Another LDAP/OIDC sync issue - admin can't login
-
It seems to be a continuation of issues I'm facing, including the latest one.
Since OIDC has been introduced, and after Cloudron 7.5.* version I keep facing many instabilities and issues.Now the problem is that I can't login with superadmin user to the dashboard.
Here is a schema:
LDAP client sync users from LDAP master. It seems like all users can login into LDAP client Cloudron, except for admin user.Impersonating works. But not an LDAP based auth. I have only one superadmin, so I'm not sure if that's exactly the problem or if there are other related things affecting.
The problem first noticed at 7.5.2, but I updated to 7.6.1 and the issue still persist.
The only error I'm seeing - it's 'Internal error, try again later'.
Console gives a bit more information:[Error] Failed to load resource: the server responded with a status of 401 () (login, line 0)It also shows that 401 error handler is failing at 138 line - screenshot of that piece attached.
-
btw: nothing in box, nginx logs.
-
Superadmin has 2FA enabled. Guess it could be also a problem.
-
-
@nebulon said in Another LDAP/OIDC sync issue - admin can't login:
What is the 401 response message body/text?
Seems to be empty:
As a guess: do you handle 2FA auth from slave/client LDAP Cloudron? I would guess it's a corner case and it's not handled.
-
Apologies, any updates on that?
-
@potemkin_ai said in Another LDAP/OIDC sync issue - admin can't login:
The only error I'm seeing - it's 'Internal error, try again later'.
I have fixed this part. When a username is valid but just the password is incorrect, it displays 'Internal error' incorrectly.
I will test the 2FA part tomorrow and get back.
-
There was a bug that 2FA is not enforced when it should be. I have fixed this now.
- Is the admin user in the client synced properly ? Note that the ldap connector does not sync with a cron job, you have to press the sync button manually. Do you see a 'External directory user' icon to the right of the user like below?
- Are you able to login without 2fa ?
-
Are you able to login without 2fa
yep - by setting up temporary password with cloudron cli tool
Note that the ldap connector does not sync with a cron job, you have to press the sync button manually.
Not valid - as otherwise I wouldn't be able to login with temporary password - user wouldn't exist.
Manual sync - yes, sure. My logins worked up till I setup 2FA on admin on master server.
