Subject: The mailing list for listmasters using Sympa
List archive
[sympa-users] Failing LDAP authentication after upgrade
- From: Sebastian Wagner <address@concealed>
- To: address@concealed
- Subject: [sympa-users] Failing LDAP authentication after upgrade
- Date: Sat, 8 Aug 2020 17:16:45 +0200
Dear sympa community,
after a sympa upgrade to 6.2.16 (from 6.1.23~dfsg-2+deb8u3 I think) as
part of a distribution upgrade (debian jessie to stretch), the LDAP
authentication in the webinterface does not work anymore. I am sure that
the password is correct and there have been no changes at the LDAP server.
The logs with -d parameter show for the failed login:
> Aug 8 16:17:28 mail1207 wwsympa[1509]: info main::do_login(sebastian)
[robot fstph.at] [session 52702446127302] [client 10.20.30.3]
> Aug 8 16:17:28 mail1207 wwsympa[1509]: err main::#1663 >
main::do_login#3406 > Sympa::Auth::check_auth#81 Incorrect LDAP password
> Aug 8 16:17:28 mail1207 wwsympa[1509]: notice main::do_login()
Authentication failed
> Aug 8 16:17:28 mail1207 wwsympa[1509]: info
main::do_renewpasswd(sebastian) [robot fstph.at] [session
52702446127302] [client 10.20.30.3]
> Aug 8 16:17:28 mail1207 wwsympa[1509]: info main::do_renewpasswd()
[robot fstph.at] [session 52702446127302] [client 10.20.30.3] Incorrect
email "sebastian"
While the webinterface says:
> ERROR () - Provided password is incorrect
> ERROR (renewpasswd) - Address "sebastian" is incorrect
/etc/sympa/auth.conf:
> ldap
> email_attribute mail
> get_dn_by_email_filter (|(mail=[sender])(mailalternateaddress=[sender]))
> get_dn_by_uid_filter (uid=[sender])
> host ldap:389
> regexp fstph\.at
> suffix dc=fstph,dc=at
> timeout 30
> scope sub
>
> user_table
> regexp .*
What makes me curious are the error messages saying that the login name
("sebastian") is incorrect, but using the email address
("address@concealed") works neither. With email address I get in the
webinterface:
> ERROR () - Provided password is incorrect
And the logs:
> Aug 8 17:12:45 mail1207 wwsympa[1509]: info
main::do_login(address@concealed) [robot fstph.at] [session
26158469077684] [client 10.20.30.3]
> Aug 8 17:12:45 mail1207 wwsympa[1509]: err main::#1663 >
main::do_login#3406 > Sympa::Auth::check_auth#56 >
Sympa::Auth::authentication#186 Incorrect password for user
address@concealed
> Aug 8 17:12:45 mail1207 wwsympa[1509]: notice main::do_login()
Authentication failed
> Aug 8 17:12:45 mail1207 wwsympa[1509]: info
main::do_renewpasswd(address@concealed) [robot fstph.at] [session
26158469077684] [client 10.20.30.3]
> Aug 8 17:12:45 mail1207 wwsympa[1509]: info Sympa::Session::renew()
[robot fstph.at] [session 26158469077684] [client 10.20.30.3] [user
nobody] new session 20580358921856
In the old version, login via username was possible, not via
emailaddress. Therefore I suspect that the conversion of provided login
name to ldap name is not correct.
Do you spot any possible issues? Anything I could try to debug?
I could try another distribution upgrade (from stretch to buster) and
hope the problem is solved with sympa 6.2.40, however I would prefer
fixing the authentication bug before doing the next upgrade (and
probably - but hopefully not - other issues to resolve).
Thanks in advance for any hints or help
best regards
Sebastian
--
Sebastian Wagner
Fachschaft Physik, HTU Wien
+43 660 11 99 001
https://fstph.at/
Attachment:
signature.asc
Description: OpenPGP digital signature
-
[sympa-users] Failing LDAP authentication after upgrade,
Sebastian Wagner, 08/08/2020
-
Re: [sympa-users] Failing LDAP authentication after upgrade,
Gerard Ranke, 08/08/2020
-
Re: [sympa-users] Failing LDAP authentication after upgrade,
Sebastian Wagner, 08/15/2020
- Re: [sympa-users] Failing LDAP authentication after upgrade, Gerard Ranke, 08/17/2020
-
Re: [sympa-users] Failing LDAP authentication after upgrade,
Sebastian Wagner, 08/15/2020
-
Re: [sympa-users] Failing LDAP authentication after upgrade,
Gerard Ranke, 08/08/2020
Archive powered by MHonArc 2.6.19+.