TeamPass
TeamPass copied to clipboard
nilsteampassnet
Error when listing users in AD LDAP even though configuration appears to be correct
Steps to reproduce
- Configure LDAP settings for AD under Settings, LDAP
- Test the configuration
- No errors reported
- Go to Users, LDAP Synchronization
Expected behaviour
Users should be listed
Actual behaviour
"In progress" spins endlessly and errors are logged
Server configuration
Ubuntu 20.04
Web server: Apache 2.4.41
Database: 10.3.34-MariaDB-0ubuntu0.20.04.1
PHP version: PHP 7.4.3
Teampass version: 3.0.0.19 fresh install
Client configuration
Browser: Firefox, Chrome etc.
Operating system: Windows 11, Windows 10
Logs
Web server error log
[Thu Sep 22 15:22:48.559202 2022] [php7:error] [pid 1341] [client 192.168.1.202:55987] PHP Fatal error: Uncaught ErrorException: ldap_search(): Search: Invalid DN syntax in /var/www/html/TeamPass/includes/libraries/LdapRecord/Ldap.php:235\nStack trace:\n#0 [internal function]: LdapRecord\\Ldap->LdapRecord\\{closure}()\n#1 /var/www/html/TeamPass/includes/libraries/LdapRecord/Ldap.php(235): ldap_search()\n#2 /var/www/html/TeamPass/includes/libraries/LdapRecord/HandlesConnection.php(171): LdapRecord\\Ldap->LdapRecord\\{closure}()\n#3 /var/www/html/TeamPass/includes/libraries/LdapRecord/Ldap.php(237): LdapRecord\\Ldap->executeFailableOperation()\n#4 /var/www/html/TeamPass/includes/libraries/LdapRecord/Query/Builder.php(656): LdapRecord\\Ldap->search()\n#5 /var/www/html/TeamPass/includes/libraries/LdapRecord/Connection.php(394): LdapRecord\\Query\\Builder->LdapRecord\\Query\\{closure}()\n#6 /var/www/html/TeamPass/includes/libraries/LdapRecord/Connection.php(352): LdapRecord\\Connection->runOperationCallback()\n#7 /var/www/html/TeamPass/includes/libraries/LdapRecord/Query/Builder.php(658): LdapRecord\\Connection->run()\n#8 /var/www/html/T in /var/www/html/TeamPass/includes/libraries/LdapRecord/LdapRecordException.php on line 26, referer: http://teampass.<redacted>/index.php?page=users
Log from the web-browser developer console
jquery.min.js:2 POST http://teampass.<redacted>/sources/users.queries.php 500 (Internal Server Error)
@JimmiG change the settings User Distinguished name: distinguishedname User name attribute: samaccountname Additional User DN: OU=Users,OU=example
Thanks, that still didn't work but it set me on the path to finally find settings that work.
Base dn: dc=example,dc=com (dc/domain only, no OU= or CN= here)
Username: cn=Teampass,OU=System accounts,DC=example,DC=com (apparently full path including dc needed here)
User Distinguished Name: distinguishedname (though it seems to work fine when left blank, too, at least in my case)
User name attribute: initials (personal preference, but this is what we want the username to show up as)
Additional User DN: OU=Employees log in (OU/CN Only! No "dc=example,dc=com" added after here)
There seems to be two issues that make configuring LDAP more difficult than it needs to be. All the documentation and screenshots show the old (2.x?) GUI, which has different fields and different names for some fields The "Test current configuration" option tends to pass even when the configuration is incorrect, defeating the purpose having such an option in the first place.
@JimmiG this settings worked for me with version 3.0.0.18. https://github.com/nilsteampassnet/TeamPass/issues/3309#issuecomment-1243487118
https://github.com/nilsteampassnet/TeamPass/issues/3309#issuecomment-1243523132
@JimmiG,
The interface should be made more clear on the settings en testing. You actually can't test the LDAP listing part of the settings. You can only go to users->ldap synchr... to test the listing. The credentials test is a totally different test that only checks if a certain user can authenticate againt ldap. So i would opt for better description on what is explicitly needed (like the User Object filter) and an extra test button to test the user listing functionallity.
