Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP Authentication is not working if Sync Data is false #5165

Closed
peleshenko opened this issue Dec 10, 2016 · 5 comments · Fixed by #8372
Closed

LDAP Authentication is not working if Sync Data is false #5165

peleshenko opened this issue Dec 10, 2016 · 5 comments · Fixed by #8372

Comments

@peleshenko
Copy link

Your Rocket.Chat version: 0.47
STR:

  1. Configure LDAP in following way:
    Login Fallback: true
    Use Custom Domain Search: true
    Enable LDAP user group filter: false
    Username Field: uid (not sure that it is important)
    Unique Identifier Field: gidNumber,uid (not sure that it is important)
    Sync Data: false
    Merge existing users: false
    Import LDAP users: false
  2. Login first time with existing LDAP user
    User created and logged in successfully
  3. Logout
  4. Login again with the same LDAP user
    AcR:
    Incorrect user name or password
    ExR:
    User logged in

Description:
Field services.ldap.id of user object is not populated during first time user creation in file rockechat_ldap.js. This field is added only in case if Sync Data is true. And if Sync Data is true bug is not reproducing.
I'm not an expert in your code but as for me services.ldap.id should be set at the very begging of user creation after successful LDAP login.
Question:
Rocket chat seems to be amassing tool. But after brief review of LDAP feature I found it's code a "little strange" ;) I'm not sure but maybe I will fix it. What is your suggestion rewrite it from scratch or try to fix existing?

Please let me know if you need more details about the bug.

@bbrauns
Copy link
Contributor

bbrauns commented Mar 21, 2017

Is it possible to priorize this issue higher? We have the same problem in our instance and the workaround with "sync-data: true" is not optimal. It results in a ldap query for every user on login, which generates a lot of pressure on the ldap backends.

@SthPhoenix
Copy link

SthPhoenix commented Apr 6, 2017

Got same problem here. According to logs, on second login:

  1. it queries LDAP for user
  2. got answer
  3. send authentication request
  4. authenticate user
  5. disconnects from LDAP
  6. says that user already exist in local DB

It seems that on second login it fails because it's trying to add this user again instead of just login
P.S. Excuse me for not showing actual logs, just can't access them from home

@deiansp
Copy link

deiansp commented Apr 19, 2017

The same problem here.

@Sabbathrade
Copy link

Yeah, I have same issue.

Connection test - Successful
Sync users - Successful

but it does not work, no users are synced

@kassanmoor
Copy link

kassanmoor commented Jul 19, 2017

Same problem here, any workaround?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

9 participants