OneDev
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server
Code
Pull Requests
Issues
List
Boards
Milestones
Builds
Packages
Statistics
Child Projects
OneDev 10.5.2
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues #1597
#1597  LDAP Bind User Selected Incorrectly After Update
Closed
Joshua Luppes opened 7 months ago

It appears that after updating image from 9.1.15 to 9.2.0, the LDAP service is no longer using the specified bind user to authenticate with the LDAP server.

The user that logs are showing attempting to bind appears to be the alphabetically first user matching the user search filter, but that user is not specified anywhere in the UI. The user that is specified is not showing any logs attempting to bind.

This started after the image was updated, with no other configuration changes made.

LDAP is LLDAP stable (openLdap implementation). LDAP settings are configured through UI in OneDev.
Joshua Luppes changed fields 7 months ago
Name Previous Value Current Value 
Type
 
Support Request
 
Bug
Affected Versions
 empty 
9.2.0
Joshua Luppes commented 7 months ago

Possibly related to changes to FilterChainManager on server-core/src/main/java/io/onedev/server/CoreModule.java in commit 26894326 ?
Joshua Luppes commented 7 months ago

Here is the error message received when running the LDAP test: image.png
Robin Shen commented 7 months ago

That change should not affect LDAP functionality. I tested with this public LDAP server (https://www.forumsys.com/2022/05/10/online-ldap-test-server/) and it works fine.

OneDev will search the user DN with user filter under user search base, and binds to that DN for authentication. The {0} placeholder will be replaced by login name and returned DN should represent the correct user.

Please turn on debug logging by editing "conf/logback.xml" to add below logger:

<logger name="io.onedev.server.plugin.authenticator.ldap" level="DEBUG"/>

Then restart OneDev server, try to login again and check server log to see if there are any clues there.
Joshua Luppes commented 7 months ago

Ok, looks like it was just a problem with the User Search Filter after all. Apologies for the goose chase!

It's just weird that it had been working fine before the update, and I didn't change any of the LDAP or UI settings in between. Not sure if that setting got updated somehow or if something else changed, but everything is working fine now.

Thank you for responding and taking the time to work on this!
Joshua Luppes changed state to 'Closed' 7 months ago
Previous Value Current Value 
Open
 
Closed
Joshua Luppes commented 7 months ago

Issue was due to a misconfigured User Search Filter.
Robin Shen commented 7 months ago

No problem. Let me know if you have any other issues.
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Robin Shen
Affected Versions
9.2.0
Labels
No labels
Issue Votes (1)
Login to vote
Watchers (3)
Reference
onedev/server#1597
Please wait...
Page is in error, reload to recover