LDAP-login-error: LDAP Authentication failed with provided username

[akramparvez]

Issue

Server Setup Information:

• Did you test in newest Wekan?: Yes
• Wekan version: Edge
• Deployment Method(snap/docker/sandstorm/mongodb bundle/source): docker

Problem description:

• LDAP-login-error: LDAP Authentication failed with provided username
• Explain steps how to reproduce
• In webbrowser, what does show Right Click / Inspect / Console ? Chrome shows more detailed info than Firefox.: "{"msg":"result","id":"3","error":{"isClientSafe":true,"error":"LDAP-login-error","reason":"LDAP Authentication failed with provided username [USER]","message":"LDAP Authentication failed with provided username [USER] [LDAP-login-error]","errorType":"Meteor.Error"}}"
• If using Docker, what does show command sudo docker logs wekan-app ?:

  Attaching to nwekan_tawekan_1
  tawekan_1  | Presence started serverId=o8RcDg25GgQpAGKPh
  tawekan_1  | Note: you are using a pure-JavaScript implementation of bcrypt.
  tawekan_1  | While this implementation will work correctly, it is known to be
  tawekan_1  | approximately three times slower than the native implementation.
  tawekan_1  | In order to use the native implementation instead, run
  tawekan_1  |
  tawekan_1  |   meteor npm install --save bcrypt
  tawekan_1  |
  tawekan_1  | in the root directory of your application.
  tawekan_1  | > Starting board-background-color migration.
  tawekan_1  | > Finishing board-background-color migration.
  tawekan_1  | > Starting lowercase-board-permission migration.
  tawekan_1  | > Finishing lowercase-board-permission migration.
  tawekan_1  | > Starting change-attachments-type-for-non-images migration.
  tawekan_1  | > Finishing change-attachments-type-for-non-images migration.
  tawekan_1  | > Starting card-covers migration.
  tawekan_1  | > Finishing card-covers migration.
  tawekan_1  | > Starting use-css-class-for-boards-colors migration.
  tawekan_1  | > Finishing use-css-class-for-boards-colors migration.
  tawekan_1  | > Starting denormalize-star-number-per-board migration.
  tawekan_1  | > Finishing denormalize-star-number-per-board migration.
  tawekan_1  | > Starting add-member-isactive-field migration.
  tawekan_1  | > Finishing add-member-isactive-field migration.
  tawekan_1  | > Starting add-sort-checklists migration.
  tawekan_1  | > Finishing add-sort-checklists migration.
  tawekan_1  | > Starting add-swimlanes migration.
  tawekan_1  | > Finishing add-swimlanes migration.
  tawekan_1  | > Starting add-views migration.
  tawekan_1  | > Finishing add-views migration.
  tawekan_1  | > Starting add-checklist-items migration.
  tawekan_1  | > Finishing add-checklist-items migration.
  tawekan_1  | > Starting add-profile-view migration.
  tawekan_1  | > Finishing add-profile-view migration.
  tawekan_1  | > Starting add-card-types migration.
  tawekan_1  | > Finishing add-card-types migration.
  tawekan_1  | > Starting add-custom-fields-to-cards migration.
  tawekan_1  | > Finishing add-custom-fields-to-cards migration.
  tawekan_1  | > Starting add-requester-field migration.
  tawekan_1  | > Finishing add-requester-field migration.
  tawekan_1  | > Starting add-assigner-field migration.
  tawekan_1  | > Finishing add-assigner-field migration.
  tawekan_1  | > Starting add-parent-field-to-cards migration.
  tawekan_1  | > Finishing add-parent-field-to-cards migration.
  tawekan_1  | > Starting add-subtasks-boards migration.
  tawekan_1  | > Finishing add-subtasks-boards migration.
  tawekan_1  | > Starting add-subtasks-sort migration.
  tawekan_1  | > Finishing add-subtasks-sort migration.
  tawekan_1  | > Starting add-subtasks-allowed migration.
  tawekan_1  | > Finishing add-subtasks-allowed migration.
  tawekan_1  | > Starting add-authenticationMethod migration.
  tawekan_1  | > Finishing add-authenticationMethod migration.

How can I debug the issue? Where are the LDAP logs saved?

[jolentes]

I have exctly the same issue! In Firefox you see this in the Developer-Tools -> Network Analysis. No error message in docker-compose logs -f.

edit: I double checked the LDAP connection parameters. I can connect with ldapsearch with those parameters from a different host. Docker container is running on the same host as LDAP (Univention Corporate Server 4.3)

[Akuket]

Hello,

Your environment variable LDAP_LOG_ENABLED is set to true?

[jolentes]

Found that also in my investigation. At first it was not, then I changed it and recreated the container. But the output did not change.

[Akuket]

Without containerization, by launching the code directly with meteor, I have access to the logs. I do not know enough docker for that, but it makes me think that the masking logs would probably be at this level. By the biggest chance the logs would not be sent on /dev/stdout and errors on /dev/stderr?

[akramparvez]

same as jolentes, enabled log but it does not output any. Does it write to a file or is there a way to output log to a file instead of stdout or stderr?

[Akuket]

Ok, so, my pr on the repo wekan-ldap https://github.com/wekan/wekan-ldap/pulls is not merged. So already even if you managed to connect the first time, you could not reconnect with this user. In addition, it also explains why you do not see any logs. Once the merge is done, I invite you to retry and paste here the logs obtained, because normally your problem will still not be solved.

[xet7]

PR is now merged.

Docker image is currently building, you can test it soon with this image:

quay.io/wekan/wekan:v1.55.1

Also edge tag is building, so it should be available also there soon. Edge tag always contains latest.

[akramparvez]

Thanks @Akuket the logs helps a lot and the issue is fixed now, I was able to modify the environment variables using the debug log and login with LDAP.

[Akuket]

Great!

[Oznup]

Hello, I ask my question here because it seems I have the same problem, and I haven't understood how it had been solved. I run wekan via docker, and in the logs I have absolutely nothing. Just that :

in the root directory of your application. Presence started serverId=EQk38wELXSLdbYR64 Note: you are using a pure-JavaScript implementation of bcrypt. While this implementation will work correctly, it is known to be approximately three times slower than the native implementation. In order to use the native implementation instead, run

meteor npm install --save bcrypt

Here is my docker-compose.yml file, can you help me telling me what's wrong?

version: '2'

services: wekan: image: wekanteam/wekan:latest container_name: wekan restart: always networks:

• mynetwork environment: MONGO_URL: 'mongodb://mongodb:27017/wekan' ROOT_URL: 'https://wekan.example' LDAP_ENABLE: 'true' LDAP_HOST: 'ldap' LDAP_PORT: '389' LDAP_BASEDN: 'ou=Users,dc=example,dc=org' LDAP_AUTHENTICATION: 'true' LDAP_AUTHENTICATION_USERDN: 'cn=admin,dc=example,dc=org' AUTHENTIFICATION_PASSWORD: 'myUltraSecretPassword' LDAP_RECONNECT: 'true' LDAP_LOGIN_FALLBACK: 'true' LDAP_TIMEOUT: '10000' LDAP_IDLE_TIMEOUT: '100000' LDAP_CONNECT_TIMEOUT: '10000' LDAP_LOG_ENABLED: 'true' LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED: 'true' LDAP_BACKGROUND_SYNC: 'true' LDAP_BACKGROUND_SYNC_INTERVAL: '1000' LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS: 'true' LDAP_ENCRYPTION: 'false' LDAP_USER_SEARCH_FIELD: 'uid' LDAP_USERNAME_FIELD: 'uid' LDAP_MERGE_EXISTING_USERS: 'true' LDAP_SYNC_USER_DATA: 'true' LDAP_USER_SEARCH_FILTER: '(&(objectClass=*)(uid=%s))' LDAP_SYNC_USER_DATA_FIELDMAP: '{"#{givenName} #{sn}":"name", "mail":"email"}'

networks: mynetwork: external: true

Note : my LDAP is already working with other apps such as Rocket Chat and Gogs, and I can log in using my LDAP users without problem.

Thank's in advance,

Nicolas

[xet7]

@Oznup

Please try latest docker-compose.yml: https://raw.githubusercontent.com/wekan/wekan/devel/docker-compose.yml

For example, you have wrong docker image of wekanteam/wekan. Please use quay image.

If you still have problems, please add new issue to: https://github.com/wekan/wekan-ldap/issues

Or look is there existing ldap issue on above url.