Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP log in issue with version 3.0.10.112 #3933

Closed
hitenmandalia opened this issue Nov 10, 2023 · 2 comments
Closed

LDAP log in issue with version 3.0.10.112 #3933

hitenmandalia opened this issue Nov 10, 2023 · 2 comments

Comments

@hitenmandalia
Copy link

hitenmandalia commented Nov 10, 2023
edited
Loading

Steps to reproduce

  1. Upgrade version 3.0.10.79
  2. Log in using existing AD account

Expected behaviour

AD user should be able to log in

Actual behaviour

In progress bar continuously turning

Server configuration

Operating system: Alpine Linux

Web server: Nginx

Database: MySQL 8

PHP version: 8

Teampass version: 3.0.10.112

Teampass configuration file:

<?php                                                                                                                                                            
global $SETTINGS;                                                                                                                                                
$SETTINGS = array (                                                                                                                                              
    'max_latest_items' => '10',                                 
    'enable_favourites' => '1',                                 
    'show_last_items' => '1',                                                                                                                                    
    'enable_pf_feature' => '0',                                                                                                                                  
    'log_connections' => '1',                                                                                                                                    
    'log_accessed' => '1',                                                                                                                               
    'time_format' => 'H:i:s',                            
    'date_format' => 'd/m/Y',                                                                                                                            
    'duplicate_folder' => '1',                                                                                                                                   
    'item_duplicate_in_same_folder' => '0',                                                                                                                      
    'duplicate_item' => '1',                                                                                                                                     
    'number_of_used_pw' => '3',                                                              
    'manager_edit' => '1',                                                                                                                               
    'cpassman_dir' => '/var/www/html',                                                                                                                           
    'cpassman_url' => 'https://password.xxxxxx.tech',                                                                                                        
    'favicon' => 'https://www.xxxxxx.com/media/favicon.png',                                                                                                 
    'path_to_upload_folder' => '/var/www/html/upload',                                       
    'path_to_files_folder' => '/var/www/html/files',                                         
    'url_to_files_folder' => 'http://localhost/files',                                                                                                   
    'activate_expiration' => '0',                                                                                                                                
    'pw_life_duration' => '0',                                                                                                                                   
    'maintenance_mode' => '0',                                                                                                                                   
    'enable_sts' => '0',                                                                     
    'encryptClientServer' => '1',                         
    'teampass_version' => '3.0.10',                                                                                                                              
    'ldap_mode' => '1',                                                                                                                                          
    'ldap_type' => 'ActiveDirectory',                                                                                                                            
    'ldap_suffix' => '0',                                                                   
    'ldap_domain_dn' => '0',                                                                 
    'ldap_domain_controler' => '0',                                                                                                                      
    'ldap_user_attribute' => 'samaccountname',                                                                                                                   
    'ldap_ssl' => '0',                                                 
    'ldap_tls' => '0',                                                                                                                                           
    'ldap_search_base' => '0',
    'ldap_port' => '389',                                
    'richtext' => '0',                                                                                                                                           
    'allow_print' => '0',                                       
    'roles_allowed_to_print' => '0',                                                                                                                             
    'show_description' => '0',                                                                                                                                   
    'anyone_can_modify' => '0',                                                                                                                                  
    'anyone_can_modify_bydefault' => '0',                                                                                                                        
    'nb_bad_authentication' => '0',                             
    'utf8_enabled' => '1',                                                                                                                                       
    'restricted_to' => '0',                              
    'restricted_to_roles' => '0',                                                                                                                                
    'enable_send_email_on_user_login' => '0',                   
    'enable_user_can_create_folders' => '0',                                                                                                                     
    'insert_manual_entry_item_history' => '0',                  
    'enable_kb' => '0',                                                                                                                                          
    'enable_email_notification_on_item_shown' => '0',           
    'enable_email_notification_on_user_pw_change' => '0',                                                                                                        
    'custom_logo' => '',
    'custom_login_text' => '',                                  
    'default_language' => 'english',                                   
    'send_stats' => '0',                                                                                                                                         
    'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysq
    'send_stats_time' => '1690977063',                          
    'get_tp_info' => '0',                                                                   
    'send_mail_on_user_login' => '0',                           
    'nb_items_by_query' => 'auto',                                                                                                                               
    'enable_delete_after_consultation' => '0',           
    'enable_personal_saltkey_cookie' => '0',                                                                                                                     
    'personal_saltkey_cookie_duration' => '31',                 
    'email_smtp_server' => 'email-smtp.xxxxxx.amazonaws.com',                            
    'email_smtp_auth' => '1',                        
    'email_auth_username' => 'AKIAxxxxxxxxxx',                                                                                                             
    'email_auth_pwd' => 'BCQkXaJ034m3xxxxxxxxxxWvFVpVl0MnW',                                                                                          
    'email_port' => '587',                                     
    'email_security' => 'tls',                                                                                                                                   
    'email_server_url' => '',                                   
    'email_from' => 'passwordmanager@xxxxxx.com',                                                                                                            
    'email_from_name' => 'Password',                                                                                                                
    'pwd_maximum_length' => '100',                                                                                                                               
    'google_authentication' => '1',                                                                                                                              
    'delay_item_edition' => '0',                                                            
    'allow_import' => '0',                                                                                                                                       
    'proxy_ip' => '',                                    
    'proxy_port' => '',                                                                                                                                          
    'upload_maxfilesize' => '10mb',                             
    'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',                                                                     
    'upload_imagesext' => 'jpg,jpeg,gif,png',                   
    'upload_pkgext' => '7z,rar,tar,zip',                                                                                                                         
    'upload_otherext' => 'sql,xml',                             
    'upload_imageresize_options' => '1',                                                                                                                         
    'upload_imageresize_width' => '800',                                                                                                                         
    'upload_imageresize_height' => '600',                       
    'upload_imageresize_quality' => '90',                              
    'use_md5_password_as_salt' => '0',                                                                                                                           
    'ga_website_name' => 'Password',                                                                                                                
    'api' => '0',                                               
    'subfolder_rights_as_parent' => '1',                                                    
    'show_only_accessible_folders' => '1',                      
    'enable_suggestion' => '0',                                                                                                                                  
    'otv_expiration_period' => '1',                      
    'default_session_expiration_time' => '60',                                                                                                                   
    'duo' => '0',                                               
    'enable_server_password_change' => '0',                                                 
    'ldap_object_class' => '0',                      
    'bck_script_path' => '/var/www/html/backups',                                                                                                                
    'bck_script_filename' => 'bck_teampass',                                                                                                                     
    'syslog_enable' => '0',                        
    'syslog_host' => 'localhost',                                                                                                                                
    'syslog_port' => '514',                                     
    'manager_move_item' => '0',                                                                                                                                  
    'create_item_without_password' => '0',                      
    'otv_is_enabled' => '0',                                                                                                                                     
    'agses_authentication_enabled' => '0',                                                                                                                       
    'item_extra_fields' => '0',                                                                                                                                  
    'saltkey_ante_2127' => 'none',                                                                                                                               
    'migration_to_2127' => 'done',                                                                                                                       
    'files_with_defuse' => 'done',                                                                                                                               
    'timezone' => 'UTC',                                                                     
    'enable_attachment_encryption' => '1',                                                                                                                       
    'personal_saltkey_security_level' => '50',                                               
    'ldap_new_user_is_administrated_by' => '0',                                                                                                                  
    'disable_show_forgot_pwd_link' => '0',                                                                                                               
    'offline_key_level' => '0',                                                                                                                                  
    'enable_http_request_login' => '0',                         
    'ldap_and_local_authentication' => '0',                                                                                                                      
    'secure_display_image' => '1',                                                                                                                               
    'upload_zero_byte_file' => '0',                                                                                                                      
    'upload_all_extensions_file' => '1',                                                                                                                 
    'bck_script_passkey' => 'zSdyLcM2TdPUrgzemXdpZ3xxxxxxxxxxx',                                                                                          
    'admin_2fa_required' => '0',                                                                                                                                 
    'password_overview_delay' => '4',                                                        
    'copy_to_clipboard_small_icons' => '1',                                                  
    'duo_ikey' => '',                                                                                                                                    
    'duo_skey' => '',                                                                                                                                            
    'duo_host' => '',                                    
    'duo_failmode' => 'secure',                                                                                                                                  
    'roles_allowed_to_print_select' => '',                                                   
    'clipboard_life_duration' => '30',                                                                                                                   
    'mfa_for_roles' => '',                                                                                                                               
    'tree_counters' => '1',                                                                                                                                      
    'settings_offline_mode' => '0',                                                                                                                              
    'settings_tree_counters' => '0',
    'enable_massive_move_delete' => '0',                               
    'email_debug_level' => '0',                                                                                                                                  
    'ga_reset_by_user' => '1',                                  
    'onthefly-backup-key' => '',                                                                                                                                 
    'onthefly-restore-key' => '',                               
    'ldap_user_dn_attribute' => '',                                                                                                                              
    'ldap_dn_additional_user_dn' => '',                                                                                                                          
    'ldap_user_object_filter' => '(&(objectcategory=person)(memberof=cn=teampassaccessgroup,ou=xxx,ou=groups,dc=ad,dc=xxx,dc=com))',        
    'ldap_bdn' => 'dc=ad,dc=xxxx,dc=com',                                                                                                                  
    'ldap_hosts' => '10.x.x.x,10.x.x.xx',                                                                                                           
    'ldap_password' => 'xxxxxd!23',                                                                                                                            
    'ldap_username' => 'cn=Svc_TeamPass_LDAP,ou=Service Accounts,dc=ad,dc=xxxxx,dc=com',
    'api_token_duration' => '60',                                                                                                                                
    'enable_tasks_manager' => '1',                                                                                                                       
    'task_maximum_run_time' => '300',                                                                                                                            
    'tasks_manager_refreshing_period' => '20',                                                                                                           
    'maximum_number_of_items_to_treat' => '100',                                                                                                                 
    'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',                                   
    'enable_tasks_log' => '1',                                                                                                                                   
    'upgrade_timestamp' => '1699629688',                                                                                                                         
    'enable_ad_users_with_ad_groups' => '1',                                                                                                             
    'enable_ad_user_auto_creation' => '0',                                                                                                               
    'ldap_group_object_filter' => '(extensionattribute7=teampassgroup)',                                                                                         
    'ldap_guid_attibute' => 'extensionattribute8',                                                                                                               
    'sending_emails_job_frequency' => '2',                                                                                                               
    'user_keys_job_frequency' => '1',                                                        
    'items_statistics_job_frequency' => '5',                                                                                                             
    'users_personal_folder_task' => '',                                                                                                                          
    'clean_orphan_objects_task' => 'saturday;05:00',                                         
    'purge_temporary_files_task' => 'saturday;00:00',                                                                                                            
    'rebuild_config_file' => '',                                                                                                                         
    'reload_cache_table_task' => 'saturday;03:00',                                                                                                       
    'maximum_session_expiration_time' => '60',                                                                                                           
    'rebuild_config_file_task' => 'saturday;01:30',                                                                                                              
    'items_ops_job_frequency' => '1',                                                                                                                            
);

Updated from an older Teampass or fresh install:
Upgrade from version 3.0.10.79

Client configuration

Browser:

Operating system:

Logs

Web server error log

(username and password removed for obvious reasons)


2023-11-10 15:36:01,229 INFO reaped unknown pid 200 (exit status 0)
[10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP Deprecated:  Creation of dynamic property TeampassClasses\PerformChecks\PerformChecks::$postType is deprecated in /var/www/html/includes/libraries/teampassclasses/performchecks/src/PerformChecks.php on line 35"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP Stack trace:"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP   1. {main}() /var/www/html/sources/identify.php:0"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP   2. TeampassClasses\PerformChecks\PerformChecks->__construct($postType = ['type' => 'get2FAMethods'], $sessionVar = ['user_id' => 0, 'user_key' => 'P3gR2cW3Znwn5p3MaSqznMQdz5RTS5Lxxxxxxxxxxxxxxxxx', 'CPM' => 1, 'login' => 'xxxx.xxxxx']) /var/www/html/sources/identify.php:62"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP Deprecated:  Creation of dynamic property TeampassClasses\PerformChecks\PerformChecks::$sessionVar is deprecated in /var/www/html/includes/libraries/teampassclasses/performchecks/src/PerformChecks.php on line 36"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP Stack trace:"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP   1. {main}() /var/www/html/sources/identify.php:0"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP   2. TeampassClasses\PerformChecks\PerformChecks->__construct($postType = ['type' => 'get2FAMethods'], $sessionVar = ['user_id' => 0, 'user_key' => 'P3gR2cW3Znwn5p3MaSqznMQdz5RTS5LRxxxxxxxxxxxxx', 'CPM' => 1, 'login' => 'xxxx.xxxxx']) /var/www/html/sources/identify.php:62"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Deprecated:  Creation of dynamic property TeampassClasses\PerformChecks\PerformChecks::$postType is deprecated in /var/www/html/includes/libraries/teampassclasses/performchecks/src/PerformChecks.php on line 35"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Stack trace:"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP   1. {main}() /var/www/html/sources/identify.php:0"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP   2. TeampassClasses\PerformChecks\PerformChecks->__construct($postType = ['type' => 'identify_user'], $sessionVar = ['user_id' => 0, 'user_key' => 'P3gR2cW3Znwn5p3MaSqznMQdz5RTSxxxxxxxxxxxxx', 'CPM' => 1, 'login' => 'xxxx.xxxxx']) /var/www/html/sources/identify.php:62"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Deprecated:  Creation of dynamic property TeampassClasses\PerformChecks\PerformChecks::$sessionVar is deprecated in /var/www/html/includes/libraries/teampassclasses/performchecks/src/PerformChecks.php on line 36"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Stack trace:"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP   1. {main}() /var/www/html/sources/identify.php:0"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP   2. TeampassClasses\PerformChecks\PerformChecks->__construct($postType = ['type' => 'identify_user'], $sessionVar = ['user_id' => 0, 'user_key' => 'P3gR2cW3Znwn5p3Mxxxxxxxxxxxxxx', 'CPM' => 1, 'login' => 'xxxx.xxxxx']) /var/www/html/sources/identify.php:62"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Fatal error:  Uncaught TypeError: userIsEnabled(): Return value must be of type array, bool returned in /var/www/html/sources/ldap.activedirectory.php:93"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "Stack trace:"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#0 /var/www/html/sources/identify.php(1202): userIsEnabled('CN=xxxx xxxxx...', Object(LdapRecord\Connection))"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#1 /var/www/html/sources/identify.php(2317): authenticateThroughAD('xxxx.xxxxx', Array, 'xxxxxxxxx', Array)"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#2 /var/www/html/sources/identify.php(289): identifyDoLDAPChecks(Array, Array, 'xxxx.xxxxx', 'xxxxxxxxx', 0, '', 2)"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#3 /var/www/html/sources/identify.php(132): identifyUser('eyJjaXBoZXJ0ZXh...', Array)"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "#4 {main}"
[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "  thrown in /var/www/html/sources/ldap.activedirectory.php on line 93"

Log from the web-browser developer console (CTRL + SHIFT + i)

Insert the log here and especially the answer of the query that failed.

The issue seems to be from the check to see if the AD user is active by look at the following in the error log:

[10-Nov-2023 15:32:32] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Fatal error: Uncaught TypeError: userIsEnabled(): Return value must be of type array, bool returned in /var/www/html/sources/ldap.activedirectory.php:93"
@hitenmandalia hitenmandalia changed the title LDAP logging with version 3.0.10.112 LDAP log in issue with version 3.0.10.112 Nov 10, 2023
@nilsteampassnet
Copy link
Owner

Oops Code mistake (cannot test AD).
Please open file sources/ldap.activedirectory.php
Replace

 * @return array
 */
function userIsEnabled(string $userDN, Connection $connection): array
{

by

 * @return bool
 */
function userIsEnabled(string $userDN, Connection $connection): bool
{

@hitenmandalia
Copy link
Author

@nilsteampassnet Perfect. works :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nilsteampassnet @hitenmandalia