search

stonith404 / pingvin-share

A self-hosted file sharing platform that combines lightness and beauty, perfect for seamless and efficient file sharing.
https://stonith404.github.io/pingvin-share/
BSD 2-Clause "Simplified" License
2.83k stars 206 forks source link

šŸ› Bug Report: LDAP Auth not working #599

Open dnielso5 opened 1 day ago

dnielso5 commented 1 day ago

šŸ‘Ÿ Reproduction steps

enable LDAP and enter server information:

Server URL: servername.domain.name.com

Bind DN: My admin account name

Bind Password: My password

User base: OU=Users,OU="All Users",DC=domain,DC=name,DC=com

User Query: (&(objectClass=user)(sAMAccountName=yourUserName)(memberof=CN=FileSharing,OU=Users,OU="All Users",DC=domain,DC=name,DC=com))

I have also tried: %username% and (sAMAccountName=or0202420)

Admin Group: FileSharingAdmins

šŸ‘ Expected behavior

Connect and log in with user accounts

šŸ‘Ž Actual Behavior

Fails to connect

šŸ“œ Logs

[Nest] 44 - 09/18/2024, 4:35:49 PM LOG [AuthService] Failed login attempt for user or0202420 from IP 10.89.1.2

I will point out that the IP of 10.89.1.2 is new to me, i am not sure why that's there. the only thing i can think of is that I'm using a reverse proxy on the same server.

server {
    listen 443 ssl;
client_max_body_size 500M;
    server_name domain.domain.domain.domain;
# SSL Configuration
ssl_certificate /etc/pki/tls/certs/domain.domain.domain.domain.pem;
ssl_certificate_key /etc/pki/tls/certs/domain.domain.domain.domain.key;
#ssl_trusted_certificate /etc/pki/certs/DigiCertCA.crt;
    location / {
        proxy_pass http://localhost:4443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
}

When trying to sign in with an email i get this error:

[Nest] 44  - 09/18/2024, 4:53:03 PM   ERROR [ExceptionsHandler] Cannot read properties of undefined (reading 'match')
TypeError: Cannot read properties of undefined (reading 'match')
    at LdapService.authenticateUser (/opt/app/backend/dist/src/auth/ldap.service.js:106:23)
    at AuthService.signIn (/opt/app/backend/dist/src/auth/auth.service.js:76:53)
    at async AuthController.signIn (/opt/app/backend/dist/src/auth/auth.controller.js:46:24)
stonith404 commented 22 hours ago

Are you sure the query works correctly? Have you tried to use the query without Pingvin Share e.g with ldapsearch to make sure that it's a bug of Pingvin Share?

Regarding the wrong IP, I've just created a release that introduces a new environment variable called TRUST_PROXY. You have to set this variable to true if a reverse proxy is in front of your container.

Additionally I've disabled email login if LDAP is enabled in the latest release because LDAP works only with usernames in Pingvin Share.

dnielso5 commented 22 hours ago

ill try again when i get a chance to update.

WolverinDEV commented 20 hours ago

User Query: (&(objectClass=user)(sAMAccountName=yourUserName)(memberof=CN=FileSharing,OU=Users,OU="All Users",DC=domain,DC=name,DC=com))

This part does not seem to be right: sAMAccountName=yourUserName.
Shouldn't it be %username% instead of yourUserName?