pingvin-share icon indicating copy to clipboard operation
pingvin-share copied to clipboard
verified publisher icon stonith404

🐛 Bug Report: LDAP admin group not connecting

Open dnielso5 opened this issue 1 year ago • 2 comments

👟 Reproduction steps

set up the LDAP admin group, the members of the group can not log in.

{4D42C0A5-C2C8-4C90-A563-998D277F91E9}

👍 Expected behavior

log users of the group in as admins

👎 Actual Behavior

failed login "wrong username or password"

📜 Logs

[Nest] 44 - 09/30/2024, 9:47:06 AM LOG [AuthService] Failed login attempt for user Admin_account from IP MyIP

dnielso5 avatar Sep 30 '24 16:09 dnielso5

@WolverinDEV i know you helped on the other LDAP issues.

dnielso5 avatar Sep 30 '24 16:09 dnielso5

also i tested the ldapsearch with this:

ldapsearch -x -b "ou=all users,dc=domain,dc=domain,dc=domain" -H ldap://ServerIP -D "cd=admin_account,ou=administrators,ou=all users,dc=domain,dc=domain,dc=domain" -w Password 'memberOf=CN=FileSharingAdmins,OU=Groups,OU=All Users,DC=domain,DC=domain,DC=domain'

comes back with the users of the group.

dnielso5 avatar Sep 30 '24 22:09 dnielso5

@WolverinDEV i know you helped on the other LDAP issues.

Hey, sorry for the late reply.
I'm currently on vacation. I'll be back at Tuesday:)

WolverinDEV avatar Oct 04 '24 16:10 WolverinDEV

@WolverinDEV i know you helped on the other LDAP issues.

Hey, sorry for the late reply. I'm currently on vacation. I'll be back at Tuesday:)

Enjoy your vacation!

dnielso5 avatar Oct 07 '24 15:10 dnielso5

Hey @dnielso5,

If I understood your issue correctly, you stated that "admin users" cannot log in, while "regular users" can?

Just to clarify, the admin group is only checked after the user has been authenticated. For instance, we first search for the user, then we validate their password. If the password matches, only then do we check if the user is a member of the admin group to determine if they have admin privileges.

So if the admin users cannot log in at all, it suggests that the system can't find those users during the initial search, not that it's an admin group issue.

WolverinDEV avatar Oct 09 '24 01:10 WolverinDEV

Hey @dnielso5,

If I understood your issue correctly, you stated that "admin users" cannot log in, while "regular users" can?

Just to clarify, the admin group is only checked after the user has been authenticated. For instance, we first search for the user, then we validate their password. If the password matches, only then do we check if the user is a member of the admin group to determine if they have admin privileges.

So if the admin users cannot log in at all, it suggests that the system can't find those users during the initial search, not that it's an admin group issue.

I see, so you need to be in BOTH groups to be an admin. I was under the impression that if you were added into the admin group it was assumed you were also able to log in.

At this point i was able to get my admin account logged in and be able to see the admin configs.

Thank you!

dnielso5 avatar Oct 09 '24 15:10 dnielso5