Project

General

Profile

Actions

Bug #26063

open

When we use LDAP authentication backend, the error is confusing if the user doesn't exist in Rudder

Added by Nicolas CHARLES 10 days ago. Updated 3 days ago.

Status:
Pending technical review
Priority:
2
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

When using the LDAP authentication backend, we had the following error when trying to login

[LDAP: error code 32 - 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:

'DC=WWW,DC=YYYYYY,DC=ZZZ'

the actual cause of the error was that the user was not declared in Rudder
The log should clearly say that the user is not there, or at least documentation should mention it

Actions #1

Updated by Nicolas CHARLES 10 days ago

  • Project changed from Rudder to Authentication backends
  • Target version deleted (8.1.11)
Actions #2

Updated by Nicolas CHARLES 10 days ago

  • Priority changed from N/A to To review
  • Target version set to 8.1
Actions #3

Updated by François ARMAND 3 days ago

  • Assignee set to François ARMAND
  • Priority changed from To review to 2
  • Severity set to Minor - inconvenience | misleading | easy workaround

At least add an error message pointing to that, or add doc explaining the meaning of that result.

Actions #4

Updated by François ARMAND 3 days ago

  • Status changed from New to In progress
Actions #5

Updated by François ARMAND 3 days ago

in Rudder 8.1.11-snapshot, with the user present in LDAP but not in rudder file, we get:

2024-12-19 17:21:08+0100 DEBUG application.authentication - Rudder authentication attempt for principal 'fanf' with backend 'rootAdmin': failure
2024-12-19 17:21:08+0100 DEBUG application.authentication - Rudder authentication attempt using bootstrap.liftweb.RudderAuthenticationProvider
2024-12-19 17:21:08+0100 INFO  application.authentication - Rudder authentication attempt for principal 'fanf' with backend 'ldap': failure
2024-12-19 17:21:08+0100 DEBUG application.authentication - Rudder authentication attempt using bootstrap.liftweb.RudderAuthenticationProvider
2024-12-19 17:21:08+0100 INFO  application.authentication - Rudder authentication attempt for principal 'fanf' with backend 'file': failure
2024-12-19 17:21:08+0100 WARN  application - Login authentication failed for user 'fanf' from IP '127.0.0.1': Bad credentials

It looks like what we want it to be.

Actions #6

Updated by François ARMAND 3 days ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder-plugins/pull/781
Actions

Also available in: Atom PDF