ma1sd icon indicating copy to clipboard operation
ma1sd copied to clipboard

Published 20 hours ago verified publisher icon ma1uta

"Bind was found but type uid is not supported" - Looking up LDAP user names (lowercase/uppercase)

Open tgurr opened this issue 3 years ago • 3 comments

https://github.com/ma1uta/ma1sd/pull/71 is expected to fix this problem, however I'm still running into an issue. As can be seen in the logs the users are actually found but no result is given to Element due to the error message Bind was found but type uid is not supported.

In the logs when doing a search via Element I have:

Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Performing search for 'xx00001'
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Original request URL: http://matrix.domain.local/_matrix/client/r0/user_directory/search
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Querying HS at http://localhost:8008/_matrix/client/r0/user_directory/search
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Found 0 match(es) in HS for 'xx00001'
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Using Directory provider LdapDirectoryProvider
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Performing LDAP directory search on display name using 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Found possible match, DN: CN=lastname name,OU=corporate,DC=domain,DC=local
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - DN CN=lastname name,OU=corporate,DC=domain,DC=local is a valid match
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapBackend - UID XX00001 from LDAP has been changed to lowercase to match the Synapse specifications
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] WARN io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Bind was found but type uid is not supported
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Display name: found 0 match(es) for 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Performing LDAP directory search on 3PIDs using 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Found possible match, DN: CN=lastname name,OU=corporate,DC=domain,DC=local
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - DN CN=lastname name,OU=corporate,DC=domain,DC=local is a valid match
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapBackend - UID XX00001 from LDAP has been changed to lowercase to match the Synapse specifications
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] WARN io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Bind was found but type uid is not supported
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Threepid: found 0 match(es) for 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Total matches: 0 - limited? false

My ma1sd configuration has:

ldap:
  enabled: true
  lookup: true # hash lookup
  activeDirectory: true
  defaultDomain: 'domain.local'
  connection:
    host: 'addc1.domain.local'
    port: 389
    bindDn: 'CN=matrixldapuser,OU=services,OU=corporate,DC=domain,DC=local'
    bindPassword: 'xxxxxxx'
    baseDNs:
      - 'OU=corporate,DC=domain,DC=local'
  attribute:
    uid:
      type: 'uid' # or mxid
      value: 'sAMAccountName'
    name: 'displayName'
  identity:
    filter: '(objectClass=inetOrgPerson)'

If it's a configuration issue on my side it would be nice if someone could tell me what needs to be changed.

tgurr avatar Jun 22 '21 12:06 tgurr

To answer myself, removing activeDirectory: true appears to fix the problem.

tgurr avatar Jun 22 '21 13:06 tgurr

Hi, sorry never saw this. I did the patch back then but still don't have Synapse in use...

I'm not very familiar with the code/all the specifications.

The error seems to happen in the search function here: https://github.com/ma1uta/ma1sd/blob/ae5864cd91f7db57c3a99b7847c3c327980e74e8/src/main/java/io/kamax/mxisd/backend/ldap/LdapDirectoryProvider.java#L76-L84 I think the exception is thrown in line 79 where something is broken when activeDirectory: true (in that case the a UPN object is used to get the localpart and this expects a @ in the UID -> not present -> throws the IllegalArgumentException).

But in that case there should be line 76 present in the logs so I cannot really follow :sweat_smile:

Could you maybe try to search login@domain and see if it also happens then?

q-wertz avatar Jun 19 '22 07:06 q-wertz

I can confirm that the issue is still present (ma1sd version 2.5.0). Setting activeDirectory to false still seems to mitigate the issue.

tobast avatar Jul 01 '24 12:07 tobast