New LDAP users "create_user_keys" task doesnt progress

[hitenmandalia]

### Steps to reproduce 1. Create new LDAP user 2. Checking Task Manager, Tasks doesnt progress. No progress bar. 3. LDAP user seems to log in OK, but always see message "Account in construction(0%)" ### Expected behaviour User keys should be generated ### Actual behaviour Tell us what happens instead ### Server configuration **Operating system**: Alpine Linux **Web server:** Nginx **Database:** MySQL 8 **PHP version:** 8 **Teampass version:** 3.1.1 **Teampass configuration file:** ``` '10', 'enable_favourites' => '1', 'show_last_items' => '1', 'enable_pf_feature' => '0', 'log_connections' => '1', 'log_accessed' => '1', 'time_format' => 'H:i:s', 'date_format' => 'd/m/Y', 'duplicate_folder' => '1', 'item_duplicate_in_same_folder' => '0', 'duplicate_item' => '1', 'number_of_used_pw' => '3', 'manager_edit' => '1', 'cpassman_dir' => '/var/www/html', 'cpassman_url' => 'https://password.xxxx.xxx', 'favicon' => '', 'path_to_upload_folder' => '/var/www/html/upload', 'path_to_files_folder' => '/var/www/html/files', 'url_to_files_folder' => 'http://localhost/files', 'activate_expiration' => '0', 'pw_life_duration' => '0', 'maintenance_mode' => '0', 'enable_sts' => '0', 'encryptClientServer' => '1', 'teampass_version' => '3.1.1', 'ldap_mode' => '1', 'ldap_type' => 'ActiveDirectory', 'ldap_suffix' => '0', 'ldap_domain_dn' => '0', 'ldap_domain_controler' => '0', 'ldap_user_attribute' => 'samaccountname', 'ldap_ssl' => '0', 'ldap_tls' => '0', 'ldap_search_base' => '0', 'ldap_port' => '389', 'richtext' => '0', 'allow_print' => '0', 'roles_allowed_to_print' => '0', 'show_description' => '0', 'anyone_can_modify' => '0', 'anyone_can_modify_bydefault' => '0', 'nb_bad_authentication' => '0', 'utf8_enabled' => '1', 'restricted_to' => '0', 'restricted_to_roles' => '0', 'enable_send_email_on_user_login' => '0', 'enable_user_can_create_folders' => '0', 'insert_manual_entry_item_history' => '0', 'enable_kb' => '0', 'enable_email_notification_on_item_shown' => '0', 'enable_email_notification_on_user_pw_change' => '0', 'custom_logo' => '', 'custom_login_text' => '', 'default_language' => 'english', 'send_stats' => '0', 'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb; 'send_stats_time' => '1690977063', 'get_tp_info' => '0', 'send_mail_on_user_login' => '0', 'nb_items_by_query' => 'auto', 'enable_delete_after_consultation' => '0', 'enable_personal_saltkey_cookie' => '0', 'personal_saltkey_cookie_duration' => '31', 'email_smtp_server' => '', 'email_smtp_auth' => '1', 'email_auth_username' => '', 'email_auth_pwd' => '', 'email_port' => '587', 'email_security' => 'tls', 'email_server_url' => '', 'email_from' => '', 'email_from_name' => '', 'pwd_maximum_length' => '100', 'google_authentication' => '1', 'delay_item_edition' => '0', 'allow_import' => '0', 'proxy_ip' => '', 'proxy_port' => '', 'upload_maxfilesize' => '10mb', 'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx', 'upload_imagesext' => 'jpg,jpeg,gif,png', 'upload_pkgext' => '7z,rar,tar,zip', 'upload_otherext' => 'sql,xml', 'upload_imageresize_options' => '1', 'upload_imageresize_width' => '800', 'upload_imageresize_height' => '600', 'upload_imageresize_quality' => '90', 'use_md5_password_as_salt' => '0', 'ga_website_name' => '', 'api' => '0', 'subfolder_rights_as_parent' => '1', 'show_only_accessible_folders' => '1', 'enable_suggestion' => '0', 'otv_expiration_period' => '1', 'default_session_expiration_time' => '60', 'duo' => '0', 'enable_server_password_change' => '0', 'ldap_object_class' => '0', 'bck_script_path' => '/var/www/html/backups', 'bck_script_filename' => 'bck_teampass', 'syslog_enable' => '0', 'syslog_host' => 'localhost', 'syslog_port' => '514', 'manager_move_item' => '0', 'create_item_without_password' => '0', 'otv_is_enabled' => '0', 'agses_authentication_enabled' => '0', 'item_extra_fields' => '0', 'saltkey_ante_2127' => 'none', 'migration_to_2127' => 'done', 'files_with_defuse' => 'done', 'timezone' => 'UTC', 'enable_attachment_encryption' => '1', 'personal_saltkey_security_level' => '50', 'ldap_new_user_is_administrated_by' => '0', 'disable_show_forgot_pwd_link' => '0', 'offline_key_level' => '0', 'enable_http_request_login' => '0', 'ldap_and_local_authentication' => '0', 'secure_display_image' => '1', 'upload_zero_byte_file' => '0', 'upload_all_extensions_file' => '1', 'bck_script_passkey' => 'zSdyLcM2TdPUrgzemXdpZ3wbanRXKtY', 'admin_2fa_required' => '0', 'password_overview_delay' => '4', 'copy_to_clipboard_small_icons' => '1', 'duo_ikey' => '', 'duo_skey' => '', 'duo_host' => '', 'duo_failmode' => 'secure', 'roles_allowed_to_print_select' => '', 'clipboard_life_duration' => '30', 'mfa_for_roles' => '', 'tree_counters' => '1', 'settings_offline_mode' => '0', 'settings_tree_counters' => '0', 'enable_massive_move_delete' => '0', 'email_debug_level' => '0', 'ga_reset_by_user' => '1', 'onthefly-backup-key' => '', 'onthefly-restore-key' => '', 'ldap_user_dn_attribute' => '', 'ldap_dn_additional_user_dn' => '', 'ldap_user_object_filter' => '(&(objectcategory=person)(memberof=cn=teampassaccessgroup,ou=applicationgroups,ou=groups,dc=ad,dc=xxx,dc=xx))', 'ldap_bdn' => 'dc=ad,dc=xxxx,dc=xxx', 'ldap_hosts' => '10.x.x.x,10.x.x.x', 'ldap_password' => 'xxxxxxxxx', 'ldap_username' => 'cn=Svc_TeamPass_LDAP,ou=Service Accounts,dc=ad,dc=xxxxx,dc=xxx', 'api_token_duration' => '60', 'enable_tasks_manager' => '1', 'task_maximum_run_time' => '300', 'tasks_manager_refreshing_period' => '20', 'maximum_number_of_items_to_treat' => '100', 'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER', 'enable_tasks_log' => '1', 'upgrade_timestamp' => '1707749448', 'enable_ad_users_with_ad_groups' => '1', 'enable_ad_user_auto_creation' => '0', 'ldap_group_object_filter' => '(extensionattribute7=teampassgroup)', 'ldap_guid_attibute' => 'extensionattribute8', 'sending_emails_job_frequency' => '2', 'user_keys_job_frequency' => '1', 'items_statistics_job_frequency' => '5', 'users_personal_folder_task' => '', 'clean_orphan_objects_task' => 'saturday;05:00', 'purge_temporary_files_task' => 'saturday;00:00', 'rebuild_config_file' => '', 'reload_cache_table_task' => 'saturday;03:00', 'maximum_session_expiration_time' => '60', 'rebuild_config_file_task' => 'saturday;01:30', 'items_ops_job_frequency' => '1', 'enable_refresh_task_last_execution' => '1', 'ldap_group_objectclasses_attibute' => 'top,groupofuniquenames', 'pwd_default_length' => '14', 'tasks_log_retention_delay' => '3650', ); ```  

[DenFel]

Hi @hitenmandalia, which php version ur running? Can you try to run "php /var/www/html/TeamPass/sources/scheduler.php". First i got an error with something like MYSQLI_OPT_CONNECT_TIMEOUT not defined in settings.php. After "defining" it by change the lines to define("DB_CONNECT_OPTIONS", array()); I got PHP Fatal error:

Uncaught Exception: MeekroDB requires the mysqli extension for PHP in /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php:24

[hitenmandalia]

hi @DenFel I am running php 8.2.7 Unfortuantely, I am running this as a container in AWS Fargate, so i do not have access to the cli so unable to run the command. I do have a container running locally, which is not in production, running the same version's as in production so i will try and test on that and report back for you.

[hitenmandalia]

@DenFel

I ran that and i dont get any error

[DenFel]

php version in both containers is the same?

[Hubertvivien]

Hi having same problem

[DenFel]

@Hubertvivien, have you tried to run this command from cli -> php /var/www/html/TeamPass/sources/scheduler.php

[Hubertvivien]

Hi @DenFel Runned Got no error

But still have "account in construction"

[hitenmandalia]

php version in both containers is the same?

Yes, the production is an exact copy of the container i have locally

[spigotx]

Hi. I have the same problem with fresh 3.1.1 version

Adding a local users work fine.
I was "able" to pass through this "error" by creating local user with the same login name as in AD and after that I enabled AD access for that user. But after that I have another error, adding new secrets. the process get stuck on another process "new_item".

[spigotx]

Hi, Adding AD users works with the new version 3.1.2.2.

But then the user sees the message:

No process is running in the background or any error msg in apache log.

[Arash9703]

@Hubertvivien, have you tried to run this command from cli -> php /var/www/html/TeamPass/sources/scheduler.php

You should check if the crontask is running well !

[Arash9703]

@Hubertvivien, have you tried to run this command from cli -> php /var/www/html/TeamPass/sources/scheduler.php

crontab -u www-data -e

[Torx999]

We have also the problem that the keys cannot be created. create_user_keys task hangs in progress, but without any progress. Also if I try to recreate OTP, or create new user with AD sync.

[spigotx]

crontab -u www-data -e

Yes, I did. No problem there. The cron job seems to be running well.

[spigotx]

v3.1.2.12

• adding new AD user creates msg: [Tue Feb 27 10:02:48.127596 2024] [php:error] [pid 840] [client xxx.xxx.xxx.xxx:52802] PHP Fatal error: Uncaught MeekroDBException: Field 'allowed_folders' doesn't have a default value in /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php:934\nStack trace:\n#0 /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php(890): MeekroDB->queryHelper()\n#1 /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php(550): MeekroDB->query()\n#2 /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php(554): MeekroDB->insertOrReplace()\n#3 /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php(116): MeekroDB->insert()\n#4 /var/www/html/TeamPass/sources/users.queries.php(2667): DB::__callStatic()\n#5 {main}\n thrown in /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php on line 934, referer: https://xxx.xxx.xxx.xxx/index.php?page=users
• user had only the "Default" folder selected (fresh install)
• user can login, but the "account in construction" msg is still there (no running process)
• another warning msgs: [Tue Feb 27 10:04:01.340919 2024] [php:warn] [pid 843] [client xxx.xxx.xxx.xxx:52941] PHP Warning: Undefined array key 1 in /var/www/html/TeamPass/pages/tasks.php on line 232, referer: https://xxx.xxx.xxx.xxx/index.php?page=users [Tue Feb 27 10:04:01.340961 2024] [php:warn] [pid 843] [client xxx.xxx.xxx.xxx:52941] PHP Warning: Undefined array key 1 in /var/www/html/TeamPass/pages/tasks.php on line 260, referer: https://xxx.xxx.xxx.xxx/index.php?page=users [Tue Feb 27 10:04:01.340973 2024] [php:warn] [pid 843] [client xxx.xxx.xxx.xxx:52941] PHP Warning: Undefined array key 1 in /var/www/html/TeamPass/pages/tasks.php on line 282, referer: https://xxx.xxx.xxx.xxx/index.php?page=users [Tue Feb 27 10:04:01.340987 2024] [php:warn] [pid 843] [client xxx.xxx.xxx.xxx:52941] PHP Warning: Undefined array key 1 in /var/www/html/TeamPass/pages/tasks.php on line 326, referer: https://xxx.xxx.xxx.xxx/index.php?page=users [Tue Feb 27 10:05:38.578516 2024] [php:warn] [pid 1699] [client xxx.xxx.xxx.xxx:53137] PHP Warning: Undefined array key 1 in /var/www/html/TeamPass/pages/tasks.php on line 232, referer: https://xxx.xxx.xxx.xxx/index.php?page=users [Tue Feb 27 10:05:38.578568 2024] [php:warn] [pid 1699] [client xxx.xxx.xxx.xxx:53137] PHP Warning: Undefined array key 1 in /var/www/html/TeamPass/pages/tasks.php on line 260, referer: https://xxx.xxx.xxx.xxx/index.php?page=users [Tue Feb 27 10:05:38.578582 2024] [php:warn] [pid 1699] [client xxx.xxx.xxx.xxx:53137] PHP Warning: Undefined array key 1 in /var/www/html/TeamPass/pages/tasks.php on line 282, referer: https://xxx.xxx.xxx.xxx/index.php?page=users [Tue Feb 27 10:05:38.578605 2024] [php:warn] [pid 1699] [client xxx.xxx.xxx.xxx:53137] PHP Warning: Undefined array key 1 in /var/www/html/TeamPass/pages/tasks.php on line 326, referer: https://xxx.xxx.xxx.xxx/index.php?page=users

[spigotx]

just fyi. with v3.1.2.17 same status and same "errors"

[nilsteampassnet]

those errors have nothing to do with the cron itself meaning that even if they exist, task should work. I will commit a fix for those erreors.

I order to capture if an error occurs, you could run: php scripts/background_tasks___items_handler.php

[Arash9703]

Merci, j'ai hâte car ça fait un moment que je cherche une version sans erreur au niveau des tâches clés et principales , il est devenu mon projet professionnel et j'y ai consacré un bon moment :)

[spigotx]

just fyi. with v3.1.2.17 same status and same "errors"

those errors have nothing to do with the cron itself meaning that even if they exist, task should work. I will commit a fix for those erreors.

I order to capture if an error occurs, you could run: php scripts/background_tasks___items_handler.php

Thank you for your reply, and all the effort you put into this project. I'll ignore those "errors" :D. Then only problem that I have is the "pass key" msg constantly showing after user logs in. Thanks.

I ran the cmd: php scripts/background_tasks___items_handler.php with v3.1.2.18 and got no error in apache log

[spigotx]

php: xx@xxx:/var/www/html/TeamPass$ php /var/www/html/TeamPass/sources/scheduler.php PHP Warning: Undefined array key 1 in /var/www/html/TeamPass/sources/scheduler.php on line 108

apache: [Tue Mar 05 07:16:07.813324 2024] [php:warn] [pid 1337] [client xxx.xxx.xxx.xxx:59687] PHP Warning: Trying to access array offset on value of type null in /var/www/html/TeamPass/sources/folders.class.php on line 176, referer: https://xxx.xxx.xxx.xxx/index.php?page=folders [Tue Mar 05 07:16:42.238720 2024] [php:error] [pid 853] [client xxx.xxx.xxx.xxx:59749] PHP Fatal error: Uncaught MeekroDBException: Field 'allowed_folders' doesn't have a default value in /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php:934\nStack trace:\n#0 /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php(890): MeekroDB->queryHelper()\n#1 /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php(550): MeekroDB->query()\n#2 /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php(554): MeekroDB->insertOrReplace()\n#3 /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php(116): MeekroDB->insert()\n#4 /var/www/html/TeamPass/sources/users.queries.php(2668): DB::__callStatic()\n#5 {main}\n thrown in /var/www/html/TeamPass/vendor/sergeytsalkov/meekrodb/db.class.php on line 934, referer: https://xxx.xxx.xxx.xxx/index.php?page=users

[Torx999]

With 3.2.18 the problem is still there:

after creating new user the key creating hangs all the time with 0%

[nilsteampassnet]

I've updated a small fix to limit those errors. Please retry But if no errors while running, then it means conditions are not met ... I need to understand why as I cannot reproduce.

[spigotx]

Error log from apache.log: error.log

scheduler.php doesn't throw any error

If there's anything i can do to help, just let me know

[Arash9703]

Hello, I just installed the latest corrected version, and I encountered the same error. The tasks aren't executing.

[erredablio]

When I go to add an LDAP user, I get an error message in the service log and I'm left on the application screen with an eternal message as if the inclusion is still in progress.

When I refresh the page, the user simply appears as if it had been created.

After logging in with the LDAP user, I am eternally waiting for the keys to be created.

I'm also running version 3.1.2.19 and there is no error in the cronjob.

[Arash9703]

It is the same case with local accounts!

[erredablio]

Supplementing the rrror with the Browser Console.

[Arash9703]

Problem solved for the local accounts !

But only after changing the user's password from the admin session, the task of creating the user begins only when a password change task is initiated. !

[Torx999]

I can confirm, that changing password as admin for local account starts the key generation and it runs successfully. But for the AD managed accounts I can't change the password. if I generate new OTP for the account it starts the key generation task but it hangs at 0% eternally. So we still can't add new AD user to teampass :(

[nilsteampassnet]

Should be fixed in latest commit

[hitenmandalia]

can confirm works for me, thank you @nilsteampassnet

[erredablio]

It worked for me too, thanks! @nilsteampassnet

[Torx999]

Adding user from AD worked for me too, but the user has all passwords in objects empty. Objects are visible, but no passwords.