LDAP Authentication - 49 Invalid Credentials

[romainmunier]

sysPass Version 3.2 (322.21031301) Config: 322.21031301 App: 322.21031301 DB: 322.21031301

SERVER_VERSION : 8.0.27-0ubuntu0.20.04.1 CLIENT_VERSION : mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $ SERVER_INFO : Uptime: 98530 Threads: 2 Questions: 270289 Slow queries: 0 Opens: 1423 Flush tables: 3 Open tables: 1272 Queries per second avg: 2.743 syspass.log

Describe the bug Hello ! Sorry for my English but I've got a problem with SysPass Docker and LDAP...

I'm sorry to disturb you but I'm trying to use SysPass with Docker and LDAP but I can't connect to my LDAP serveur (because of Errno 49 : Invalid Credentials).

I know my ldap server is working well because I'm using it with another service.

Here is the log :

[Mon Nov 22 19:16:45.477270 2021] [php7:notice] [pid 18] [client 104.28.135.9:18174] [INFO] [Loaded actions cache] SP\\Core\\Acl\\Actions::loadCache, referer: https://5.196.26.2:14001/index.php?r=index
ldap_create
ldap_url_parse_ext(ldap://romainmunier.ovh:389)
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP romainmunier.ovh:389
ldap_new_socket: 15
ldap_prepare_socket: 15
ldap_connect_to_host: Trying 5.196.26.2:389
ldap_pvt_connect: fd: 15 tm: 10 async: 0
ldap_ndelay_on: 15
attempting to connect: 
connect errno: 115
ldap_int_poll: fd: 15 tm: 10
ldap_is_sock_ready: 15
ldap_ndelay_off: 15
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x55d6705ef710 msgid 1
wait4msg ld 0x55d6705ef710 msgid 1 (infinite timeout)
wait4msg continue ld 0x55d6705ef710 msgid 1 all 1
** ld 0x55d6705ef710 Connections:
* host: romainmunier.ovh  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Nov 22 19:16:45 2021

** ld 0x55d6705ef710 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x55d6705ef710 request count 1 (abandoned 0)
** ld 0x55d6705ef710 Response Queue:
   Empty
  ld 0x55d6705ef710 response count 0
ldap_chkResponseList ld 0x55d6705ef710 msgid 1 all 1
ldap_chkResponseList returns ld 0x55d6705ef710 NULL
ldap_int_select
read1msg: ld 0x55d6705ef710 msgid 1 all 1
read1msg: ld 0x55d6705ef710 msgid 1 message type bind
read1msg: ld 0x55d6705ef710 0 new referrals
read1msg:  mark request completed, ld 0x55d6705ef710 msgid 1
request done: ld 0x55d6705ef710 msgid 1
res_errno: 49, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_err2string
ldap_err2string
ldap_err2string
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
[Mon Nov 22 19:16:45.520199 2021] [php7:notice] [pid 18] [client 104.28.135.9:18174] [EXCEPTION] [Erreur de connexion (BIND)\n#0 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(114): SP\\Providers\\Auth\\Ldap\\LdapConnection->bind()\n#1 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(95): SP\\Providers\\Auth\\Ldap\\LdapConnection->connectAndBind()\n#2 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/Ldap.php(96): SP\\Providers\\Auth\\Ldap\\LdapConnection->checkConnection()\n#3 /var/www/html/sysPass/lib/SP/Services/Ldap/LdapCheckService.php(51): SP\\Providers\\Auth\\Ldap\\Ldap->factory(Object(SP\\Providers\\Auth\\Ldap\\LdapParams),Object(SP\\Core\\Events\\EventDispatcher),Boolean)\n#4 /var/www/html/sysPass/app/modules/web/Controllers/ConfigLdapController.php(156): SP\\Services\\Ldap\\LdapCheckService->checkConnection(Object(SP\\Providers\\Auth\\Ldap\\LdapParams))\n#5 [internal function]: SP\\Modules\\Web\\Controllers\\ConfigLdapController->checkAction()\n#6 /var/www/html/sysPass/lib/SP/Bootstrap.php(240): call_user_func_array(Array,Array)\n#7 [internal function]: SP\\Bootstrap->SP\\{closure}(Object(Klein\\Request),Object(Klein\\Response),Object(Klein\\ServiceProvider),Object(Klein\\App),Object(Klein\\Klein),Object(Klein\\DataCollection\\RouteCollection),Array)\n#8 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(879): call_user_func(Object(Closure),Object(Klein\\Request),Object(Klein\\Response),Object(Klein\\ServiceProvider),Object(Klein\\App),Object(Klein\\Klein),Object(Klein\\DataCollection\\RouteCollection),Array)\n#9 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\\Klein->handleRouteCallback(Object(Klein\\Route),Object(Klein\\DataCollection\\RouteCollection),Array)\n#10 /var/www/html/sysPass/lib/SP/Bootstrap.php(464): Klein\\Klein->dispatch(Object(Klein\\Request))\n#11 /var/www/html/sysPass/lib/Base.php(75): SP\\Bootstrap->run(Object(DI\\Container))\n#12 /var/www/html/sysPass/index.php(28): require(String)] N/A, referer: https://5.196.26.2:14001/index.php?r=index
104.28.135.9 - - [22/Nov/2021:19:16:45 +0000] "POST /index.php?r=configLdap/check HTTP/1.1" 200 525 "https://5.196.26.2:14001/index.php?r=index" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
[Mon Nov 22 19:16:49.273483 2021] [php7:notice] [pid 18] [client 104.28.135.9:18174] [INFO] [Extensions checked] SP\\Core\\PhpExtensionChecker::checkMandatory, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:16:49.274658 2021] [php7:notice] [pid 18] [client 104.28.135.9:18174] [INFO] [Loaded icons cache] SP\\Core\\UI\\Theme::initIcons, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:16:49.290543 2021] [php7:notice] [pid 18] [client 104.28.135.9:18174] [INFO] [Loaded actions cache] SP\\Core\\Acl\\Actions::loadCache, referer: https://5.196.26.2:14001/index.php?r=index
104.28.135.9 - - [22/Nov/2021:19:16:49 +0000] "POST /index.php?r=configLdap/save HTTP/1.1" 200 502 "https://5.196.26.2:14001/index.php?r=index" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
[Mon Nov 22 19:16:49.363029 2021] [php7:notice] [pid 18] [client 104.28.135.9:18174] [INFO] [Extensions checked] SP\\Core\\PhpExtensionChecker::checkMandatory, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:16:49.363977 2021] [php7:notice] [pid 18] [client 104.28.135.9:18174] [INFO] [Loaded icons cache] SP\\Core\\UI\\Theme::initIcons, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:16:49.381575 2021] [php7:notice] [pid 18] [client 104.28.135.9:18174] [INFO] [Loaded actions cache] SP\\Core\\Acl\\Actions::loadCache, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:16:49.383698 2021] [php7:notice] [pid 18] [client 104.28.135.9:18174] [INFO] [Loaded MIME types cache] SP\\Core\\MimeTypes::loadCache, referer: https://5.196.26.2:14001/index.php?r=index
104.28.135.9 - - [22/Nov/2021:19:16:49 +0000] "GET /index.php?r=configManager/index&tabIndex=3&isAjax=1&sk=83f429591ca701325d990e4a214ae35a636678fe&_=1637608552500 HTTP/1.1" 200 14209 "https://5.196.26.2:14001/index.php?r=index" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
[Mon Nov 22 19:17:05.262936 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Extensions checked] SP\\Core\\PhpExtensionChecker::checkMandatory, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:17:05.266420 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Loaded icons cache] SP\\Core\\UI\\Theme::initIcons, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:17:05.284802 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Loaded actions cache] SP\\Core\\Acl\\Actions::loadCache, referer: https://5.196.26.2:14001/index.php?r=index
104.28.135.9 - - [22/Nov/2021:19:17:05 +0000] "POST /index.php?r=configLdap/save HTTP/1.1" 200 2342 "https://5.196.26.2:14001/index.php?r=index" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
[Mon Nov 22 19:17:05.363791 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Extensions checked] SP\\Core\\PhpExtensionChecker::checkMandatory, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:17:05.364885 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Loaded icons cache] SP\\Core\\UI\\Theme::initIcons, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:17:05.381761 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Loaded actions cache] SP\\Core\\Acl\\Actions::loadCache, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:17:05.384490 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Loaded MIME types cache] SP\\Core\\MimeTypes::loadCache, referer: https://5.196.26.2:14001/index.php?r=index
104.28.135.9 - - [22/Nov/2021:19:17:05 +0000] "GET /index.php?r=configManager/index&tabIndex=3&isAjax=1&sk=2c17b27b4920ac21cda91b982ea1dd6d2c7fa845&_=1637608552501 HTTP/1.1" 200 14202 "https://5.196.26.2:14001/index.php?r=index" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
[Mon Nov 22 19:17:08.507902 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Extensions checked] SP\\Core\\PhpExtensionChecker::checkMandatory, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:17:08.509956 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Loaded icons cache] SP\\Core\\UI\\Theme::initIcons, referer: https://5.196.26.2:14001/index.php?r=index
[Mon Nov 22 19:17:08.527325 2021] [php7:notice] [pid 313] [client 104.28.135.9:18315] [INFO] [Loaded actions cache] SP\\Core\\Acl\\Actions::loadCache, referer: https://5.196.26.2:14001/index.php?r=index
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_init: HOME env is NULL
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_url_parse_ext(ldap://romainmunier.ovh:389)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP romainmunier.ovh:389
ldap_new_socket: 15
ldap_prepare_socket: 15
ldap_connect_to_host: Trying 5.196.26.2:389
ldap_pvt_connect: fd: 15 tm: 10 async: 0
ldap_ndelay_on: 15
attempting to connect: 
connect errno: 115
ldap_int_poll: fd: 15 tm: 10
ldap_is_sock_ready: 15
ldap_ndelay_off: 15
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x55d6705ecdc0 msgid 1
wait4msg ld 0x55d6705ecdc0 msgid 1 (infinite timeout)
wait4msg continue ld 0x55d6705ecdc0 msgid 1 all 1
** ld 0x55d6705ecdc0 Connections:
* host: romainmunier.ovh  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Nov 22 19:17:08 2021

** ld 0x55d6705ecdc0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x55d6705ecdc0 request count 1 (abandoned 0)
** ld 0x55d6705ecdc0 Response Queue:
   Empty
  ld 0x55d6705ecdc0 response count 0
ldap_chkResponseList ld 0x55d6705ecdc0 msgid 1 all 1
ldap_chkResponseList returns ld 0x55d6705ecdc0 NULL
ldap_int_select
read1msg: ld 0x55d6705ecdc0 msgid 1 all 1
read1msg: ld 0x55d6705ecdc0 msgid 1 message type extended-result
read1msg: ld 0x55d6705ecdc0 0 new referrals
read1msg:  mark request completed, ld 0x55d6705ecdc0 msgid 1
request done: ld 0x55d6705ecdc0 msgid 1
res_errno: 2, res_error: <unsupported extended operation>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ldap_parse_result
ldap_msgfree
ldap_err2string
ldap_err2string
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed

I see that SysPass can connect to LDAP server but cannot authenticate user ...

Can you help me please to solve this problem ?

Thank you ! syspass.log

Platform (please complete the following information):

• OS: Linux
• Ubuntu 20.04
• Safari / Chrome

[FooBarTrixibell]

Does this happen when you press the import button in the LDAP settings?

I have noticed (and this caught me out multiple times) that if you press 'Save' prior to pressing 'Import' it clears the LDAP Bind password!

You need to get all your settings correct, save and then re-enter your LDAP bind password then press import.

[romainmunier]

I will try tomorrow. Thank you for Your reponse ?

Cordialement,

Romain MUNIER @.*** 07 68 46 73 64

Le 28 nov. 2021 à 22:18, FooBarTrixibell @.***> a écrit :



Does this happen when you press the import button in the LDAP settings?

I have noticed (and this caught me out multiple times) that if you press 'Save' prior to pressing 'Import' it clears the LDAP Bind password!

You need to get all your settings correct, save and then re-enter your LDAP bind password then press import.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/nuxsmin/sysPass/issues/1785#issuecomment-981153845, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AOM2W4RKCNIUYJAQVC4NPVDUOKMBBANCNFSM5IRZELDQ.

[maxsnts]

This is a problem with a save/load config.

If i set the bind password but DON'T save the config, the check LDAP works correctly.

When you click "Save", the password becomes "***" (that is what you get on the clipboard if you click the "View")

but the password is correct on the config.xml, so i think the problem is at the loading config stage.

[abreuti]

Does this happen when you press the import button in the LDAP settings?

I have noticed (and this caught me out multiple times) that if you press 'Save' prior to pressing 'Import' it clears the LDAP Bind password!

You need to get all your settings correct, save and then re-enter your LDAP bind password then press import.

PT - Eu estava procurando por um solução, e foi exatamente o que você disse, testei aqui e deu certo ! muito obrigado US - I was need for one solution, was exacty your tell, I testing and sucefull ! very thanks .. ** Sorry for my english***

[nuxsmin]

Thanks for your contributions!!