Help wich ldap sync & auth

kramorov_k · May 21, 2021, 4:59am

Description

it is impossible to log into users who are created by the LDAP. after changing the password in the chat admin panel, enters.
deployed a test chat, of the same version, without users. everything is working. on the production server does not want. the LDAP settings are the same. I attach the login logs by e-mail:

May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by email test2@smartoworld.team
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by username
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user with by crowd_username test2@smartoworld.team
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug New user. User is not synced yet.
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Going to crowd: test2@smartoworld.team
May 21 11:22:22 rocket-enc rocketchat[820738]: Error sending request: connect ECONNREFUSED 127.0.0.1:80
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Error: connect ECONNREFUSED 127.0.0.1:80
May 21 11:22:22 rocket-enc rocketchat[820738]:     at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16)
May 21 11:22:22 rocket-enc rocketchat[820738]:     at TCPConnectWrap.callbackTrampoline (internal/async_hooks.js:126:14) {
May 21 11:22:22 rocket-enc rocketchat[820738]:   errno: 'ECONNREFUSED',
May 21 11:22:22 rocket-enc rocketchat[820738]:   code: 'ECONNREFUSED',
May 21 11:22:22 rocket-enc rocketchat[820738]:   syscall: 'connect',
May 21 11:22:22 rocket-enc rocketchat[820738]:   address: '127.0.0.1',
May 21 11:22:22 rocket-enc rocketchat[820738]:   port: 80
May 21 11:22:22 rocket-enc rocketchat[820738]: }
May 21 11:22:22 rocket-enc rocketchat[820738]: server.js:204 CROWD ➔ error Crowd user not authenticated due to an error```


by login:

```May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Init CROWD login ivanov_ivan
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug Local user found, redirecting to fallback login
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug User ivanov_ivan is not a valid crowd user, falling back
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Fallback to default account system { username: 'ivanov_ivan' }
May 21 11:46:00 rocket-enc rocketchat[820738]: API ➔ debug GET: /api/v1/users.list?offset=0&count=100```


server log, when manually starting synchronization:

```Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}]
Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: []
LDAP ➔ Connection.info Init setup
LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389
LDAP ➔ Connection.debug connectionOptions {
  url: 'ldap://srv-dc1.iternal(masked).local:389',
  timeout: 60000,
  connectTimeout: 1000,
  idleTimeout: 1000,
  reconnect: true
}
Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}]
LDAP ➔ Connection.info LDAP connected
LDAP ➔ Bind.info Binding UserDN ldap_agent
LDAP ➔ Search.info Searching user *
LDAP ➔ Search.debug searchOptions {
  filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))',
  scope: 'sub',
  sizeLimit: 1000,
  paged: { pageSize: 250, pagePause: true }
}
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Searching by id 706d64
LDAP ➔ Search.debug search filter (sAMAccountName=pmd)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Final Page
LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' }
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию
LDAPSync ➔ debug userQuery merge { username: 'test2' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug pmd is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "706d644074686567656f732e7275",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Searching by id 7465737432
LDAP ➔ Search.debug search filter (sAMAccountName=test2)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "746573743240736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'bot' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "746573743240736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot
TemplateVarHandler ➔ debug user does not have attribute: sn
LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' }
LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e
LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403]
    at handleError (packages/accounts-password/password_server.js:110:17)
    at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7)
    at createUser (packages/accounts-password/password_server.js:1130:3)
    at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10)
    at addLdapUser (app/ldap/server/sync.js:477:29)
    at app/ldap/server/sync.js:543:5
    at Array.forEach (<anonymous>)
    at app/ldap/server/sync.js:510:13
    at runWithEnvironment (packages/meteor.js:1286:24) {
  isClientSafe: true,
  error: 403,
  reason: 'Email already exists.',
  details: undefined,
  errorType: 'Meteor.Error'
}
LDAPSync ➔ debug userQuery {
  'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d'
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Import finished. Users imported: 3
API ➔ debug GET: /api/v1/users.list?offset=0&count=100

API ➔ debug GET: /api/v1/users.list?offset=100&count=100

LDAP ➔ Search.info Idle
LDAP ➔ Connection.info Disconecting
LDAP ➔ Search.info Closed
API ➔ debug GET: /api/v1/users.list?offset=0&count=100


Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}]
Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: []
LDAP ➔ Connection.info Init setup
LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389
LDAP ➔ Connection.debug connectionOptions {
  url: 'ldap://srv-dc1.iternal(masked).local:389',
  timeout: 60000,
  connectTimeout: 1000,
  idleTimeout: 1000,
  reconnect: true
}
Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}]
LDAP ➔ Connection.info LDAP connected
LDAP ➔ Bind.info Binding UserDN ldap_agent
LDAP ➔ Search.info Searching user *
LDAP ➔ Search.debug searchOptions {
  filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))',
  scope: 'sub',
  sizeLimit: 1000,
  paged: { pageSize: 250, pagePause: true }
}
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Searching by id 706d64
LDAP ➔ Search.debug search filter (sAMAccountName=pmd)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Final Page
LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' }
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию
LDAPSync ➔ debug userQuery merge { username: 'test2' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug pmd is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "706d644074686567656f732e7275",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Searching by id 7465737432
LDAP ➔ Search.debug search filter (sAMAccountName=test2)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "746573743240736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'bot' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "746573743240736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot
TemplateVarHandler ➔ debug user does not have attribute: sn
LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' }
LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e
LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403]
    at handleError (packages/accounts-password/password_server.js:110:17)
    at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7)
    at createUser (packages/accounts-password/password_server.js:1130:3)
    at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10)
    at addLdapUser (app/ldap/server/sync.js:477:29)
    at app/ldap/server/sync.js:543:5
    at Array.forEach (<anonymous>)
    at app/ldap/server/sync.js:510:13
    at runWithEnvironment (packages/meteor.js:1286:24) {
  isClientSafe: true,
  error: 403,
  reason: 'Email already exists.',
  details: undefined,
  errorType: 'Meteor.Error'
}
LDAPSync ➔ debug userQuery {
  'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d'
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
  "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
  "services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Import finished. Users imported: 3
API ➔ debug GET: /api/v1/users.list?offset=0&count=100

API ➔ debug GET: /api/v1/users.list?offset=100&count=100

LDAP ➔ Search.info Idle
LDAP ➔ Connection.info Disconecting
LDAP ➔ Search.info Closed
API ➔ debug GET: /api/v1/users.list?offset=0&count=100```

and ldap settings:

https://ibb.co/s2Rnwtr

Can you please tell me what I'm doing wrong?

### Server Setup Information

- Version of Rocket.Chat Server: 3.14.1
- Operating System: ubuntu 20.04
- Deployment Method: tar
- Number of Running Instances: iZ9gQo5te2fSsMhRu
- DB Replicaset Oplog: 
- NodeJS Version: v12.21.0
- MongoDB Version: 4.0.23 / mmapv1 (oplog Включено)
- Proxy: nginx (4443 oublic port, 3000 internal, from nginx to Node)
- Firewalls involved: - 

### Any additional Information
<!-- logs, additional setup information, anything extra you did in the setup or variables not included in any guide you followed -->

john.crisp · May 21, 2021, 11:00am

Hi.

First it looks like you are using Crowd?

But you also have an LDAP server too?

Can you explain this a little bit more?

john.crisp · May 21, 2021, 11:14am

For reference I also note you issue here.

github.com/RocketChat/Rocket.Chat

sync existing server witch LDAP microsoft AD

opened 05:43AM - 21 May 21 UTC

closed 11:14AM - 21 May 21 UTC

KraMorK

### Description: it is impossible to log into users who are created by the LDAP. after changing the password in the chat admin panel, enters. deployed a test chat, of the same version, without users. everything is working. on the production server does not want. the LDAP settings are the same. ### Steps to reproduce: 1.  connect LDAP 2. 3. ### Expected behavior: ### Actual behavior: ### Server Setup Information: - Version of Rocket.Chat Server: 3.14.1 - Operating System: ubuntu 20.04 - Deployment Method: tar - Number of Running Instances: iZ9gQo5te2fSsMhRu - DB Replicaset Oplog: - NodeJS Version: v12.21.0 - MongoDB Version: 4.0.23 / mmapv1 (oplog Включено) - Proxy: nginx (4443 public port, 3000 internal, from nginx to Node) - Firewalls involved: - ### Client Setup Information - Desktop App or Browser Version: all client and browser - Operating System: all OS ### Additional context ### Relevant logs: I attach the login logs by e-mail: ```May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ info Init CROWD login test2@smartoworld.team May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by email test2@smartoworld.team May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by username May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user with by crowd_username test2@smartoworld.team May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug New user. User is not synced yet. May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Going to crowd: test2@smartoworld.team May 21 11:22:22 rocket-enc rocketchat[820738]: Error sending request: connect ECONNREFUSED 127.0.0.1:80 May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Error: connect ECONNREFUSED 127.0.0.1:80 May 21 11:22:22 rocket-enc rocketchat[820738]: at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16) May 21 11:22:22 rocket-enc rocketchat[820738]: at TCPConnectWrap.callbackTrampoline (internal/async_hooks.js:126:14) { May 21 11:22:22 rocket-enc rocketchat[820738]: errno: 'ECONNREFUSED', May 21 11:22:22 rocket-enc rocketchat[820738]: code: 'ECONNREFUSED', May 21 11:22:22 rocket-enc rocketchat[820738]: syscall: 'connect', May 21 11:22:22 rocket-enc rocketchat[820738]: address: '127.0.0.1', May 21 11:22:22 rocket-enc rocketchat[820738]: port: 80 May 21 11:22:22 rocket-enc rocketchat[820738]: } May 21 11:22:22 rocket-enc rocketchat[820738]: server.js:204 CROWD ➔ error Crowd user not authenticated due to an error``` by login: ```May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Init CROWD login ivanov_ivan May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug Local user found, redirecting to fallback login May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug User ivanov_ivan is not a valid crowd user, falling back May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Fallback to default account system { username: 'ivanov_ivan' } May 21 11:46:00 rocket-enc rocketchat[820738]: API ➔ debug GET: /api/v1/users.list?offset=0&count=100``` server log, when manually starting synchronization: ```Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}] Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: [] LDAP ➔ Connection.info Init setup LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389 LDAP ➔ Connection.debug connectionOptions { url: 'ldap://srv-dc1.iternal(masked).local:389', timeout: 60000, connectTimeout: 1000, idleTimeout: 1000, reconnect: true } Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}] LDAP ➔ Connection.info LDAP connected LDAP ➔ Bind.info Binding UserDN ldap_agent LDAP ➔ Search.info Searching user * LDAP ➔ Search.debug searchOptions { filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))', scope: 'sub', sizeLimit: 1000, paged: { pageSize: 250, pagePause: true } } LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Searching by id 706d64 LDAP ➔ Search.debug search filter (sAMAccountName=pmd) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Final Page LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' } LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию LDAPSync ➔ debug userQuery merge { username: 'test2' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug pmd is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "706d644074686567656f732e7275", "services.ldap.idAttribute": "mail" } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAP ➔ Search.info Searching by id 7465737432 LDAP ➔ Search.debug search filter (sAMAccountName=test2) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug test2 is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "746573743240736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ debug userQuery merge { username: 'bot' } LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug test2 is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "746573743240736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot TemplateVarHandler ➔ debug user does not have attribute: sn LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' } LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403] at handleError (packages/accounts-password/password_server.js:110:17) at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7) at createUser (packages/accounts-password/password_server.js:1130:3) at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10) at addLdapUser (app/ldap/server/sync.js:477:29) at app/ldap/server/sync.js:543:5 at Array.forEach (<anonymous>) at app/ldap/server/sync.js:510:13 at runWithEnvironment (packages/meteor.js:1286:24) { isClientSafe: true, error: 403, reason: 'Email already exists.', details: undefined, errorType: 'Meteor.Error' } LDAPSync ➔ debug userQuery { 'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' } LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAPSync ➔ info Import finished. Users imported: 3 API ➔ debug GET: /api/v1/users.list?offset=0&count=100 API ➔ debug GET: /api/v1/users.list?offset=100&count=100 LDAP ➔ Search.info Idle LDAP ➔ Connection.info Disconecting LDAP ➔ Search.info Closed API ➔ debug GET: /api/v1/users.list?offset=0&count=100 Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}] Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: [] LDAP ➔ Connection.info Init setup LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389 LDAP ➔ Connection.debug connectionOptions { url: 'ldap://srv-dc1.iternal(masked).local:389', timeout: 60000, connectTimeout: 1000, idleTimeout: 1000, reconnect: true } Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}] LDAP ➔ Connection.info LDAP connected LDAP ➔ Bind.info Binding UserDN ldap_agent LDAP ➔ Search.info Searching user * LDAP ➔ Search.debug searchOptions { filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))', scope: 'sub', sizeLimit: 1000, paged: { pageSize: 250, pagePause: true } } LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Searching by id 706d64 LDAP ➔ Search.debug search filter (sAMAccountName=pmd) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Final Page LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' } LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию LDAPSync ➔ debug userQuery merge { username: 'test2' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug pmd is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "706d644074686567656f732e7275", "services.ldap.idAttribute": "mail" } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAP ➔ Search.info Searching by id 7465737432 LDAP ➔ Search.debug search filter (sAMAccountName=test2) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug test2 is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "746573743240736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ debug userQuery merge { username: 'bot' } LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug test2 is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "746573743240736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot TemplateVarHandler ➔ debug user does not have attribute: sn LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' } LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan) LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL LDAP ➔ Search.info Search result count 1 LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403] at handleError (packages/accounts-password/password_server.js:110:17) at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7) at createUser (packages/accounts-password/password_server.js:1130:3) at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10) at addLdapUser (app/ldap/server/sync.js:477:29) at app/ldap/server/sync.js:543:5 at Array.forEach (<anonymous>) at app/ldap/server/sync.js:510:13 at runWithEnvironment (packages/meteor.js:1286:24) { isClientSafe: true, error: 403, reason: 'Email already exists.', details: undefined, errorType: 'Meteor.Error' } LDAPSync ➔ debug userQuery { 'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d' } LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' } LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAPSync ➔ info Syncing user data LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' } LDAPSync ➔ debug ldapUser undefined TemplateVarHandler ➔ debug template found. replacing values TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin LDAP ➔ Search.info Search result count 0 LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!! LDAPSync ➔ debug User Role doesn't exist: support LDAPSync ➔ debug not syncing groups to channels LDAPSync ➔ debug setting { "services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d", "services.ldap.idAttribute": "mail" } LDAPSync ➔ info Import finished. Users imported: 3 API ➔ debug GET: /api/v1/users.list?offset=0&count=100 API ➔ debug GET: /api/v1/users.list?offset=100&count=100 LDAP ➔ Search.info Idle LDAP ➔ Connection.info Disconecting LDAP ➔ Search.info Closed API ➔ debug GET: /api/v1/users.list?offset=0&count=100``` and ldap settings: https://ibb.co/s2Rnwtr Can you please tell me what I'm doing wrong?

Please stay in the forums unless we can prove it really is a bug. Thanks.

kramorov_k · May 24, 2021, 2:38am

it was not in vain that you drew my attention to CROWD
it was an old, unused connection. after turning it off, everything worked right away
there is still a small problem with the fact that it is not possible to issue the administrator role in ldap
using microsoft hell
ldap settings are in the screenshot ldap-setting — ImgBB
I suspect I am wrong in the parameters
User Group Filter
(& (objectClass = user) (memberOf = cn = RocketUsers, ou = group, ou = iternal, dc = external, dc = domain))
LDAP Group BaseDN
CN = RocketUsers, OU = group, OU = iternal, DC = external, DC = domain
User Data Group Map

"RocketAdmin": "Admin"
}

RocketUsers - my OU with all users RocketChat
RocketAdmin - my OU with admin RocketChat
Thanks

Topic		Replies	Views
LDAP configured correctly, but user list not updating Community Support rocketchat-apps	3	1203	February 3, 2022
Ldap users unable to login to rocket chat Community Support	2	1410	February 28, 2018
LDAP Groups not functional Community Support	4	4012	February 12, 2020
LDAP-Issues #9000 #9834 #11841 Community Support	1	2123	April 24, 2019
Migrate users to LDAP (long) after initial users creations Community Support	0	609	April 3, 2020

Join our Community Open Call tomorrow where we'll share more details regarding recent changes and answer questions about updating your workspace to the latest Rocket.Chat

Help wich ldap sync & auth

Description

Related Topics