Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Another LDAP/OIDC sync issue - admin can't login

Another LDAP/OIDC sync issue - admin can't login

Scheduled Pinned Locked Moved Support
9 Posts 3 Posters 586 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by
    #1

    It seems to be a continuation of issues I'm facing, including the latest one.
    Since OIDC has been introduced, and after Cloudron 7.5.* version I keep facing many instabilities and issues.

    Now the problem is that I can't login with superadmin user to the dashboard.

    Here is a schema:
    LDAP client sync users from LDAP master. It seems like all users can login into LDAP client Cloudron, except for admin user.

    Impersonating works. But not an LDAP based auth. I have only one superadmin, so I'm not sure if that's exactly the problem or if there are other related things affecting.

    The problem first noticed at 7.5.2, but I updated to 7.6.1 and the issue still persist.

    The only error I'm seeing - it's 'Internal error, try again later'.
    Console gives a bit more information:

    [Error] Failed to load resource: the server responded with a status of 401 () (login, line 0)
    

    It also shows that 401 error handler is failing at 138 line - screenshot of that piece attached.

    Screenshot 2023-12-08 at 21.28.24.png

    girishG 1 Reply Last reply
    0
    • potemkin_aiP Offline
      potemkin_aiP Offline
      potemkin_ai
      wrote on last edited by
      #2

      btw: nothing in box, nginx logs.

      1 Reply Last reply
      0
      • potemkin_aiP Offline
        potemkin_aiP Offline
        potemkin_ai
        wrote on last edited by
        #3

        Superadmin has 2FA enabled. Guess it could be also a problem.

        1 Reply Last reply
        0
        • nebulonN Offline
          nebulonN Offline
          nebulon
          Staff
          wrote on last edited by
          #4

          What is the 401 response message body/text?

          potemkin_aiP 1 Reply Last reply
          0
          • nebulonN nebulon

            What is the 401 response message body/text?

            potemkin_aiP Offline
            potemkin_aiP Offline
            potemkin_ai
            wrote on last edited by
            #5

            @nebulon said in Another LDAP/OIDC sync issue - admin can't login:

            What is the 401 response message body/text?

            Seems to be empty:

            Screenshot 2023-12-10 at 21.41.15.png

            As a guess: do you handle 2FA auth from slave/client LDAP Cloudron? I would guess it's a corner case and it's not handled.

            1 Reply Last reply
            0
            • potemkin_aiP Offline
              potemkin_aiP Offline
              potemkin_ai
              wrote on last edited by
              #6

              Apologies, any updates on that?

              1 Reply Last reply
              0
              • potemkin_aiP potemkin_ai

                It seems to be a continuation of issues I'm facing, including the latest one.
                Since OIDC has been introduced, and after Cloudron 7.5.* version I keep facing many instabilities and issues.

                Now the problem is that I can't login with superadmin user to the dashboard.

                Here is a schema:
                LDAP client sync users from LDAP master. It seems like all users can login into LDAP client Cloudron, except for admin user.

                Impersonating works. But not an LDAP based auth. I have only one superadmin, so I'm not sure if that's exactly the problem or if there are other related things affecting.

                The problem first noticed at 7.5.2, but I updated to 7.6.1 and the issue still persist.

                The only error I'm seeing - it's 'Internal error, try again later'.
                Console gives a bit more information:

                [Error] Failed to load resource: the server responded with a status of 401 () (login, line 0)
                

                It also shows that 401 error handler is failing at 138 line - screenshot of that piece attached.

                Screenshot 2023-12-08 at 21.28.24.png

                girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #7

                @potemkin_ai said in Another LDAP/OIDC sync issue - admin can't login:

                The only error I'm seeing - it's 'Internal error, try again later'.

                I have fixed this part. When a username is valid but just the password is incorrect, it displays 'Internal error' incorrectly.

                I will test the 2FA part tomorrow and get back.

                1 Reply Last reply
                0
                • girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by girish
                  #8

                  There was a bug that 2FA is not enforced when it should be. I have fixed this now.

                  • Is the admin user in the client synced properly ? Note that the ldap connector does not sync with a cron job, you have to press the sync button manually. Do you see a 'External directory user' icon to the right of the user like below?
                  • Are you able to login without 2fa ?

                  image.png

                  1 Reply Last reply
                  1
                  • potemkin_aiP Offline
                    potemkin_aiP Offline
                    potemkin_ai
                    wrote on last edited by
                    #9

                    Are you able to login without 2fa

                    yep - by setting up temporary password with cloudron cli tool

                    Note that the ldap connector does not sync with a cron job, you have to press the sync button manually.

                    Not valid - as otherwise I wouldn't be able to login with temporary password - user wouldn't exist.

                    Manual sync - yes, sure. My logins worked up till I setup 2FA on admin on master server.

                    1 Reply Last reply
                    0
                    Reply
                    • Reply as topic
                    Log in to reply
                    • Oldest to Newest
                    • Newest to Oldest
                    • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • Bookmarks
                    • Search