TeamPass
TeamPass copied to clipboard
nilsteampassnet
LDAP: Only the first 1000 groups are selectable for role to group mapping
Steps to reproduce
- Install Teampass to the latest Master
- Configure LDAP authentication with Active Directory
LDAP Configuration
Hosts: 10.146.149.180 LDAP Port: 389 Base DN: DC=automation,DC=cilag,DC=intern Username: CN=ADS Read,OU=XYZ,,DC=my,DC=domain,DC=com Password: abcde User Distinguished Name: distinguishedname User name attribute: samaccountname Additional User DN: User Object Filter: (memberof=CN=Teampass-User,OU=TeamPass,OU=XYZ,DC=my,DC=domain,DC=com) AD Group ObjectClasses attribute: top,group LDAP server type: Active Directory Local and LDAP users: No AD user roles mapped with their AD groups: Yes LDAP GUID attribute: objectguid
Expected behaviour
As there is no group filter configurable in the dialog, all AD groups should be visible.
Actual behaviour
Only the first 1000 groups are shown.
Server configuration
Operating system: Debian 12.7 Web server: Apache 2.4.62 Database: 10.11.6-MariaDB-0+deb12u1 PHP version: PHP Version 8.2.20 Teampass version: Master from Github (Oct 16, 2024) Teampass configuration file: // DATABASE connexion parameters define("DB_HOST", "localhost:3306"); define("DB_USER", "teampass"); define("DB_PASSWD", "XXXXX"); define("DB_NAME", "teampass"); define("DB_PREFIX", "teampass_"); define("DB_PORT", "3306"); define("DB_ENCODING", "utf8"); //define("DB_SSL", false); // if DB over SSL then comment this line // if DB over SSL then uncomment the following lines define("DB_SSL", array( "key" => "", "cert" => "", "ca_cert" => "", "ca_path" => "", "cipher" => "" )); define("DB_CONNECT_OPTIONS", array( MYSQLI_OPT_CONNECT_TIMEOUT => 10 )); define("SECUREPATH", "/var/local/teampass"); define("SECUREFILE", "teampass-seckey.txt"); define("IKEY", ""); define("SKEY", ""); define("HOST", "");
if (isset($_SESSION['settings']['timezone']) === true) { date_default_timezone_set($_SESSION['settings']['timezone']); }
Client configuration
Browser: Google Chrome 129.0.6668.101 Operating system: Windows 10
Logs
Web server error log
No error / log message shown
Log from the web-browser developer console (CTRL + SHIFT + i)
{error: false, teampass_groups: Array(4), ldap_groups: Array(1000)}
Possible solution
Groups are read in vendor/teampassclasses/ldapextra/src/ActiveDirectoryExtra.php If I change lines 61 and 106 from get() to paginate(), all groups are visible inside Teampass. $groups = $query->get(); change to: $groups = $query->paginate();
Could that be changed in the official master tree sources? Any better solutions available? Maybe setting an LDAP group filter somewhere? Best regards, Tim
