Help wich ldap sync & auth

kramorov_k · May 21, 2021, 4:59am

Description

it is impossible to log into users who are created by the LDAP. after changing the password in the chat admin panel, enters.
deployed a test chat, of the same version, without users. everything is working. on the production server does not want. the LDAP settings are the same. I attach the login logs by e-mail:

May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by email test2@smartoworld.team
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by username
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user with by crowd_username test2@smartoworld.team
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug New user. User is not synced yet.
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Going to crowd: test2@smartoworld.team
May 21 11:22:22 rocket-enc rocketchat[820738]: Error sending request: connect ECONNREFUSED 127.0.0.1:80
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Error: connect ECONNREFUSED 127.0.0.1:80
May 21 11:22:22 rocket-enc rocketchat[820738]:     at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16)
May 21 11:22:22 rocket-enc rocketchat[820738]:     at TCPConnectWrap.callbackTrampoline (internal/async_hooks.js:126:14) {
May 21 11:22:22 rocket-enc rocketchat[820738]:   errno: 'ECONNREFUSED',
May 21 11:22:22 rocket-enc rocketchat[820738]:   code: 'ECONNREFUSED',
May 21 11:22:22 rocket-enc rocketchat[820738]:   syscall: 'connect',
May 21 11:22:22 rocket-enc rocketchat[820738]:   address: '127.0.0.1',
May 21 11:22:22 rocket-enc rocketchat[820738]:   port: 80
May 21 11:22:22 rocket-enc rocketchat[820738]: }
May 21 11:22:22 rocket-enc rocketchat[820738]: server.js:204 CROWD ➔ error Crowd user not authenticated due to an error```


by login:

```May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Init CROWD login ivanov_ivan
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug Local user found, redirecting to fallback login
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug User ivanov_ivan is not a valid crowd user, falling back
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Fallback to default account system { username: 'ivanov_ivan' }
May 21 11:46:00 rocket-enc rocketchat[820738]: API ➔ debug GET: /api/v1/users.list?offset=0&count=100```


server log, when manually starting synchronization:

```Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}]
Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: []
LDAP ➔ Connection.info Init setup
LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389
LDAP ➔ Connection.debug connectionOptions {
  url: 'ldap://srv-dc1.iternal(masked).local:389',
  timeout: 60000,
  connectTimeout: 1000,
  idleTimeout: 1000,
  reconnect: true
}
Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}]
LDAP ➔ Connection.info LDAP connected
LDAP ➔ Bind.info Binding UserDN ldap_agent
LDAP ➔ Search.info Searching user *
LDAP ➔ Search.debug searchOptions {
  filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))',
  scope: 'sub',
  sizeLimit: 1000,
  paged: { pageSize: 250, pagePause: true }
}
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Searching by id 706d64
LDAP ➔ Search.debug search filter (sAMAccountName=pmd)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Final Page
LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' }
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию
LDAPSync ➔ debug userQuery merge { username: 'test2' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug pmd is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "706d644074686567656f732e7275",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Searching by id 7465737432
LDAP ➔ Search.debug search filter (sAMAccountName=test2)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "746573743240736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'bot' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "746573743240736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot
TemplateVarHandler ➔ debug user does not have attribute: sn
LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' }
LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e
LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403]
    at handleError (packages/accounts-password/password_server.js:110:17)
    at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7)
    at createUser (packages/accounts-password/password_server.js:1130:3)
    at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10)
    at addLdapUser (app/ldap/server/sync.js:477:29)
    at app/ldap/server/sync.js:543:5
    at Array.forEach (<anonymous>)
    at app/ldap/server/sync.js:510:13
    at runWithEnvironment (packages/meteor.js:1286:24) {
  isClientSafe: true,
  error: 403,
  reason: 'Email already exists.',
  details: undefined,
  errorType: 'Meteor.Error'
}
LDAPSync ➔ debug userQuery {
  'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d'
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Import finished. Users imported: 3
API ➔ debug GET: /api/v1/users.list?offset=0&count=100

API ➔ debug GET: /api/v1/users.list?offset=100&count=100

LDAP ➔ Search.info Idle
LDAP ➔ Connection.info Disconecting
LDAP ➔ Search.info Closed
API ➔ debug GET: /api/v1/users.list?offset=0&count=100


Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}]
Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: []
LDAP ➔ Connection.info Init setup
LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389
LDAP ➔ Connection.debug connectionOptions {
  url: 'ldap://srv-dc1.iternal(masked).local:389',
  timeout: 60000,
  connectTimeout: 1000,
  idleTimeout: 1000,
  reconnect: true
}
Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}]
LDAP ➔ Connection.info LDAP connected
LDAP ➔ Bind.info Binding UserDN ldap_agent
LDAP ➔ Search.info Searching user *
LDAP ➔ Search.debug searchOptions {
  filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))',
  scope: 'sub',
  sizeLimit: 1000,
  paged: { pageSize: 250, pagePause: true }
}
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Searching by id 706d64
LDAP ➔ Search.debug search filter (sAMAccountName=pmd)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Final Page
LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' }
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию
LDAPSync ➔ debug userQuery merge { username: 'test2' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug pmd is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "706d644074686567656f732e7275",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Searching by id 7465737432
LDAP ➔ Search.debug search filter (sAMAccountName=test2)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "746573743240736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'bot' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "746573743240736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot
TemplateVarHandler ➔ debug user does not have attribute: sn
LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' }
LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e
LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403]
    at handleError (packages/accounts-password/password_server.js:110:17)
    at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7)
    at createUser (packages/accounts-password/password_server.js:1130:3)
    at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10)
    at addLdapUser (app/ldap/server/sync.js:477:29)
    at app/ldap/server/sync.js:543:5
    at Array.forEach (<anonymous>)
    at app/ldap/server/sync.js:510:13
    at runWithEnvironment (packages/meteor.js:1286:24) {
  isClientSafe: true,
  error: 403,
  reason: 'Email already exists.',
  details: undefined,
  errorType: 'Meteor.Error'
}
LDAPSync ➔ debug userQuery {
  'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d'
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Import finished. Users imported: 3
API ➔ debug GET: /api/v1/users.list?offset=0&count=100

API ➔ debug GET: /api/v1/users.list?offset=100&count=100

LDAP ➔ Search.info Idle
LDAP ➔ Connection.info Disconecting
LDAP ➔ Search.info Closed
API ➔ debug GET: /api/v1/users.list?offset=0&count=100```

and ldap settings:

https://ibb.co/s2Rnwtr

Can you please tell me what I'm doing wrong?

### Server Setup Information

- Version of Rocket.Chat Server: 3.14.1
- Operating System: ubuntu 20.04
- Deployment Method: tar
- Number of Running Instances: iZ9gQo5te2fSsMhRu
- DB Replicaset Oplog: 
- NodeJS Version: v12.21.0
- MongoDB Version: 4.0.23 / mmapv1 (oplog Включено)
- Proxy: nginx (4443 oublic port, 3000 internal, from nginx to Node)
- Firewalls involved: - 

### Any additional Information
<!-- logs, additional setup information, anything extra you did in the setup or variables not included in any guide you followed -->

john.crisp · May 21, 2021, 11:00am

Hi.

First it looks like you are using Crowd?

But you also have an LDAP server too?

Can you explain this a little bit more?

john.crisp · May 21, 2021, 11:14am

For reference I also note you issue here.

github.com/RocketChat/Rocket.Chat

sync existing server witch LDAP microsoft AD

opened 05:43AM - 21 May 21 UTC

closed 11:14AM - 21 May 21 UTC

KraMorK

### Description: it is impossible to log into users who are created by the LDAP. after changing the password in the chat admin panel, enters. deployed a test chat, of the same version, without users. everything is working. on the production server does not want. the LDAP settings are the same. ### Steps to reproduce: 1.  connect LDAP 2. 3. ### Expected behavior: ### Actual behavior: ### Server Setup Information: - Version of Rocket.Chat Server: 3.14.1 - Operating System: ubuntu 20.04 - Deployment Method: tar - Number of Running Instances: iZ9gQo5te2fSsMhRu - DB Replicaset Oplog: - NodeJS Version: v12.21.0 - MongoDB Version: 4.0.23 / mmapv1 (oplog Включено) - Proxy: nginx (4443 public port, 3000 internal, from nginx to Node) - Firewalls involved: - ### Client Setup Information - Desktop App or Browser Version: all client and browser - Operating System: all OS ### Additional context ### Relevant logs: I attach the login logs by e-mail: ```May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ info Init CROWD login test2@smartoworld.team May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by email test2@smartoworld.team May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by username May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user with by crowd_username test2@smartoworld.team May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug New user. User is not synced yet. May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Going to crowd: test2@smartoworld.team May 21 11:22:22 rocket-enc rocketchat[820738]: Error sending request: connect ECONNREFUSED 127.0.0.1:80 May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Error: connect ECONNREFUSED 127.0.0.1:80 May 21 11:22:22 rocket-enc rocketchat[820738]: at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16) May 21 11:22:22 rocket-enc rocketchat[820738]: at TCPConnectWrap.callbackTrampoline (internal/async_hooks.js:126:14) { May 21 11:22:22 rocket-enc rocketchat[820738]: errno: 'ECONNREFUSED', May 21 11:22:22 rocket-enc rocketchat[820738]: code: 'ECONNREFUSED', May 21 11:22:22 rocket-enc rocketchat[820738]: syscall: 'connect', May 21 11:22:22 rocket-enc rocketchat[820738]: address: '127.0.0.1', May 21 11:22:22 rocket-enc rocketchat[820738]: port: 80 May 21 11:22:22 rocket-enc rocketchat[820738]: } May 21 11:22:22 rocket-enc rocketchat[820738]: server.js:204 CROWD ➔ error Crowd user not authenticated due to an error``` by login: ```May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Init CROWD login ivanov_ivan May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug Local user found, redirecting to fallback login May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug User ivanov_ivan is not a valid crowd user, falling back May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Fallback to default account system { username: 'ivanov_ivan' } May 21 11:46:00 rocket-enc rocketchat[820738]: API ➔ debug GET: /api/v1/users.list?offset=0&count=100``` server log, when manually starting synchronization: ```Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}] Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: [] LDAP ➔ Connection.info Init setup LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389 LDAP ➔ Connection.debug connectionOptions { url: 'ldap://srv-dc1.iternal(masked).local:389', timeout: 60000, connectTimeout: 1000, idleTimeout: 1000, reconnect: true } Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}] LDAP ➔ Connection.info LDAP connected LDAP ➔ Bind.info Binding UserDN ldap_agent LDAP ➔ Search.info Searching user * LDAP ➔ Search.debug searchOptions { filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))', scope: 'sub', sizeLimit: 1000, paged: { pageSize: 250, pagePause: true } } LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Searching by id 706d64 LDAP ➔ Search.debug search filter (sAMAccountName=pmd) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Final Page LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' } LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию LDAPSync ➔ debug userQuery merge { username: 'test2' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug pmd is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "706d644074686567656f732e7275", "services.ldap.idAttribute": "mail" } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAP ➔ Search.info Searching by id 7465737432 LDAP ➔ Search.debug search filter (sAMAccountName=test2) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug test2 is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "746573743240736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ debug userQuery merge { username: 'bot' } LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug test2 is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "746573743240736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot TemplateVarHandler ➔ debug user does not have attribute: sn LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' } LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403] at handleError (packages/accounts-password/password_server.js:110:17) at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7) at createUser (packages/accounts-password/password_server.js:1130:3) at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10) at addLdapUser (app/ldap/server/sync.js:477:29) at app/ldap/server/sync.js:543:5 at Array.forEach (<anonymous>) at app/ldap/server/sync.js:510:13 at runWithEnvironment (packages/meteor.js:1286:24) { isClientSafe: true, error: 403, reason: 'Email already exists.', details: undefined, errorType: 'Meteor.Error' } LDAPSync ➔ debug userQuery { 'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' } LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAPSync ➔ info Import finished. Users imported: 3 API ➔ debug GET: /api/v1/users.list?offset=0&count=100 API ➔ debug GET: /api/v1/users.list?offset=100&count=100 LDAP ➔ Search.info Idle LDAP ➔ Connection.info Disconecting LDAP ➔ Search.info Closed API ➔ debug GET: /api/v1/users.list?offset=0&count=100 Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}] Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: [] LDAP ➔ Connection.info Init setup LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389 LDAP ➔ Connection.debug connectionOptions { url: 'ldap://srv-dc1.iternal(masked).local:389', timeout: 60000, connectTimeout: 1000, idleTimeout: 1000, reconnect: true } Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}] LDAP ➔ Connection.info LDAP connected LDAP ➔ Bind.info Binding UserDN ldap_agent LDAP ➔ Search.info Searching user * LDAP ➔ Search.debug searchOptions { filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))', scope: 'sub', sizeLimit: 1000, paged: { pageSize: 250, pagePause: true } } LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Searching by id 706d64 LDAP ➔ Search.debug search filter (sAMAccountName=pmd) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Final Page LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' } LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию LDAPSync ➔ debug userQuery merge { username: 'test2' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug pmd is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "706d644074686567656f732e7275", "services.ldap.idAttribute": "mail" } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAP ➔ Search.info Searching by id 7465737432 LDAP ➔ Search.debug search filter (sAMAccountName=test2) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug test2 is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "746573743240736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ debug userQuery merge { username: 'bot' } LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug test2 is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "746573743240736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot TemplateVarHandler ➔ debug user does not have attribute: sn LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' } LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403] at handleError (packages/accounts-password/password_server.js:110:17) at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7) at createUser (packages/accounts-password/password_server.js:1130:3) at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10) at addLdapUser (app/ldap/server/sync.js:477:29) at app/ldap/server/sync.js:543:5 at Array.forEach (<anonymous>) at app/ldap/server/sync.js:510:13 at runWithEnvironment (packages/meteor.js:1286:24) { isClientSafe: true, error: 403, reason: 'Email already exists.', details: undefined, errorType: 'Meteor.Error' } LDAPSync ➔ debug userQuery { 'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' } LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAPSync ➔ info Import finished. Users imported: 3 API ➔ debug GET: /api/v1/users.list?offset=0&count=100 API ➔ debug GET: /api/v1/users.list?offset=100&count=100 LDAP ➔ Search.info Idle LDAP ➔ Connection.info Disconecting LDAP ➔ Search.info Closed API ➔ debug GET: /api/v1/users.list?offset=0&count=100``` and ldap settings: https://ibb.co/s2Rnwtr Can you please tell me what I'm doing wrong?

Please stay in the forums unless we can prove it really is a bug. Thanks.

kramorov_k · May 24, 2021, 2:38am

it was not in vain that you drew my attention to CROWD
it was an old, unused connection. after turning it off, everything worked right away
there is still a small problem with the fact that it is not possible to issue the administrator role in ldap
using microsoft hell
ldap settings are in the screenshot ldap-setting — ImgBB
I suspect I am wrong in the parameters
User Group Filter
(& (objectClass = user) (memberOf = cn = RocketUsers, ou = group, ou = iternal, dc = external, dc = domain))
LDAP Group BaseDN
CN = RocketUsers, OU = group, OU = iternal, DC = external, DC = domain
User Data Group Map

"RocketAdmin": "Admin"
}

RocketUsers - my OU with all users RocketChat
RocketAdmin - my OU with admin RocketChat
Thanks

Topic		Replies	Views
LDAP configured correctly, but user list not updating Community Support rocketchat-apps	3	1425	February 3, 2022
Ldap users unable to login to rocket chat Community Support	2	1490	February 28, 2018
LDAP Groups not functional Community Support	4	4139	February 12, 2020
LDAP-Issues #9000 #9834 #11841 Community Support	1	2206	April 24, 2019
Migrate users to LDAP (long) after initial users creations Community Support	0	668	April 3, 2020

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

Help wich ldap sync & auth

Description

Related topics