LDAP auth works, but creates a panic

ogmueller commented 1 year ago

The authentication with LDAP works, but it will create these panics as seen in first block. It is possible to use the app behind it, but after a while (i guess the session is dropped) it goes into more panics and it dies with "Internal Server Error" (500) as seen in the second block. After that I could only restart traefic to recover and the whole things starts over again.

traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[] 0xc002c84fc0 true {0xc0026aca00 {0xc002934e80 0xc002c8c388 406}} ldapAuth_session_token}
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:52: No session found! Trying to authenticate in LDAP
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Host: ldap.host.com
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Connect Address: ldap.host.com:636
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Running in Bind Mode
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Authenticating User: uid=user,ou=people,dc=host,dc=com
traefik  | INFO: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Authentication succeeded
traefik  | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/conn.go:264:2: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:49:03Z"}
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[authenticated:true username:user] 0xc00077b1c0 false {0xc0026aca00 {0xc002934e80 0xc00198e800 406}} ldapAuth_session_token}
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:52: [no valid 'Authorization: Basic xxxx' header found in request]
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[authenticated:true username: user] 0xc001f10c40 false {0xc0026aca00 {0xc002934e80 0xc001950700 406}} ldapAuth_session_token}
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session token Valid! Passing request...
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[authenticated:true username: user] 0xc002c85840 false {0xc0026aca00 {0xc002934e80 0xc002c8cbc0 406}} ldapAuth_session_token}
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session token Valid! Passing request...
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[authenticated:true username: user] 0xc000a96bc0 false {0xc0026aca00 {0xc002934e80 0xc002d18898 406}} ldapAuth_session_token}
traefik  | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:52: [no valid 'Authorization: Basic xxxx' header found in request]

2nd block:

traefik  | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Session details: &{ map[] 0xc001f75100 true {0xc0026aca00 {0xc002934e80 0xc0019d2de0 406}} ldapAuth_session_token}
traefik  | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:52: No session found! Trying to authenticate in LDAP
traefik  | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Host: ldap.host.com
traefik  | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Connect Address: ldap.host.com:636
traefik  | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Running in Bind Mode
traefik  | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Authenticating User: uid=user,ou=people,dc=host,dc=com
traefik  | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/request.go:50:2: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
traefik  | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/bind.go:61:5: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
traefik  | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/bind.go:100:3: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
traefik  | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/ldapauth.go:232:5: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
traefik  | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/ldapauth.go:125:6: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}

wiltonsr commented 1 year ago

Which Traefik version are you using?

traefik  | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/request.go:50:2: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}

Looks like the problem is with go-ldap.

ogmueller commented 1 year ago

traefik:v2.9

wiltonsr commented 1 year ago

Hello, @ogmueller

I have tested with v2.9.8 and can't reproduce your error.

Can you test with another server/machine and provide more details?

ogmueller commented 1 year ago

These are our traefik plugin settings for LDAP

http:
    middlewares:
        teqneers-ldapAuth:
            plugin:
                ldapAuth:
                    Attribute: uid
                    BaseDn: ou=people,dc=host,dc=com
                    Enabled: "true"
                    Url: ldaps://ldap.host.com
                    LogLevel: DEBUG
                    useTLS: "true"
                    Port: "636"

We are using a "standard" slapd server:

Package: slapd
Version: 2.4.49+dfsg-2ubuntu1.9

Docker version 23.0.1, build a5ee5b1 on latest Ubuntu 22.04.

wiltonsr commented 1 year ago

Closing this in favor of #25.

wiltonsr / ldapAuth

LDAP auth works, but creates a panic #35