Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is LDAP client implementation missing scope setting? #2

Open
anarion80 opened this issue Aug 16, 2022 · 0 comments
Open

Is LDAP client implementation missing scope setting? #2

anarion80 opened this issue Aug 16, 2022 · 0 comments

Comments

@anarion80
Copy link

Hello,

I have setup Release Bell in my own environment using docker. Everything is up and running, but I can't login using LDAP.

=> Create database.json
=> Run db-migration
Ignoring invalid configuration option passed to Connection: driver. This is currently a warning, but in future versions of MySQL2, an error will be thrown if you pass an invalid configuration option to a Connection
[INFO] No migrations to run
[INFO] Done
=> Start application
Can send emails. Email notifications are sent out as [email protected]
Use ldap auth
Server is up and running on port 3000

I have the following env (actual domain removed):

CLOUDRON_APP_ORIGIN = example.com
CLOUDRON_LDAP_BIND_DN = cn=admin,dc=example,dc=com
CLOUDRON_LDAP_BIND_PASSWORD = password
CLOUDRON_LDAP_URL = ldap://openldap:1389
CLOUDRON_LDAP_USERS_BASE_DN = ou=users,dc=example,dc=com
CLOUDRON_MYSQL_DATABASE = releasebell
CLOUDRON_MYSQL_HOST = mariadb
CLOUDRON_MYSQL_PASSWORD = password
CLOUDRON_MYSQL_PORT = 3306
CLOUDRON_MYSQL_USERNAME = releasebell

when I enter username and password though, I get 401 and "Invalid username or password" message.

At that time my LDAP server is showing:

BIND dn="cn=admin,dc=example,dc=com" method=128
BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE bind_ssf=0 ssf=0
RESULT tag=97 err=0 qtime=0.000027 etime=0.000272 text=
SRCH base="ou=users,dc=example,dc=com" scope=0 deref=0 filter="(|(uid=anarion)(mail=anarion)(?username=anarion)(?sAMAccountName=anarion))"
SEARCH RESULT tag=101 err=0 qtime=0.000019 etime=0.000192 nentries=0 text=

so 0 entries/results.

when I do the same using ldapsearch command, I get:

BIND dn="cn=admin,dc=example,dc=com" method=128
BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE bind_ssf=0 ssf=0
RESULT tag=97 err=0 qtime=0.000031 etime=0.000507 text=
SRCH base="ou=users,dc=example,dc=com" scope=2 deref=0 filter="(|(uid=anarion)(mail=anarion)(?username=anarion)(?sAMAccountName=anarion))"
RESULT tag=101 err=0 qtime=0.000045 etime=0.000888 nentries=1 text=

So the user is found. The only difference is scope.

In your code you seem to be using the default, which is base (or 0) link:
ldapClient.search(process.env.CLOUDRON_LDAP_USERS_BASE_DN, { filter: filter }, function (error, result)
while ldapsearch command by default uses sub which is wholeSubtree.

I think that we can't really search for users in a tree using base, as that's only the level of base DN.
Can you consider adding the scope attribute there?

Or how are you using LDAP otherwise?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@anarion80