search

semaphoreui / semaphore

Modern UI for Ansible, Terraform, OpenTofu, Bash, Pulumi.
https://semaphoreui.com
MIT License
10.35k stars 1.04k forks source link

[LDAP] Problems of incorrect login #1431

Closed allesharr closed 1 year ago

allesharr commented 1 year ago

Hi, I am trying to build this system for run my playbooks. I have a domain for test. I have a problem with "incorrect login or password error". In web-console I can see a POST-request with code "401 Unauthorised". I can't understand what happening because error logs are empty. The version - 2.8.90 from release

To be clear I have a user in domain with name "arr.local". All users are in "arr.local/DATA/USERS", user to enter domain = temp_test My config for ldap is 

 "ldap_binddn": "CN=temp_test, OU=DATA, OU=USERS, DC=arr, DC=local",
        "ldap_bindpassword": "temp_test_password",
        "ldap_server": "192.168.1.1:389",
        "ldap_searchdn": "OU=DATA,OU=USERS,DC=arr,DC=local",
        "ldap_searchfilter": "(objectClass=user)",
        "ldap_mappings": {
                "dn": "dn",
                "mail": "mail",
                "uid": "sAMAccountName",
                "cn": "{{ givenName }} {{ sn }}"
        },

Commnads like ldapsearch with help of this binddn=CN=temp_test, OU=DATA, OU=USERS, DC=arr, DC=local to the server is gettings back a username. So, domain works. Can someone help with solving this error?

ksourdrille commented 1 year ago

Hi @allesharr,

This is my working config : 

        "ldap_binddn": "XXX",
        "ldap_bindpassword": "XXX",
        "ldap_server": "XXX:389",
        "ldap_searchdn": "XXX",
        "ldap_searchfilter": "(&(sAMAccountName=%s))",
        "ldap_mappings": {
                "dn": "distinguishedName",
                "mail": "mail",
                "uid": "sAMAccountName",
                "cn": "cn"
        },
allesharr commented 1 year ago

This config works like main. I have 401 error too. User from database is logging in, user from ad via ldap - no. On ad i can't even see the connection from this system.

ksourdrille commented 1 year ago

can you provide semaphore logs ?

allesharr commented 1 year ago

I would rather, but there are no useful information.

I wrote stderr and strout to different files. So stderr last 100:

2023/08/20 07:06:44 http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192
2023/08/20 07:06:44 http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192
time="2023-08-21T04:17:44-04:00" level=error msg="websocket: close 1005 (no status)" level=Error
time="2023-08-21T04:17:44-04:00" level=error msg="websocket: close sent" level=Error
time="2023-08-21T04:17:44-04:00" level=error msg="close tcp 127.0.0.1:3000->127.0.0.1:46400: use of closed network connection" level=Error

closed network connection became when i closed the tab in my browser.

Stdout is:

GET : https:///cgi-bin/cart.cgi --> 404 Not Found
GET : https:///cgi-bin/clwarn.cgi --> 404 Not Found
GET : https:///cgi-bin/count.cgi --> 404 Not Found
GET : https:///cgi-bin/Count.cgi --> 404 Not Found
GET : https:///cgi-bin/faqmanager.cgi --> 404 Not Found
GET : https:///cgi-bin/FormHandler.cgi --> 404 Not Found
GET : https:///cgi-bin/FormMail.cgi --> 404 Not Found
GET : https:///cgi-bin/guestbook.cgi --> 404 Not Found
GET : https:///cgi-bin/help.cgi --> 404 Not Found
GET : https:///cgi-bin/index.cgi --> 404 Not Found
GET : https:///cgi-bin/index.pl --> 404 Not Found
GET : https:///cgi-bin/index.sh --> 404 Not Found
GET : https:///cgi-bin/login.cgi --> 404 Not Found

There are a lot of 404, but all adresses are unknown for me and not in documentation. Machine works in virtual network, so i can tell that it's correct. There are no internet connection.

allesharr commented 1 year ago

And about enter. May it bee a mistake? To enter i am writing myself as arr@arr.local or ARR\arr or just arr. Tryed all 3. Is it correct?

ksourdrille commented 1 year ago

Hum, in fact the logs are not too meaningful, I'll try your configuration, when i've tried to configure my semaphore with ldap i've some issues with the ldap filter of the doc, it's for that i use sAMAccount, did you tried with my conf ?

allesharr commented 1 year ago

Yes, this is with your conf. My params only where you wrote XXX. So, i wrote them

ksourdrille commented 1 year ago

did you authorize ldap ? image

allesharr commented 1 year ago

Yes, LDAP - enabled, TLS - disabled.

ksourdrille commented 1 year ago

it's really strange... I'm sorry but I don't have more debugs way :/

ksourdrille commented 1 year ago

Hi, you have a docker instance ?

allesharr commented 1 year ago

No, using a rocky-linux 8 native, all data from epel and this repo.

ksourdrille commented 1 year ago

did you try with docker for see if it's your semaphore instance ? and if you want i can give you my docker-compose.yml

gaeldb commented 1 year ago

Hi guys, I had the same problem with my LDAP config. Just found out after 1 hour that I had 2 lines in my config file :

"ldap_enable": true,
...
"ldap_enable": false,

Works now, with the following config with LDAP (Active Directory):

"ldap_binddn": "cn=myaccount,ou=Team,dc=mydc,dc=fr",
"ldap_bindpassword": mypassword",
"ldap_server": "myldap:389",
"ldap_searchdn": "ou=Team,dc=mydc,dc=fr",
"ldap_searchfilter": "(&(sAMAccountName:=%s))",
"ldap_mappings": {
    "dn": "distinguishedName",
    "mail": "userPrincipalName",
    "uid": "sAMAccountName",
    "cn": "cn"
}
allesharr commented 1 year ago

In docker everything works fine

allesharr commented 1 year ago

Used compose from example with my params

EpicShiield commented 1 year ago

Thanks for feedback, glad to hear it works, so there's either a problem with your non-docker instance, or a problem with the non-docker instance of semaphore

allesharr commented 1 year ago

Thanks for the help