glauth ldap backend

prusaman

@nebulon anything changed recently related to this? I patched glauth and authentication was working for the last few days. I rebooted the system to update OS packages and now auth is no longer working. Nothing else has changed. Just trying to limit variables and preserve the limited hair I have remaining.

Cheers

girish

@prusaman not really, we haven't made a release past 2-3 weeks.

prusaman

This post is deleted!

NCKNE

I am encountering the same error ("missing paged control") when connecting to a ldapjs server:

2025-02-25T07:37:57.542Z box:taskworker Starting task 10372. Logs are at /home/yellowtent/platformdata/logs/tasks/10372.log
2025-02-25T07:37:57.566Z box:taskworker Running task of type syncExternalLdap
2025-02-25T07:37:57.566Z box:tasks update 10372: {"percent":10,"message":"Starting ldap user sync"}
2025-02-25T07:37:59.860Z box:taskworker Task took 2.366 seconds
2025-02-25T07:37:59.860Z box:tasks setCompleted - 10372: {"result":null,"error":{"stack":"BoxError: missing paged control\n    at SearchPager.<anonymous> (/home/yellowtent/box/src/externalldap.js:162:48)\n    at SearchPager.emit (node:events:519:28)\n    at SearchPager.emit (/home/yellowtent/box/node_modules/ldapjs/lib/corked_emitter.js:44:33)\n    at SearchPager._onEnd (/home/yellowtent/box/node_modules/ldapjs/lib/client/search_pager.js:103:12)\n    at EventEmitter.emit (node:events:519:28)\n    at sendResult (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1194:22)\n    at messageCallback (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1222:16)\n    at Parser.onMessage (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:888:14)\n    at Parser.emit (node:events:519:28)\n    at Parser.write (/home/yellowtent/box/node_modules/ldapjs/lib/messages/parser.js:107:8)","name":"BoxError","reason":"External Error","details":{},"message":"missing paged control","nestedError":{"stack":"PagedError: missing paged control\n    at SearchPager._onEnd (/home/yellowtent/box/node_modules/ldapjs/lib/client/search_pager.js:93:17)\n    at EventEmitter.emit (node:events:519:28)\n    at sendResult (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1194:22)\n    at messageCallback (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1222:16)\n    at Parser.onMessage (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:888:14)\n    at Parser.emit (node:events:519:28)\n    at Parser.write (/home/yellowtent/box/node_modules/ldapjs/lib/messages/parser.js:107:8)\n    at end (/home/yellowtent/box/node_modules/ldapjs/lib/messages/parser.js:62:36)\n    at Parser.write (/home/yellowtent/box/node_modules/ldapjs/lib/messages/parser.js:108:10)\n    at Socket.onData (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:875:22)","name":"PagedError","message":"missing paged control"}}}
2025-02-25T07:37:59.861Z box:tasks update 10372: {"percent":100,"result":null,"error":{"stack":"BoxError: missing paged control\n    at SearchPager.<anonymous> (/home/yellowtent/box/src/externalldap.js:162:48)\n    at SearchPager.emit (node:events:519:28)\n    at SearchPager.emit (/home/yellowtent/box/node_modules/ldapjs/lib/corked_emitter.js:44:33)\n    at SearchPager._onEnd (/home/yellowtent/box/node_modules/ldapjs/lib/client/search_pager.js:103:12)\n    at EventEmitter.emit (node:events:519:28)\n    at sendResult (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1194:22)\n    at messageCallback (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1222:16)\n    at Parser.onMessage (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:888:14)\n    at Parser.emit (node:events:519:28)\n    at Parser.write (/home/yellowtent/box/node_modules/ldapjs/lib/messages/parser.js:107:8)","name":"BoxError","reason":"External Error","details":{},"message":"missing paged control","nestedError":{"stack":"PagedError: missing paged control\n    at SearchPager._onEnd (/home/yellowtent/box/node_modules/ldapjs/lib/client/search_pager.js:93:17)\n    at EventEmitter.emit (node:events:519:28)\n    at sendResult (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1194:22)\n    at messageCallback (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1222:16)\n    at Parser.onMessage (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:888:14)\n    at Parser.emit (node:events:519:28)\n    at Parser.write (/home/yellowtent/box/node_modules/ldapjs/lib/messages/parser.js:107:8)\n    at end (/home/yellowtent/box/node_modules/ldapjs/lib/messages/parser.js:62:36)\n    at Parser.write (/home/yellowtent/box/node_modules/ldapjs/lib/messages/parser.js:108:10)\n    at Socket.onData (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:875:22)","name":"PagedError","message":"missing paged control"}}}
BoxError: missing paged control
    at SearchPager.<anonymous> (/home/yellowtent/box/src/externalldap.js:162:48)
    at SearchPager.emit (node:events:519:28)
    at SearchPager.emit (/home/yellowtent/box/node_modules/ldapjs/lib/corked_emitter.js:44:33)
    at SearchPager._onEnd (/home/yellowtent/box/node_modules/ldapjs/lib/client/search_pager.js:103:12)
    at EventEmitter.emit (node:events:519:28)
    at sendResult (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1194:22)
    at messageCallback (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:1222:16)
    at Parser.onMessage (/home/yellowtent/box/node_modules/ldapjs/lib/client/client.js:888:14)
    at Parser.emit (node:events:519:28)
    at Parser.write (/home/yellowtent/box/node_modules/ldapjs/lib/messages/parser.js:107:8)

The ldapjs server that is being queried logs the following in debug mode:

DEBUG: 2025-02-25T07:37:59.816Z:  %s: sending: %j 1.2.3.4:54938 { status: 0, matchedDN: '', diagnosticMessage: '', referrals: [] }
TRACE: 2025-02-25T07:37:59.883Z:  %s shutdown 1.2.3.4:54938
TRACE: 2025-02-25T07:37:59.884Z:  %s close; had_err=%j 1.2.3.4:54938 false

Could this be related to paging? Can paging be disabled in Cloudron to test if that is the cause?

NCKNE

Update: Changing all occurrences of

paged: true

to

paged: false

in

/home/yellowtent/box/src/externalldap.js

Makes LDAP Sync work. Maybe adding a GUI option for paging in the LDAP sync configuration settings would be a good idea?

joseph

@NCKNE maybe this can be auto-detected. Can you run ldapsearch -x -s base -b "" supportedControl (per chatgpt) . If it has 1.2.840.113556.1.4.319 it means it has paged control extension it seems

joseph

Also https://github.com/glauth/glauth/issues/272 says they don't support paged

NCKNE

Yes, although I am not using glauth for LDAP, the server does not support paging. There seem to be various configurations that do not support paging, so an option to disable it in the Cloudron LDAP sync config would be nice.

joseph

@NCKNE were you able to run that command? trying to see if we can fix the code to simply auto-detect this and disable paging automatically (instead of adding an option) . my understanding is that paging is optional to ldap servers.

NCKNE

@joseph said in glauth ldap backend:

@NCKNE were you able to run that command? trying to see if we can fix the code to simply auto-detect this and disable paging automatically (instead of adding an option) . my understanding is that paging is optional to ldap servers.

That's a great idea! I ran the command but got the following response:

root@ldap-wrapper-r90:~# ldapsearch -x -s base -b "" supportedControl -H ldap://localhost:13389
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedControl 
#

# domain.de
dn: dc=domain,dc=de

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

girish

@NCKNE added in https://git.cloudron.io/platform/box/-/commit/f78f6634fa29e0ca638f482c8e4f941c885e6301 . It hasn't run through our CI yet, but maybe that works for you already . You can patch server at /home/yellowtent/box/src/externalldap.js .