User_ldap BindFailedException after linux upgrade

esaaix · October 1, 2020, 3:09pm

Hi,
I’ve upgraded an Ubuntu 17.10 to an LTS 18.04,
OwnCloud server is a 10.4.0.4 on Apache 2.4, all my users came from an AD.
Just after the system update login into OwnCloud was impossible, always get the reply “Incorrect password”.
A sudo -u www-data php occ ldap:test-config '' reply
In Connection.php line 532: [OCA\User_LDAP\Exceptions\BindFailedException]

So before creating a new topic, I made an update of my OwnCloud server from 10.4.0.4 to 10.5, no issue with the update, all apps were updated too.

So, I try again to login, and same error : “Incorrect password”
And a sudo -u www-data php occ ldap:test-config '' always reply
In Connection.php line 532: [OCA\User_LDAP\Exceptions\BindFailedException]

What’s wrong ?

eneubauer · October 2, 2020, 10:21am

Perhaps the user your connecting to the AD with has been disabled? Perhaps because of too many failed login attempts?

esaaix · October 2, 2020, 12:35pm

Not possible, we use the AD for other things, and all my users are ok, and we can mount the data volume using samba.
I don’t have a lot of failed login attempts, I keep an eye on that

But thanks for the suggestion

eneubauer · October 2, 2020, 12:42pm

I’ve had it that sometimes changing the BindDN notation from uid=<username>,dc=<domain>,dc=<tld> to <username>@<domain>.<tld>.
However I don’t see why this would suddenly change in between upgrades.

esaaix · October 5, 2020, 7:46am

Nope, as suggest owncloud update documentation I made a copy of missing apps, so I copied user_ldap app and its config, after that I made an update of all apps. user_ldap wasn’t updated and its config didn’t change. BindDN is the good one.

jvillafanez · October 5, 2020, 11:43am

Please, include the user_ldap app version that you have installed. If it isn’t the latest version, you could try to update the app (I doubt it could be worse that what you have at the moment)
In addition, provide a password (NOT IN USE) that you know it will fail. This is mainly to check if there is a weird char (@, *, ', %, etc) that could break things.

Furthermore, you can enable the debug log level in ownCloud and look for Bind failed: after a loging attempt. It should contain the cause of the failure

esaaix · October 5, 2020, 12:40pm

My user_ldap version is 0.15.0,
I updated the apps with occ command sudo -u www-data php occ upgrade some have changed version, others haven’t, user_ldap remained on the same version.

Yes our passwords contain special characters @ and +, but everything was fine before the update.

I changed the log level from 3 to 0, and this is the log of a login attempt :
{"reqId":"MZuu4STxVFsMpYAU0Ixw","level":0,"time":"2020-10-05T12:27:32+00:00","remoteAddr":"98.135.115.261","user":"--","app":"OC\\User\\Session::login","method":"POST","url":"\/index.php\/login","message":"regenerating session id for uid My_OwnCloud_User, password set"} {"reqId":"MZuu4STxVFsMpYAU0Ixw","level":0,"time":"2020-10-05T12:27:32+00:00","remoteAddr":"98.135.115.261","user":"--","app":"OC\\Authentication\\Token\\DefaultTokenProvider::getToken","method":"POST","url":"\/index.php\/login","message":"token 72f8c86eb915a652cf023bf67f32f19ceb7549f0e6cf229bcc6689c599658f65818f8b1c66f5990860c70d184b3549c3ac5a1d8895b4143fa68abd2aa7dfb860 does not exist"} {"reqId":"MZuu4STxVFsMpYAU0Ixw","level":0,"time":"2020-10-05T12:27:32+00:00","remoteAddr":"98.135.115.261","user":"--","app":"OC\\User\\Session::validateToken","method":"POST","url":"\/index.php\/login","message":"token 72f8c86eb915a652cf023bf67f32f19ceb7549f0e6cf229bcc6689c599658f65818f8b1c66f5990860c70d184b3549c3ac5a1d8895b4143fa68abd2aa7dfb860, not found"} {"reqId":"MZuu4STxVFsMpYAU0Ixw","level":0,"time":"2020-10-05T12:27:32+00:00","remoteAddr":"98.135.115.261","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"Bind failed: (), no extended diagnostics, NULL"} {"reqId":"MZuu4STxVFsMpYAU0Ixw","level":0,"time":"2020-10-05T12:27:32+00:00","remoteAddr":"98.135.115.261","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"Bind failed: -1: Can't contact LDAP server"} {"reqId":"MZuu4STxVFsMpYAU0Ixw","level":3,"time":"2020-10-05T12:27:32+00:00","remoteAddr":"98.135.115.261","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"Exception: {\"Exception\":\"OCA\\\\User_LDAP\\\\Exceptions\\\\BindFailedException\",\"Message\":\"\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Connection.php(170): OCA\\\\User_LDAP\\\\Connection->establishConnection()\\n#1 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(958): OCA\\\\User_LDAP\\\\Connection->getConnectionResource()\\n#2 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(1169): OCA\\\\User_LDAP\\\\Access->executeSearch('(&(&(|(objectcl...', Array, Array, NULL, NULL)\\n#3 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(883): OCA\\\\User_LDAP\\\\Access->search('(&(&(|(objectcl...', Array, Array, NULL, NULL)\\n#4 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(778): OCA\\\\User_LDAP\\\\Access->searchUsers('(&(&(|(objectcl...', Array, NULL, NULL)\\n#5 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(751): OCA\\\\User_LDAP\\\\Access->fetchListOfUsers('(&(&(|(objectcl...', Array)\\n#6 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User\\\/Manager.php(462): OCA\\\\User_LDAP\\\\Access->fetchUsersByLoginName('My_OwnCloud_User', Array)\\n#7 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php(140): OCA\\\\User_LDAP\\\\User\\\\Manager->getLDAPUserByLoginName('My_OwnCloud_User')\\n#8 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(84): OCA\\\\User_LDAP\\\\User_LDAP->checkPassword(*** sensitive parameters replaced ***)\\n#9 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Proxy.php(145): OCA\\\\User_LDAP\\\\User_Proxy->walkBackends('My_OwnCloud_User', 'checkPassword', Array)\\n#10 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(189): OCA\\\\User_LDAP\\\\Proxy->handleRequest('My_OwnCloud_User', 'checkPassword', Array)\\n#11 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/User\\\/Manager.php(263): OCA\\\\User_LDAP\\\\User_Proxy->checkPassword(*** sensitive parameters replaced ***)\\n#12 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(527): OC\\\\User\\\\Manager->checkPassword(*** sensitive parameters replaced ***)\\n#13 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(333): OC\\\\User\\\\Session->loginWithPassword(*** sensitive parameters replaced ***)\\n#14 \\\/var\\\/www\\\/html\\\/owncloud\\\/core\\\/Controller\\\/LoginController.php(223): OC\\\\User\\\\Session->login(*** sensitive parameters replaced ***)\\n#15 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(153): OC\\\\Core\\\\Controller\\\\LoginController->tryLogin(*** sensitive parameters replaced ***)\\n#16 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(85): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Core\\\\Controller\\\\LoginController), 'tryLogin')\\n#17 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(100): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Core\\\\Controller\\\\LoginController), 'tryLogin')\\n#18 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('LoginController', 'tryLogin', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#19 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/Route\\\/Router.php(342): OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#20 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/base.php(916): OC\\\\Route\\\\Router->match('\\\/login')\\n#21 \\\/var\\\/www\\\/html\\\/owncloud\\\/index.php(54): OC::handleRequest()\\n#22 {main}\",\"File\":\"\\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Connection.php\",\"Line\":532}"} {"reqId":"MZuu4STxVFsMpYAU0Ixw","level":2,"time":"2020-10-05T12:27:32+00:00","remoteAddr":"98.135.115.261","user":"--","app":"core","method":"POST","url":"\/index.php\/login","message":"Login failed: 'My_OwnCloud_User' (Remote IP: '98.135.115.261')"}

jvillafanez · October 5, 2020, 1:37pm

{"reqId":"MZuu4STxVFsMpYAU0Ixw","level":0,"time":"2020-10-05T12:27:32+00:00","remoteAddr":"98.135.115.261","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"Bind failed: (), no extended diagnostics, NULL"}
{"reqId":"MZuu4STxVFsMpYAU0Ixw","level":0,"time":"2020-10-05T12:27:32+00:00","remoteAddr":"98.135.115.261","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"Bind failed: -1: Can't contact LDAP server"}

You’ll likely need to debug that. Somehow you aren’t connecting to the LDAP server.

With OC 10.5 and user_ldap 0.15.2, I’m getting

{"reqId":"FPbPryfBmtEDJpAFDjSI","level":0,"time":"2020-10-05T13:31:14+00:00","remoteAddr":"10.0.2.27","user":"--","app":"user_ldap","method":"POST","url":"\/login","message":"Bind failed: (), no extended diagnostics, NULL"}
{"reqId":"FPbPryfBmtEDJpAFDjSI","level":0,"time":"2020-10-05T13:31:14+00:00","remoteAddr":"10.0.2.27","user":"--","app":"user_ldap","method":"POST","url":"\/login","message":"Bind failed: 49: Invalid credentials"}

when I enter wrong credentials for an LDAP user