LDAP & "remember me" issue

Mika64 · 9 August 2019 14:35

Hello,

I have an issue with LibreNMS.

I use LDAP authentication et when I use “Remember me” option in login page, one or two days after I have a " Whoops, looks like something went wrong. Check your librenms.log.".

I found a work around : remove cookies from LibreNMS and after this, I can login again (that’s not a login problem).

[2019-08-09 16:22:18] production.ERROR: ldap_search(): Search: No such object {"exception":"[object] (ErrorException(code: 0): ldap_search(): Search: No such object at /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php:64)
[stacktrace]
#0 [internal function]: Illuminate\\Foundation\\Bootstrap\\HandleExceptions->handleError(2, 'ldap_search(): ...', '/opt/librenms/L...', 64, Array)
#1 /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php(64): ldap_search(Resource id #8, 'ou=Informatique...', '(uid=<USERNAME>)')
#2 /opt/librenms/app/Providers/LegacyUserProvider.php(86): LibreNMS\\Authentication\\LdapAuthorizer->userExists('<USERNAME>')
#3 /opt/librenms/vendor/laravel/framework/src/Illuminate/Auth/SessionGuard.php(169): App\\Providers\\LegacyUserProvider->retrieveByToken('2', 'cXOivChYZ22ffNj...')
#4 /opt/librenms/vendor/laravel/framework/src/Illuminate/Auth/SessionGuard.php(139): Illuminate\\Auth\\SessionGuard->userFromRecaller(Object(Illuminate\\Auth\\Recaller))
#5 /opt/librenms/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(54): Illuminate\\Auth\\SessionGuard->user()
#6 [internal function]: Illuminate\\Auth\\AuthManager->Illuminate\\Auth\\{closure}(NULL)
#7 /opt/librenms/vendor/laravel/framework/src/Illuminate/Auth/AuthServiceProvider.php(86): call_user_func(Object(Closure), NULL)
#8 [internal function]: Illuminate\\Auth\\AuthServiceProvider->Illuminate\\Auth\\{closure}(NULL)
#9 /opt/librenms/vendor/laravel/framework/src/Illuminate/Http/Request.php(513): call_user_func(Object(Closure), NULL)
#10 /opt/librenms/app/Http/Middleware/SetLocale.php(23): Illuminate\\Http\\Request->user()
#11 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): App\\Http\\Middleware\\SetLocale->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#12 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#13 /opt/librenms/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#14 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): Illuminate\\Session\\Middleware\\StartSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#15 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#16 /opt/librenms/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#17 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#18 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#19 /opt/librenms/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(66): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#20 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#21 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#22 /opt/librenms/app/Http/Middleware/CheckInstalled.php(46): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#23 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): App\\Http\\Middleware\\CheckInstalled->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#24 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#25 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#26 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(684): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#27 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(659): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#28 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(625): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#29 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(614): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#30 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#31 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
#32 /opt/librenms/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#33 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#34 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#35 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#36 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#37 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#38 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#39 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#40 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#41 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#42 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#43 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#44 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(62): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#45 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#46 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#47 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#48 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#49 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#50 /opt/librenms/html/index.php(53): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#51 {main}
"}

Mika64 · 9 August 2019 15:26

I forget, when it’s happen, I can’t access to nothing, same to login page.

murrant · 13 August 2019 12:34

LibreNMS tries to search for the user, but gets no results. Is your bind user correct and able to search?

Mika64 · 13 August 2019 12:49

Yes and if I open with another browser, that’s work perfectly.
And if I do not enable “remember me” option, I never had problem.

spencerbutler · 20 November 2019 13:29

We’ve been running into this issue for some time now. It doesn’t happen all the time, just occasionally. Our work around has been, just deleting the bad cookie and moving on. I’d love to find a solution to this. Has anyone figured out the root cause yet?

We’re using OpenLDAP.

Ricardo · 10 November 2020 11:10

We still got the same issue and it’s getting really annoying. Is there some plan how to fix this? Any rough estimate or something? Also willing to help if you need any.

Mika64 · 10 November 2020 13:18

Did you also use “OpenLDAP”?
I think this is the best way to reproduce this bug.

Ricardo · 10 November 2020 13:21

We hooked it up to a univention LDAP. I’m pretty sure this is openldap underneath.

Maybe we found our issue. We don’t use a bind user so it tries to bind as the user you try to login I guess? But that session is probably timed out by then so the bind fails. We’ll create a separate bind user and try if that solves the problem for us. I’ll get back here if it does. If I forget just ping me.

murrant · 10 November 2020 16:39

@Ricardo you can’t bind as the login user when using “remember me”, we don’t have the password. This is why a bind user is required.

Seems like the real fix here is to disable the remember me checkbox for ldap and ad users without a bind user. But unfortunately, that would disable even for those that don’t require a bind user (allow anon search).

Ricardo · 11 November 2020 09:00

In our case we don’t allow anon search. That’s why we need a bind user. But so far we didn’t configure one. We’re testing it now with a bind user. Maybe this solves the issue.

Mika64 · 7 December 2020 09:27

Another solution would be to return to the login page when this error happens …

einzi · 29 April 2021 08:44

Is there a solution to this problem? I am having this issue with a new install and I have a bind user.

Lucas_Santana · 28 October 2021 12:58

Same problem here… unfortunately in LibreNMS we need to stay with this kind of problems.