TheHive
TheHive copied to clipboard
TheHive-Project
[Bug] LDAP authentication - user xyz not found
Request Type
Bug
Work Environment
| Software | Version |
|---|---|
| CentOS | 8 |
| TheHive | 4.1.3-1 |
| Keycloak | 14.0.0 |
Problem
Hi, I have problem with LDAP authentication. I have a ldap server with accounts. I configured TheHive LDAP authentication but there is a problem with authentication. I know that the user is available because I can log in as the user on another Linux server using sssd. When I use this command on the Hive server side:
- ldapsearch -x -b "dc=ldap,dc=something,dc=org" -h ldap.something.org -D "cn=readonly,ou=people,dc=ldap,dc=something,dc=org" -W "(objectClass=posixAccount)"
The command works, I get all accounts and I can see xyz user.
Any idea ?
Configuration
... { name: ldap hosts: ["ldap.something.org"] bindDN: "cn=readonly,ou=people,dc=ldap,dc=something,dc=org" bindPW: "my_password" baseDN: "dc=ldap,dc=something,dc=org" filter: "(objectClass=posixAccount)" useSSL: no } ...
Logs
2021-08-11 11:37:48,315 [WARN] from org.thp.thehive.services.TOTPAuthSrv in application-akka.actor.default-dispatcher-12 - ldap fails: org.thp.scalligraph.NotFoundError: User xyz not found
@nadouani I actually have this issue as well. I attempted to migrated my previous 3.x TheHive to RockyLinux 8 from a Red Hat 7 Server and was having issues. I instead cloned my Red Hat 7 Server and performed the migration on the Red Hat 7 Host. The Migration worked on the Red Hat 7 clone, and I am able to access TheHive and view any preexisting LDAP users. I then performed a backup of Cassandra and Elasticsearch and Restored the backup files to the RockyLinux 8 Server. I also copied the /etc/thehive/application.conf from the RHEL7 Host (running TheHive 4.1.9-1), to the RockyLinux Host. On the RockyLinux8 Host, I get the same error that @WingerHusar is getting.
2021-08-18 07:48:55,727 [WARN] from org.thp.thehive.services.TOTPAuthSrv in application-akka.actor.default-dispatcher-10 [00000003|] local fails: org.thp.scalligraph.AuthenticationError: Authentication failure
2021-08-18 07:48:55,727 [WARN] from org.thp.thehive.services.TOTPAuthSrv in application-akka.actor.default-dispatcher-10 [00000003|] ldap fails: org.thp.scalligraph.NotFoundError: User xyz not found
Environment where TheHive is not working:
| Software | Version |
|---|---|
| RockyLinux | 8 |
| TheHive | 4.1.9-1 |
Environment where TheHive is working:
| Software | Version |
|---|---|
| Red Hat Enterprise Linux | 7 |
| TheHive | 4.1.9-1 |
I still have both the Red Hat 7 VM and RockyLinux 8 Server available if there are additional logs that I could provide to assist.
@nadouani The user doesn't exist in TheHive. But there shouldn't be autocreation or something like that ?
For example. I have a user in LDAP server and I have configured linking with LDAP server and I can log into TheHive by a user from LDAP server.
Something like sssd.
I am facing the same issue. I am not able to auto-create user in thehive. As mentioned in the doc - https://docs.thehive-project.org/thehive/installation-and-configuration/configuration/authentication/#user-autocreation I followed the steps mentioned in the doc and trying to login into the hive using openldap credentials but still not able to login. (The user is not created in thehive)
@nadouani @WingerHusar can you guys help me with this
Or is it like if you are trying to login to thehive using openldap credentials then it's a rule that you have to make a user in thehive ( without giving password ) as in openldap ?