ma1sd
ma1sd copied to clipboard
"Bind was found but type uid is not supported" - Looking up LDAP user names (lowercase/uppercase)
https://github.com/ma1uta/ma1sd/pull/71 is expected to fix this problem, however I'm still running into an issue. As can be seen in the logs the users are actually found but no result is given to Element due to the error message Bind was found but type uid is not supported
.
In the logs when doing a search via Element I have:
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Performing search for 'xx00001'
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Original request URL: http://matrix.domain.local/_matrix/client/r0/user_directory/search
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Querying HS at http://localhost:8008/_matrix/client/r0/user_directory/search
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Found 0 match(es) in HS for 'xx00001'
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Using Directory provider LdapDirectoryProvider
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Performing LDAP directory search on display name using 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Found possible match, DN: CN=lastname name,OU=corporate,DC=domain,DC=local
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - DN CN=lastname name,OU=corporate,DC=domain,DC=local is a valid match
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapBackend - UID XX00001 from LDAP has been changed to lowercase to match the Synapse specifications
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] WARN io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Bind was found but type uid is not supported
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Display name: found 0 match(es) for 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Performing LDAP directory search on 3PIDs using 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Found possible match, DN: CN=lastname name,OU=corporate,DC=domain,DC=local
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - DN CN=lastname name,OU=corporate,DC=domain,DC=local is a valid match
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapBackend - UID XX00001 from LDAP has been changed to lowercase to match the Synapse specifications
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] WARN io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Bind was found but type uid is not supported
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Threepid: found 0 match(es) for 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Total matches: 0 - limited? false
My ma1sd configuration has:
ldap:
enabled: true
lookup: true # hash lookup
activeDirectory: true
defaultDomain: 'domain.local'
connection:
host: 'addc1.domain.local'
port: 389
bindDn: 'CN=matrixldapuser,OU=services,OU=corporate,DC=domain,DC=local'
bindPassword: 'xxxxxxx'
baseDNs:
- 'OU=corporate,DC=domain,DC=local'
attribute:
uid:
type: 'uid' # or mxid
value: 'sAMAccountName'
name: 'displayName'
identity:
filter: '(objectClass=inetOrgPerson)'
If it's a configuration issue on my side it would be nice if someone could tell me what needs to be changed.
To answer myself, removing activeDirectory: true
appears to fix the problem.
Hi, sorry never saw this. I did the patch back then but still don't have Synapse in use...
I'm not very familiar with the code/all the specifications.
The error seems to happen in the search function here:
https://github.com/ma1uta/ma1sd/blob/ae5864cd91f7db57c3a99b7847c3c327980e74e8/src/main/java/io/kamax/mxisd/backend/ldap/LdapDirectoryProvider.java#L76-L84
I think the exception is thrown in line 79 where something is broken when activeDirectory: true
(in that case the a UPN
object is used to get the localpart and this expects a @
in the UID -> not present -> throws the IllegalArgumentException
).
But in that case there should be line 76 present in the logs so I cannot really follow :sweat_smile:
Could you maybe try to search login@domain
and see if it also happens then?
I can confirm that the issue is still present (ma1sd version 2.5.0). Setting activeDirectory
to false
still seems to mitigate the issue.