Rocket.chat: LDAP login problem after update
Hi guys
I have problem to login with LDAP to rocket chat
the issue coming after auto update to version 0.59.1
i see on the log:
�[34mI20171022-16:16:28.989(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAP ➔ Connection.info LDAP connected �[34mI20171022-16:16:28.990(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAP ➔ Bind.info Binding UserDN rocket.[email protected] �[34mI20171022-16:16:28.994(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAP ➔ Search.info Searching user efih �[34mI20171022-16:16:28.997(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAP ➔ Search.debug searchOptions { filter: '(&(&(objectCategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=ROCKET_ACCESS,CN=Users,DC=mydomain,DC=local)(sAMAccountName=#{username}))(sAMAccountName=efih))', scope: 'sub', sizeLimit: 1000, paged: { pageSize: 250, pagePause: false } } �[34mI20171022-16:16:28.998(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAP ➔ Search.debug BaseDN DC=mydomain,DC=local �[34mI20171022-16:16:29.004(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAP ➔ Search.info Search result count 0 �[34mI20171022-16:16:29.006(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAPHandler ➔ info Search returned 0 record(s) for efih �[34mI20171022-16:16:29.008(3) rocketchat_logger rocketchat_logger.js:375 �[31mLDAPHandler ➔ error [Error: User not Found] �[34mI20171022-16:16:30.004(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAP ➔ Search.info Idle �[34mI20171022-16:16:30.005(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAP ➔ Connection.info Disconecting �[34mI20171022-16:16:30.008(3) rocketchat_logger rocketchat_logger.js:375 �[34mLDAP ➔ Search.info Closed
my LDAP filter:
(&(objectCategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=ROCKET_ACCESS,CN=Users,DC=mydomain,DC=local)(sAMAccountName=#{username}))
please help
efih
All 8 comments
I had the same issue, had to remove the variables from the search filter: "(sAMAccountName=#{username})"
skfin
on 22 Oct 2017
thanks its work
any one know how can cancel auto-update ?
the rocket chat installed on Ubuntu server and for some reason the service updated automatically
efih
on 23 Oct 2017
We are using both:
(mail=#{username}) and (sAMAccountName=#{username})
And some users can't login anymore:
LDAP âž” Search.info Search result count 0
LDAPHandler âž” info Search returned 0 record(s) for USERNAME
LDAPHandler âž” error [Error: User not Found]
maxdwit
on 23 Oct 2017
@maxdwit If you look at the output by setting the log level to trace, you'll see that your query is most likely wrong. We had our filter set to (&(objectCategory=person)(objectclass=user)(sAMAccountName=#{username})) which worked prior to the update. However, it not returns LDAP âž” Search.info Search result count 0 in the logs, and if you dig a little deeper, you'll see that it's transforming that query into (&(&(objectCategory=person)(objectclass=user)(sAMAccountName=#{username}))(sAMAccountName=joe.user)), which is syntactically incorrect. In order to fix it, we changed our filter to (objectCategory=person)(objectclass=user), and LDAP is now completing the query using the value in the Search Field field below. Ours is set to sAMAccountName, so the resulting LDAP query generated is (&(objectCategory=person)(objectclass=user)(sAMAccountName=joe.user))
jeffrapp
on 23 Oct 2017
We too are having similar problems. We have a user group to filter who can use our rocket.chat system.
It appears to be attempting to create new users that already exist in the system.
LDAPSync âž” debug user.name changed to: SANITIZED USERNAME
LDAPSync âž” debug New user data { username: 'SANITIZED USERNAME', email: 'SANITIZED [email protected]' }
rocketchat_logger rocketchat_logger.js:375
LDAPSync âž” error Error creating user { [Error: Username already exists. [403]] isClientSafe: true, error: 403, reason: 'Username already exists.', details: undefined, message: 'Username already exists. [403]', errorType: 'Meteor.Error' }
Exception in callback of async function: Error: Username already exists. [403] at handleError (/snap/rocketchat-server/1172/programs/server/packages/accounts-password.js:161:15) at checkForCaseInsensitiveDuplicates (/snap/rocketchat-server/1172/programs/server/packages/accounts-password.js:302:7) at createUser (/snap/rocketchat-server/1172/programs/server/packages/accounts-password.js:1140:3) at AccountsServer.Accounts.createUser (/snap/rocketchat-server/1172/programs/server/packages/accounts-password.js:1202:10) at addLdapUser (/snap/rocketchat-server/1172/programs/server/packages/rocketchat_ldap.js:1294:29) at /snap/rocketchat-server/1172/programs/server/packages/rocketchat_ldap.js:1345:5 at Array.forEach (native) at /snap/rocketchat-server/1172/programs/server/packages/rocketchat_ldap.js:1327:13 at runWithEnvironment(packages/meteor.js:1188:24)`
We've tried changing our user search filter the group name we're using and it still throws the error.
The 'SANITIZED USERNAME' already exists in the system, and has been using rocket.chat for quite some time.
cmoore-mayesh
on 23 Oct 2017
We have the same Problem with LDAP sync and existing users - is this adressed in the PR?
[34mI20171024-15:28:41.219(2) rocketchat_logger.js:375 [34mLDAPSync âž” debug userQuery { 'services.ldap.id': 'IDtexttext' }
[34mI20171024-15:28:41.225(2) rocketchat_logger.js:375 [34mLDAPSync âž” debug user.name changed to: surname, name
[34mI20171024-15:28:41.226(2) rocketchat_logger.js:375 [34mLDAPSync âž” debug New user data { username: 'name.surname', email: [email protected]' }
[34mI20171024-15:28:41.232(2) rocketchat_logger rocketchat_logger.js:375 [31mLDAPSync âž” error Error creating user { [Error: Username already exists. [403]] isClientSafe: true, error: 403, reason: 'Username already exists.', details: undefined, message: 'Username already exists. [403]', errorType: 'Meteor.Error' }
[34mI20171024-15:28:41.233(2) Exception in callback of async function: Error: Username already exists. [403] at handleError (/snap/rocketchat-server/1172/programs/server/packages/accounts-password.js:161:15) at checkForCaseInsensitiveDuplicates (/snap/rocketchat-server/1172/programs/server/packages/accounts-password.js:302:7) at createUser (/snap/rocketchat-server/1172/programs/server/packages/accounts-password.js:1140:3) at AccountsServer.Accounts.createUser (/snap/rocketchat-server/1172/programs/server/packages/accounts-password.js:1202:10) at addLdapUser (/snap/rocketchat-server/1172/programs/server/packages/rocketchat_ldap.js:1294:29) at /snap/rocketchat-server/1172/programs/server/packages/rocketchat_ldap.js:1345:5 at Array.forEach (native) at /snap/rocketchat-server/1172/programs/server/packages/rocketchat_ldap.js:1327:13 at runWithEnvironment (packages/meteor.js:1188:24)
ArchimedesFM
on 24 Oct 2017
Yeah -- the problem being there was a switch between binary and hex somewhere along the way and the ObjectGUID was getting converted and not matching what was already in the database. The 0.59.2 update (when released) should fix the issue.
cmoore-mayesh
on 24 Oct 2017
i have same issue on 0.59.3.
ledainam
on 1 Nov 2017
Related issues
lunitic
·
3Comments
neha1deshmukh
·
3Comments
danpospisil
·
3Comments
karlprieb
·
3Comments
royalaid
·
3Comments
Most helpful comment
I had the same issue, had to remove the variables from the search filter: "(sAMAccountName=#{username})"