search

operasoftware / ssh-key-authority

A tool for managing SSH key access to any number of servers.
Apache License 2.0
456 stars 71 forks source link

LDAP: User does not exist. in /var/www/ssh-key-authority/model/user.php #64

Closed myscript-developer closed 2 years ago

myscript-developer commented 2 years ago

Hi,

i freshly installed ska solution. Connection to url is ok but i got

Oops! Something went wrong! Sorry, but it looks like something needs fixing on the system. The problem has been automatically reported to the administrators, but if you wish, you can also [provide additional information](mailto:it-systems@myscript.com?subject=SSH%20Key%20Authority%20error%20number%201656666630) about what you were doing that may have triggered the error.

the log indicates [Fri Jul 01 11:10:30.096739 2022] [php7:notice] [pid 1259] [client 10.101.1.142:56121] 1656666630: UserNotFoundException: User does not exist. in /var/www/ssh-key-authority/model/user.php:379\n1656666630: Stack trace:\n1656666630: #0 /var/www/ssh-key-authority/model/userdirectory.php(100): User->get_details_from_ldap(true)\n1656666630: #1 /var/www/ssh-key-authority/requesthandler.php(24): UserDirectory->get_user_by_uid('superaccount-admin', true)\n1656666630: #2 /var/www/ssh-key-authority/public_html/init.php(18): require('/var/www/ssh-ke...')\n1656666630: #3 {main}, referer: https://ssh-mgmt.corp.domain.com/

here's my ldap configuration `[ldap] ; Address to connect to LDAP server host = ldap://dc.domain.com ; Use StartTLS for connection security (recommended if using ldap:// instead ; of ldaps:// above) starttls = 0 ; LDAP subtree containing USER entries dn_user = "ou=services account,dc=domain,dc=com" ;LDAP subtree containing GROUP entries dn_group = "ou=groups,dc=domain,dc=com" ; (Optional) filter for matching user objects user_filter = "(objectClass=inetOrgPerson)" ;user_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"

; (Optional) filter for matching group objects

; Set to 1 if the LDAP library should process referrals. In most cases this ; is not needed, and for AD servers it can cause errors when querying the ; whole tree. follow_referrals = 0

; Leave bind_dn empty if binding is not required bind_dn = ad_viewer@domain.com bind_password = "!?superpassword?!"

; User attributes user_id = sAMAccountName user_name = cn user_email = mail ;user_superior = superioremployee`

i certify the user exist because if i change the bind_password = "!?superpasswordblabla?!" the error is ErrorException: ldap_bind(): Unable to bind to server: Invalid credentials in /var/www/ssh-key-authority/ldap.php

so what's wrong in the configuration ? i really don't know :/

can someone help pls?

myscript-developer commented 2 years ago

solved issue, jsut have to add my mail in the mail field of my ad account properties. solved.