CN=User,OU=OU,DC=domain,DC=net" -W -b "dc=domain,dc=net" cn It returns me all users in Active directory with a user that has only viewer access to it.
Conclusions: I have TeamPass 2.1.12 without any LDAP user configured working perfectly, but in 3.1.2.29 no way to make it work. And what I have clear is that error comes from php code, but no idea how to fix.
@nilsteampassnet and people like me, any ideas?
Hello. I'm using version 3.1.2.44 when using LDAP it gets "in progress" doesn't work. Does anyone have the solution? @dmartinf / @DaveWebb2 / @boopathyt Were you able to fix it? / @evertton conseguiu arrumar?
?
?
Hi, even problem tell me if you found please
Dans la version 3.1.0 les fichiers ldap.openldap.php et ldap.activedirectory.php sont manquants dans le répertoire des sources. En les copiant depuis la version 3.0.10, tout fonctionne correctement.
Hi, Where do I find the files and how do I import them?
@rosanribeiro @doooopT I got the "ldap.activedirectory.php" and "ldap.openldap.php" files from version 3.1.0. I don't know why they were removed from the latest versions.
Once you have the files, simply configure the LDAP. Some of the features don't behave as expected, but authentication works.
Dear @evertton, I have both files in "sources" folder and doesn't work, my TeamPass release is 3.1.2.45 and I had the two files from 3.1.1.
Are the files in correct folder? Any idea on how to debug what is happening there?