Another LDAP/OIDC sync issue - admin can't login
-
It seems to be a continuation of issues I'm facing, including the latest one.
Since OIDC has been introduced, and after Cloudron 7.5.* version I keep facing many instabilities and issues.Now the problem is that I can't login with superadmin user to the dashboard.
Here is a schema:
LDAP client sync users from LDAP master. It seems like all users can login into LDAP client Cloudron, except for admin user.Impersonating works. But not an LDAP based auth. I have only one superadmin, so I'm not sure if that's exactly the problem or if there are other related things affecting.
The problem first noticed at 7.5.2, but I updated to 7.6.1 and the issue still persist.
The only error I'm seeing - it's 'Internal error, try again later'.
Console gives a bit more information:[Error] Failed to load resource: the server responded with a status of 401 () (login, line 0)It also shows that 401 error handler is failing at 138 line - screenshot of that piece attached.
-
btw: nothing in box, nginx logs.
-
Superadmin has 2FA enabled. Guess it could be also a problem.
-
@nebulon said in Another LDAP/OIDC sync issue - admin can't login:
What is the 401 response message body/text?
Seems to be empty:
As a guess: do you handle 2FA auth from slave/client LDAP Cloudron? I would guess it's a corner case and it's not handled.
-
Apologies, any updates on that?
-
It seems to be a continuation of issues I'm facing, including the latest one.
Since OIDC has been introduced, and after Cloudron 7.5.* version I keep facing many instabilities and issues.Now the problem is that I can't login with superadmin user to the dashboard.
Here is a schema:
LDAP client sync users from LDAP master. It seems like all users can login into LDAP client Cloudron, except for admin user.Impersonating works. But not an LDAP based auth. I have only one superadmin, so I'm not sure if that's exactly the problem or if there are other related things affecting.
The problem first noticed at 7.5.2, but I updated to 7.6.1 and the issue still persist.
The only error I'm seeing - it's 'Internal error, try again later'.
Console gives a bit more information:[Error] Failed to load resource: the server responded with a status of 401 () (login, line 0)It also shows that 401 error handler is failing at 138 line - screenshot of that piece attached.
@potemkin_ai said in Another LDAP/OIDC sync issue - admin can't login:
The only error I'm seeing - it's 'Internal error, try again later'.
I have fixed this part. When a username is valid but just the password is incorrect, it displays 'Internal error' incorrectly.
I will test the 2FA part tomorrow and get back.
-
There was a bug that 2FA is not enforced when it should be. I have fixed this now.
- Is the admin user in the client synced properly ? Note that the ldap connector does not sync with a cron job, you have to press the sync button manually. Do you see a 'External directory user' icon to the right of the user like below?
- Are you able to login without 2fa ?
-
Are you able to login without 2fa
yep - by setting up temporary password with cloudron cli tool
Note that the ldap connector does not sync with a cron job, you have to press the sync button manually.
Not valid - as otherwise I wouldn't be able to login with temporary password - user wouldn't exist.
Manual sync - yes, sure. My logins worked up till I setup 2FA on admin on master server.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login