Description
it is impossible to log into users who are created by the LDAP. after changing the password in the chat admin panel, enters.
deployed a test chat, of the same version, without users. everything is working. on the production server does not want. the LDAP settings are the same. I attach the login logs by e-mail:
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by email test2@smartoworld.team
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user by username
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Could not find a user with by crowd_username test2@smartoworld.team
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug New user. User is not synced yet.
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Going to crowd: test2@smartoworld.team
May 21 11:22:22 rocket-enc rocketchat[820738]: Error sending request: connect ECONNREFUSED 127.0.0.1:80
May 21 11:22:22 rocket-enc rocketchat[820738]: CROWD ➔ debug Error: connect ECONNREFUSED 127.0.0.1:80
May 21 11:22:22 rocket-enc rocketchat[820738]: at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16)
May 21 11:22:22 rocket-enc rocketchat[820738]: at TCPConnectWrap.callbackTrampoline (internal/async_hooks.js:126:14) {
May 21 11:22:22 rocket-enc rocketchat[820738]: errno: 'ECONNREFUSED',
May 21 11:22:22 rocket-enc rocketchat[820738]: code: 'ECONNREFUSED',
May 21 11:22:22 rocket-enc rocketchat[820738]: syscall: 'connect',
May 21 11:22:22 rocket-enc rocketchat[820738]: address: '127.0.0.1',
May 21 11:22:22 rocket-enc rocketchat[820738]: port: 80
May 21 11:22:22 rocket-enc rocketchat[820738]: }
May 21 11:22:22 rocket-enc rocketchat[820738]: server.js:204 CROWD ➔ error Crowd user not authenticated due to an error```
by login:
```May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Init CROWD login ivanov_ivan
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Extracting crowd_username
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug Local user found, redirecting to fallback login
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ debug User ivanov_ivan is not a valid crowd user, falling back
May 21 11:45:59 rocket-enc rocketchat[820738]: CROWD ➔ info Fallback to default account system { username: 'ivanov_ivan' }
May 21 11:46:00 rocket-enc rocketchat[820738]: API ➔ debug GET: /api/v1/users.list?offset=0&count=100```
server log, when manually starting synchronization:
```Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}]
Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: []
LDAP ➔ Connection.info Init setup
LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389
LDAP ➔ Connection.debug connectionOptions {
url: 'ldap://srv-dc1.iternal(masked).local:389',
timeout: 60000,
connectTimeout: 1000,
idleTimeout: 1000,
reconnect: true
}
Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}]
LDAP ➔ Connection.info LDAP connected
LDAP ➔ Bind.info Binding UserDN ldap_agent
LDAP ➔ Search.info Searching user *
LDAP ➔ Search.debug searchOptions {
filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))',
scope: 'sub',
sizeLimit: 1000,
paged: { pageSize: 250, pagePause: true }
}
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Searching by id 706d64
LDAP ➔ Search.debug search filter (sAMAccountName=pmd)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Final Page
LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' }
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию
LDAPSync ➔ debug userQuery merge { username: 'test2' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug pmd is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "706d644074686567656f732e7275",
"services.ldap.idAttribute": "mail"
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Searching by id 7465737432
LDAP ➔ Search.debug search filter (sAMAccountName=test2)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "746573743240736d617274776f726c642e7465616d",
"services.ldap.idAttribute": "mail"
}
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'bot' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "746573743240736d617274776f726c642e7465616d",
"services.ldap.idAttribute": "mail"
}
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot
TemplateVarHandler ➔ debug user does not have attribute: sn
LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' }
LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e
LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403]
at handleError (packages/accounts-password/password_server.js:110:17)
at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7)
at createUser (packages/accounts-password/password_server.js:1130:3)
at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10)
at addLdapUser (app/ldap/server/sync.js:477:29)
at app/ldap/server/sync.js:543:5
at Array.forEach (<anonymous>)
at app/ldap/server/sync.js:510:13
at runWithEnvironment (packages/meteor.js:1286:24) {
isClientSafe: true,
error: 403,
reason: 'Email already exists.',
details: undefined,
errorType: 'Meteor.Error'
}
LDAPSync ➔ debug userQuery {
'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d'
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
"services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
"services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Import finished. Users imported: 3
API ➔ debug GET: /api/v1/users.list?offset=0&count=100
API ➔ debug GET: /api/v1/users.list?offset=100&count=100
LDAP ➔ Search.info Idle
LDAP ➔ Connection.info Disconecting
LDAP ➔ Search.info Closed
API ➔ debug GET: /api/v1/users.list?offset=0&count=100
Meteor ➔ method UserPresence:away -> userId: uSoJ9uLwYMNKQ2TTf, arguments: [{}]
Meteor ➔ method ldap_sync_now -> userId: uGQXRn3BRwjyzQQKq, arguments: []
LDAP ➔ Connection.info Init setup
LDAP ➔ Connection.info Connecting ldap://srv-dc1.iternal(masked).local:389
LDAP ➔ Connection.debug connectionOptions {
url: 'ldap://srv-dc1.iternal(masked).local:389',
timeout: 60000,
connectTimeout: 1000,
idleTimeout: 1000,
reconnect: true
}
Meteor ➔ method UserPresence:online -> userId: Tbhbntu9LgcCZ8zb7, arguments: [{}]
LDAP ➔ Connection.info LDAP connected
LDAP ➔ Bind.info Binding UserDN ldap_agent
LDAP ➔ Search.info Searching user *
LDAP ➔ Search.debug searchOptions {
filter: '(&(memberOf=cn=RocketUsers, ou=group, ou=iternal(masked), dc=iternal(masked), dc=local)(|(mail=*)(sAMAccountName=*)))',
scope: 'sub',
sizeLimit: 1000,
paged: { pageSize: 250, pagePause: true }
}
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Searching by id 706d64
LDAP ➔ Search.debug search filter (sAMAccountName=pmd)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Final Page
LDAPSync ➔ debug userQuery { 'services.ldap.id': '746573743240736d617274776f726c642e7465616d' }
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'NHXuzKcx7mnhTtyJ6' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Максим
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Пудалов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Директор по развитию
LDAPSync ➔ debug userQuery merge { username: 'test2' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug pmd is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "706d644074686567656f732e7275",
"services.ldap.idAttribute": "mail"
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Searching by id 7465737432
LDAP ➔ Search.debug search filter (sAMAccountName=test2)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "746573743240736d617274776f726c642e7465616d",
"services.ldap.idAttribute": "mail"
}
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'g5MukXr9o5F7AA9Yw' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Тест
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Тестов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: test change title
LDAPSync ➔ debug userQuery { 'services.ldap.id': '626f7440736d617274776f726c642e7465616d' }
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'bot' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug test2 is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "746573743240736d617274776f726c642e7465616d",
"services.ldap.idAttribute": "mail"
}
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: blackbot
TemplateVarHandler ➔ debug user does not have attribute: sn
LDAPSync ➔ debug New user data { username: 'bot', email: 'bot@my.external.domain' }
LDAP ➔ Search.info Searching by id 6976616e6f765f6976616e
LDAP ➔ Search.debug search filter (sAMAccountName=ivanov_ivan)
LDAP ➔ Search.debug BaseDN OU=users,OU=iternal(masked),DC=iternal(masked),DC=LOCAL
LDAP ➔ Search.info Search result count 1
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
server.js:204 LDAPSync ➔ error Error creating user errorClass [Error]: Email already exists. [403]
at handleError (packages/accounts-password/password_server.js:110:17)
at checkForCaseInsensitiveDuplicates (packages/accounts-password/password_server.js:257:7)
at createUser (packages/accounts-password/password_server.js:1130:3)
at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1218:10)
at addLdapUser (app/ldap/server/sync.js:477:29)
at app/ldap/server/sync.js:543:5
at Array.forEach (<anonymous>)
at app/ldap/server/sync.js:510:13
at runWithEnvironment (packages/meteor.js:1286:24) {
isClientSafe: true,
error: 403,
reason: 'Email already exists.',
details: undefined,
errorType: 'Meteor.Error'
}
LDAPSync ➔ debug userQuery {
'services.ldap.id': '6976616e6f765f6976616e40736d617274776f726c642e7465616d'
}
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAPSync ➔ debug userQuery merge { username: 'ivanov_ivan' }
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
"services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Syncing user data
LDAPSync ➔ debug user { email: undefined, _id: 'tGvvsX7RJQHKhjfqX' }
LDAPSync ➔ debug ldapUser undefined
TemplateVarHandler ➔ debug template found. replacing values
TemplateVarHandler ➔ debug replacing template var: #{givenName} with value: Иван
TemplateVarHandler ➔ debug replacing template var: #{sn} with value: Иванов
TemplateVarHandler ➔ debug replacing template var: #{title} with value: Должность
LDAPSync ➔ debug User role exists for mapping rocket-admin -> admin
LDAP ➔ Search.info Search result count 0
LDAPSync ➔ debug ivanov_ivan is not in rocket-admin group!!!
LDAPSync ➔ debug User Role doesn't exist: support
LDAPSync ➔ debug not syncing groups to channels
LDAPSync ➔ debug setting {
"services.ldap.id": "6976616e6f765f6976616e40736d617274776f726c642e7465616d",
"services.ldap.idAttribute": "mail"
}
LDAPSync ➔ info Import finished. Users imported: 3
API ➔ debug GET: /api/v1/users.list?offset=0&count=100
API ➔ debug GET: /api/v1/users.list?offset=100&count=100
LDAP ➔ Search.info Idle
LDAP ➔ Connection.info Disconecting
LDAP ➔ Search.info Closed
API ➔ debug GET: /api/v1/users.list?offset=0&count=100```
and ldap settings:
https://ibb.co/s2Rnwtr
Can you please tell me what I'm doing wrong?
### Server Setup Information
- Version of Rocket.Chat Server: 3.14.1
- Operating System: ubuntu 20.04
- Deployment Method: tar
- Number of Running Instances: iZ9gQo5te2fSsMhRu
- DB Replicaset Oplog:
- NodeJS Version: v12.21.0
- MongoDB Version: 4.0.23 / mmapv1 (oplog Включено)
- Proxy: nginx (4443 oublic port, 3000 internal, from nginx to Node)
- Firewalls involved: -
### Any additional Information
<!-- logs, additional setup information, anything extra you did in the setup or variables not included in any guide you followed -->