Defect #35298

LDAP /auth_sources/autocomplete_for_new_user not working when multiple LDAP Servers

Added by Wolf Gang 2 months ago. Updated 2 months ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-
Resolution: Affected version:4.2.1

Description

Hello!

In my setup I have several different LDAP Servers (~20) I try to query. When I add a new user the progress icon appears and stops after a while appearingly without success. After this for a while, the server returns "Internal Error" for a a while (< 1 minute). The following appears in the log files:

I, [2021-05-23T20:34:25.442329 #1]  INFO -- : Started GET "/auth_sources/autocomplete_for_new_user?term=ex" for 92.248.33.178 at 2021-05-23 20:34:25 +0000
I, [2021-05-23T20:34:25.443289 #1]  INFO -- : Processing by AuthSourcesController#autocomplete_for_new_user as JSON
I, [2021-05-23T20:34:25.443327 #1]  INFO -- :   Parameters: {"term"=>"ex"}
I, [2021-05-23T20:34:25.456248 #1]  INFO -- :   Current user: admin (id=1)
I, [2021-05-23T20:34:34.971175 #1]  INFO -- : Started GET "/auth_sources/autocomplete_for_new_user?term=exs" for 92.248.33.178 at 2021-05-23 20:34:34 +0000
I, [2021-05-23T20:34:34.972246 #1]  INFO -- : Processing by AuthSourcesController#autocomplete_for_new_user as JSON
I, [2021-05-23T20:34:34.972279 #1]  INFO -- :   Parameters: {"term"=>"exs"}
I, [2021-05-23T20:34:34.985667 #1]  INFO -- :   Current user: admin (id=1)
I, [2021-05-23T20:34:35.275884 #1]  INFO -- : Started GET "/auth_sources/autocomplete_for_new_user?term=exsc" for 92.248.33.178 at 2021-05-23 20:34:35 +0000
I, [2021-05-23T20:34:35.276661 #1]  INFO -- : Processing by AuthSourcesController#autocomplete_for_new_user as JSON
I, [2021-05-23T20:34:35.276697 #1]  INFO -- :   Parameters: {"term"=>"exsc"}
I, [2021-05-23T20:34:35.303692 #1]  INFO -- :   Current user: admin (id=1)
I, [2021-05-23T20:34:35.701371 #1]  INFO -- : Started GET "/auth_sources/autocomplete_for_new_user?term=exsch" for 92.248.33.178 at 2021-05-23 20:34:35 +0000
I, [2021-05-23T20:34:35.702086 #1]  INFO -- : Processing by AuthSourcesController#autocomplete_for_new_user as JSON
I, [2021-05-23T20:34:35.702117 #1]  INFO -- :   Parameters: {"term"=>"exsch"}
I, [2021-05-23T20:34:35.707769 #1]  INFO -- :   Current user: admin (id=1)
I, [2021-05-23T20:34:38.076215 #1]  INFO -- : Started GET "/auth_sources/autocomplete_for_new_user?term=exsch" for 92.248.33.178 at 2021-05-23 20:34:38 +0000
I, [2021-05-23T20:34:38.076974 #1]  INFO -- : Processing by AuthSourcesController#autocomplete_for_new_user as JSON
I, [2021-05-23T20:34:38.077003 #1]  INFO -- :   Parameters: {"term"=>"exsch"}
not verifying SSL hostname of LDAPS server 'lh.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'lh.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'nk.lokal:636'
not verifying SSL hostname of LDAPS server 'nk.lokal:636'
not verifying SSL hostname of LDAPS server 'lh.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'nk.lokal:636'
not verifying SSL hostname of LDAPS server 'nk.lokal:636'
not verifying SSL hostname of LDAPS server 'nk.lokal:636'
not verifying SSL hostname of LDAPS server 'am.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'am.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'lh.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wy.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wy.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sb.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sb.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wy.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'am.nk.lokal:636'
172.18.0.7 - - [23/May/2021:20:34:39 UTC] "GET /auth_sources/autocomplete_for_new_user?term=exscha HTTP/1.0" 500 46
https://noekis-test.lknoe.at/users/new -> /auth_sources/autocomplete_for_new_user?term=exscha
not verifying SSL hostname of LDAPS server 'nk.lokal:636'
not verifying SSL hostname of LDAPS server 'am.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'am.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'lh.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'nk.lokal:636'
not verifying SSL hostname of LDAPS server 'nk.lokal:636'
not verifying SSL hostname of LDAPS server 'me.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'me.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'am.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wy.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wy.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wy.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'am.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'am.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wy.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wy.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sb.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sb.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sp.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sp.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'lf.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'lf.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'tu.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sb.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sb.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sb.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'me.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'me.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sp.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wy.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'me.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'tu.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ks.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ks.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'kl.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'kl.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'zt.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sb.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'me.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'me.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ma.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'me.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sp.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'sp.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'zt.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wt.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'wt.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'gd.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'gd.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ho.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'ho.nk.lokal:636'
not verifying SSL hostname of LDAPS server 'mi.nk.lokal:636'
172.18.0.7 - - [23/May/2021:20:34:56 UTC] "GET /auth_sources/autocomplete_for_new_user?term=exscha HTTP/1.0" 500 46
https://noekis-test.lknoe.at/users/new -> /auth_sources/autocomplete_for_new_user?term=exscha

I dont know how to further debug that so any support is highly appreciated.

History

#1 Updated by Wolf Gang 2 months ago

LDAP Connection Test is succesful!

#2 Updated by 文津 关 2 months ago

我遇到和你一样的问题,我的例子中可以通过ldapsearch搜索到相关条目。排除openldap的服务端问题。
经过多次尝试发现ldap条目中必须包含在redmine认证模式里面所定义的属性。如登录名属性uid,名字属性givenName,姓氏属性sn,邮件属性mail。缺一不可。如果缺少mail属性在redmine会返回http 500。如果属性完整会返回http 200。

For English
check if uid,givenName,sn,mail exist on openldap or other attribute your define on redmine.

Also available in: Atom PDF