search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.63k stars 532 forks source link

LDAP authorization does not work #4112

Open tobiaspihale opened 3 months ago

tobiaspihale commented 3 months ago

Steps to reproduce

  1. On a freshly installed TeamPass I tried to configurate LDAP
  2. After entering all the values in the config I used the "Test current configuration" and the output with my useraccount was "User is successfully authenticated" so I thought LDAP sync and authorization is working
  3. When I try to login with the user account I tested in the step before the login gets stuck at "In progress" also when logged in as administrator on the Users tab no users are shown in the LDAP syncronization

Expected behaviour

The login of an LDAP user should work

Actual behaviour

When I try to login with the user account I tested in the step before the login gets stuck at "In progress" also when logged in as administrator on the Users tab no users are shown in the LDAP syncronization

Server configuration

Operating system: Ubuntu 22.04.4 LTS

Web server: Apache/2.4.52 (Ubuntu)

Database: 10.6.16-MariaDB-0ubuntu0.22.04.1

PHP version: PHP 8.1.2-1ubuntu2.14 (cli)

Teampass version: TeamPass 3.1.2.27

Teampass configuration file:

<?php
global $SETTINGS;
$SETTINGS = array (
    'max_latest_items' => '10',
    'enable_favourites' => '1',
    'show_last_items' => '1',
    'enable_pf_feature' => '0',
    'log_connections' => '1',
    'log_accessed' => '1',
    'time_format' => 'H:i:s',
    'date_format' => 'd/m/Y',
    'duplicate_folder' => '0',
    'item_duplicate_in_same_folder' => '0',
    'duplicate_item' => '0',
    'number_of_used_pw' => '3',
    'manager_edit' => '1',
    'cpassman_dir' => '/var/www/TeamPass',
    'cpassman_url' => 'https://passwords.intra.donut.com',
    'favicon' => 'https://passwords.intra.donut.com/favicon.ico',
    'path_to_upload_folder' => '/var/www/TeamPass/upload',
    'path_to_files_folder' => '/var/www/TeamPass/files',
    'url_to_files_folder' => 'https://passwords.intra.donut.com/files',
    'activate_expiration' => '0',
    'pw_life_duration' => '0',
    'maintenance_mode' => '0',
    'enable_sts' => '0',
    'encryptClientServer' => '1',
    'teampass_version' => '3.1.2',
    'ldap_mode' => '1',
    'ldap_type' => 'ActiveDirectory',
    'ldap_suffix' => '0',
    'ldap_domain_dn' => '0',
    'ldap_domain_controler' => '0',
    'ldap_user_attribute' => 'userPrincipalName',
    'ldap_ssl' => '0',
    'ldap_tls' => '0',
    'ldap_search_base' => '0',
    'ldap_port' => '389',
    'richtext' => '0',
    'allow_print' => '0',
    'roles_allowed_to_print' => '0',
    'show_description' => '1',
    'anyone_can_modify' => '0',
    'anyone_can_modify_bydefault' => '0',
    'nb_bad_authentication' => '0',
    'utf8_enabled' => '1',
    'restricted_to' => '0',
    'restricted_to_roles' => '0',
    'enable_send_email_on_user_login' => '0',
    'enable_user_can_create_folders' => '0',
    'insert_manual_entry_item_history' => '0',
    'enable_kb' => '0',
    'enable_email_notification_on_item_shown' => '0',
    'enable_email_notification_on_user_pw_change' => '0',
    'custom_logo' => '',
    'custom_login_text' => '',
    'default_language' => 'english',
    'send_stats' => '0',
    'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
    'send_stats_time' => '1708437044',
    'get_tp_info' => '1',
    'send_mail_on_user_login' => '0',
    'sending_emails' => '0',
    'nb_items_by_query' => 'auto',
    'enable_delete_after_consultation' => '0',
    'enable_personal_saltkey_cookie' => '0',
    'personal_saltkey_cookie_duration' => '31',
    'email_smtp_server' => '',
    'email_smtp_auth' => '',
    'email_auth_username' => '',
    'email_auth_pwd' => '',
    'email_port' => '',
    'email_security' => '',
    'email_server_url' => '',
    'email_from' => '',
    'email_from_name' => '',
    'pwd_maximum_length' => '40',
    'google_authentication' => '0',
    'delay_item_edition' => '0',
    'allow_import' => '0',
    'proxy_ip' => '',
    'proxy_port' => '',
    'upload_maxfilesize' => '10mb',
    'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
    'upload_imagesext' => 'jpg,jpeg,gif,png',
    'upload_pkgext' => '7z,rar,tar,zip',
    'upload_otherext' => 'sql,xml',
    'upload_imageresize_options' => '1',
    'upload_imageresize_width' => '800',
    'upload_imageresize_height' => '600',
    'upload_imageresize_quality' => '90',
    'use_md5_password_as_salt' => '0',
    'ga_website_name' => 'TeamPass for ChangeMe',
    'api' => '0',
    'subfolder_rights_as_parent' => '0',
    'show_only_accessible_folders' => '0',
    'enable_suggestion' => '0',
    'otv_expiration_period' => '7',
    'default_session_expiration_time' => '60',
    'duo' => '0',
    'enable_server_password_change' => '0',
    'ldap_object_class' => '0',
    'bck_script_path' => '/var/www/TeamPass/backups',
    'bck_script_filename' => 'bck_teampass',
    'syslog_enable' => '0',
    'syslog_host' => 'localhost',
    'syslog_port' => '514',
    'manager_move_item' => '0',
    'create_item_without_password' => '0',
    'otv_is_enabled' => '0',
    'agses_authentication_enabled' => '0',
    'item_extra_fields' => '0',
    'saltkey_ante_2127' => 'none',
    'migration_to_2127' => 'done',
    'files_with_defuse' => 'done',
    'timezone' => 'UTC',
    'enable_attachment_encryption' => '1',
    'personal_saltkey_security_level' => '50',
    'ldap_new_user_is_administrated_by' => '0',
    'disable_show_forgot_pwd_link' => '1',
    'offline_key_level' => '0',
    'enable_http_request_login' => '0',
    'ldap_and_local_authentication' => '1',
    'secure_display_image' => '1',
    'upload_zero_byte_file' => '0',
    'upload_all_extensions_file' => '0',
    'bck_script_passkey' => '***',
    'admin_2fa_required' => '1',
    'password_overview_delay' => '4',
    'copy_to_clipboard_small_icons' => '1',
    'duo_ikey' => '',
    'duo_skey' => '',
    'duo_host' => '',
    'duo_failmode' => 'secure',
    'roles_allowed_to_print_select' => '',
    'clipboard_life_duration' => '30',
    'mfa_for_roles' => '',
    'tree_counters' => '0',
    'settings_offline_mode' => '0',
    'settings_tree_counters' => '0',
    'enable_massive_move_delete' => '0',
    'email_debug_level' => '0',
    'ga_reset_by_user' => '',
    'onthefly-backup-key' => '',
    'onthefly-restore-key' => '',
    'ldap_user_dn_attribute' => 'distinguishedName',
    'ldap_dn_additional_user_dn' => '',
    'ldap_user_object_filter' => '(objectCategory=Person)',
    'ldap_bdn' => 'OU=donut GmbH & Co. KG,DC=donut,DC=local',
    'ldap_hosts' => 'donutcontroller.donut.local',
    'ldap_password' => '***',
    'ldap_username' => 'CN=teampass,OU=Serviceaccounts,OU=donut GmbH & Co. KG,DC=donut,DC=local',
    'api_token_duration' => '60',
    'last_folder_change' => '',
    'enable_tasks_manager' => '1',
    'task_maximum_run_time' => '300',
    'tasks_manager_refreshing_period' => '20',
    'maximum_number_of_items_to_treat' => '100',
    'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
    'enable_tasks_log' => '0',
    'upgrade_timestamp' => '1711029044',
    'enable_ad_users_with_ad_groups' => '1',
    'enable_ad_user_auto_creation' => '0',
    'ldap_group_object_filter' => '',
    'ldap_guid_attibute' => 'objectGUID',
    'sending_emails_job_frequency' => '2',
    'user_keys_job_frequency' => '1',
    'items_statistics_job_frequency' => '5',
    'users_personal_folder_task' => '',
    'clean_orphan_objects_task' => '',
    'purge_temporary_files_task' => '',
    'rebuild_config_file' => '',
    'reload_cache_table_task' => '',
    'maximum_session_expiration_time' => '60',
    'items_ops_job_frequency' => '1',
    'enable_refresh_task_last_execution' => '1',
    'ldap_group_objectclasses_attibute' => 'top,groupofuniquenames',
    'pwd_default_length' => '14',
    'tasks_log_retention_delay' => '30',
);

Updated from an older Teampass or fresh install: Fresh Install

Client configuration

Browser: Google Chrome 122.0.6261.129 (64-Bit)

Operating system: Windows 10 22H2

Logs

Web server error log

--

Log from the web-browser developer console (CTRL + SHIFT + i)

Uncaught SyntaxError: Unexpected token '<', "    <!-- Main "... is not valid JSON
    at JSON.parse (<anonymous>)
    at Object.success ((index):2828:29)
    at c (jquery.min.js:2:28327)
    at Object.fireWith [as resolveWith] (jquery.min.js:2:29072)
    at l (jquery.min.js:2:79901)
    at XMLHttpRequest.<anonymous> (jquery.min.js:2:82355)
evertton commented 3 months ago

Follow https://github.com/nilsteampassnet/TeamPass/issues/3993