Imported LDAP users have no role

Description

Hello,

I’m installed the latest version of Rocket chat.
I configured the LDAP settings to import users. (Novell eDir).
When I want to activate them, I get a blank screen. What I noticed on those users is that they have no role configured. A normal created user had a standard ‘user’ role.
Any idea what is going wrong?

Thanks

Lainkes

Server Setup Information

• Version of Rocket.Chat Server: 3.4.2
• Operating System: Ubuntu 20
• Deployment Method: snap
• Number of Running Instances: 1
• DB Replicaset Oplog:
• NodeJS Version:
• MongoDB Version: 3.6.14
• Proxy:
• Firewalls involved: No

Any additional Information

I have the same problem, the users dont have group user and they cannot login.
My Setup:

• Version of Rocket.Chat Server: 3.5.2
• Operating System: CentOS 7
• Deployment Method: manual install
• Number of Running Instances: 1
• MongoDB Version: v4.0.19
• Proxy: NO
• Firewalls involved: No
• Selinux: Disabled

You need to post more information for someone to better assist you. Post your LDAP configuration. Turn on debugging mode for LDAP and post the relevant log entries.

There are no group settings enabled, only Host, BaseDN, UserDN and password for authentication.
566 users were generated without roles, who are unable to login.
I can’t add roles manually, when I click to add roles everything is white with no information

I20200824-17:24:05.782(-4) ➔ ±--------------------------------------------------+
I20200824-17:24:05.783(-4) ➔ | SERVER RUNNING |
I20200824-17:24:05.783(-4) ➔ ±--------------------------------------------------+
I20200824-17:24:05.784(-4) ➔ | |
I20200824-17:24:05.784(-4) ➔ | Rocket.Chat Version: 3.5.2 |
I20200824-17:24:05.784(-4) ➔ | NodeJS Version: 12.14.0 - x64 |
I20200824-17:24:05.785(-4) ➔ | MongoDB Version: 4.0.19 |
I20200824-17:24:05.785(-4) ➔ | MongoDB Engine: mmapv1 |
I20200824-17:24:05.785(-4) ➔ | Platform: linux |
I20200824-17:24:05.786(-4) ➔ | Process Port: 3000 |
I20200824-17:24:05.786(-4) ➔ | Site URL: http://192.168.4.125:3000/ |
I20200824-17:24:05.786(-4) ➔ | ReplicaSet OpLog: Enabled |
I20200824-17:24:05.787(-4) ➔ | Commit Hash: be2c9fe7ac |
I20200824-17:24:05.787(-4) ➔ | Commit Branch: HEAD |
I20200824-17:24:05.787(-4) ➔ | |
I20200824-17:24:05.788(-4) ➔ ±--------------------------------------------------+
I20200824-17:24:10.399(-4) server.js:204 LDAPHandler ➔ error Error: User not Found at MethodInvocation. (app/ldap/server/loginHandler.js:60:10) at packages/accounts-base/accounts_server.js:462:31 at tryLoginMethod (packages/accounts-base/accounts_server.js:1291:14) at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:460:22) at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.js:7:35) at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:520:31) at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12) at packages/ddp-server/livedata_server.js:1689:15 at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12) at packages/ddp-server/livedata_server.js:1687:36 at new Promise () at Server.applyAsync (packages/ddp-server/livedata_server.js:1686:12) at Server.apply (packages/ddp-server/livedata_server.js:1625:26) at Server.call (packages/ddp-server/livedata_server.js:1607:17) at Object.post (app/api/server/v1/misc.js:262:26) at app/api/server/api.js:388:82 at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12) at Object._internalRouteActionHandler [as action] (app/api/server/api.js:388:39) at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32) at packages/nimble_restivus/lib/route.coffee:59:33 at packages/simple_json-routes.js:98:9
I20200824-17:31:43.128(-4) server.js:204 LDAPSync ➔ error Error creating user BulkWriteError: E11000 duplicate key error index: rocketchat.rocketchat_subscription._id_ dup key: { : "eWkbi4DGJYsYSRWui" } at OrderedBulkOperation.handleWriteError (/opt/Rocket.Chat/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/bulk/common.js:1210:11) at resultHandler (/opt/Rocket.Chat/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/bulk/common.js:519:23) at handler (/opt/Rocket.Chat/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/core/topologies/replset.js:1204:22) at /opt/Rocket.Chat/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/core/connection/pool.js:404:18 at processTicksAndRejections (internal/process/task_queues.js:75:11) => awaited here: at Promise.await (/opt/Rocket.Chat/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12) at Server.apply (packages/ddp-server/livedata_server.js:1638:22) at Server.call (packages/ddp-server/livedata_server.js:1607:17) at DDPCommon.MethodInvocation.<anonymous> (app/authentication/server/startup/index.js:247:19) at packages/dispatch_run-as-user.js:211:14 at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12) at Object.Meteor.runAsUser (packages/dispatch_run-as-user.js:210:33) at AccountsServer.<anonymous> (app/authentication/server/startup/index.js:246:11) at executeBound (/opt/Rocket.Chat/programs/server/npm/node_modules/underscore/underscore.js:762:67) at AccountsServer.bound [as insertUserDoc] (/opt/Rocket.Chat/programs/server/npm/node_modules/underscore/underscore.js:793:14) at createUser (packages/accounts-password/password_server.js:1119:27) at AccountsServer.Accounts.createUser (packages/accounts-password/password_server.js:1188:10) at addLdapUser (app/ldap/server/sync.js:463:29) at app/ldap/server/sync.js:529:5 at Array.forEach (<anonymous>) at app/ldap/server/sync.js:496:13 at runWithEnvironment (packages/meteor.js:1286:24) { index: 0, code: 11000, errmsg: 'E11000 duplicate key error index: rocketchat.rocketchat_subscription.id dup key: { : “eWkbi4DGJYsYSRWui” }’, op: { open: true, alert: true, unread: 1, userMentions: 1, groupMentions: 0, ts: 2020-08-24T21:31:43.112Z, rid: ‘GENERAL’, name: ‘general’, fname: undefined, customFields: undefined, t: ‘c’, u: { _id: ‘psQuSAsQktkbHotcA’, username: ‘salete.navarro’, name: undefined }, _updatedAt: 2020-08-24T21:31:43.112Z, _id: ‘eWkbi4DGJYsYSRWui’ }, name: ‘BulkWriteError’, driver: true, err: { index: 0, code: 11000, errmsg: ‘E11000 duplicate key error index: rocketchat.rocketchat_subscription.$id dup key: { : “eWkbi4DGJYsYSRWui” }’, op: { open: true, alert: true, unread: 1, userMentions: 1, groupMentions: 0, ts: 2020-08-24T21:31:43.112Z, rid: ‘GENERAL’, name: ‘general’, fname: undefined, customFields: undefined, t: ‘c’, u: [Object], _updatedAt: 2020-08-24T21:31:43.112Z, _id: ‘eWkbi4DGJYsYSRWui’ } }, result: BulkWriteResult { result: { ok: 1, writeErrors: [Array], writeConcernErrors: , insertedIds: [Array], nInserted: 0, nUpserted: 0, nMatched: 0, nModified: 0, nRemoved: 0, upserted: , lastOp: [Object] } }, [Symbol(mongoErrorContextSymbol)]: {} }

I have the same error. Please, someone have a solution ?

Try to disable “Find user after login” in Administration > LDAP.

Good day everyone.
I have a same issue. But I found some regularity.
If there more than one new user in OU - import failed. Users imported but not correctly. And you cannot set role to him.
If you set baseDN in ldap settings to empty OU and start add user one by one - import will be successful.

Sadly, no difference for me.

Same error for me. On a LDAP containing 10000+ users, search terminates with 474 user found. Each of these users has no role at all, and it is impossible to manage it (activate, delete, etc).
These are some info:
Rocket.Chat

LDAP configuration:
Attempt to utilize LDAP for authentication: enabled
Login Fallback: enabled
Find user after login: enabled
Reconnect: true
Authentication: inactive
Synch/Import-> Merge users: true
Synch/Import-> Sync User Data: true
Sync LDAP Groups: disabled
User Search filter: empty
Scope: sub
Search Field: uid (it’s our field used to authenticate user with our corporate LDAP
Search Page Size: 5000
Search Size Limit: 15000
Enable LDAP User Group Filter: disabled

Any idea about this issue?

Thanks in advance

Hey everyone.

We’ve got the same issue trying to sync users with Active Directory. The only way to fix this so far that we’ve found is:

1. initially sync users with AD/LDAP
2. sync users with your AD/LDAP the second time (some fields such as displayName and avatars will be synced)
3. log in to mongodb master and type these commands:

rs01:PRIMARY> use rocketchat

rs01:PRIMARY> db. users .update({ "ldap" : true }, {$ set : { 'roles' : [ "user" ]}}, {multi: true })

Now try and log in to your Rocket.Chat service with your LDAP credentials. Anyway, it’s very inconvenient… This issue came up somewhere between versions 3.2.2 and 3.4.0.

Information : I was on Ubuntu 20 LTS with the problem; I went back to an Ubuntu 18 LTS, and everything works fine ; both installations by SNAP. So obviously this is a library that doesn’t do the job in the same way ; no ?
Please patch it

I just tried this and it did nothing to the users imported with no role. Anyone find a solution yet?

I have the same situation. RC installed from snap on ubuntu 20. ldap configured and only one user had roles=“user”, rest empty.

It doesnt metter how I setup filter, groups sync enabled/disabled.

Without this I cant go forward with RC, I cant use it like this. I cant manualy setup role for all old users imported from LDAP (350+) and for each new account i AD in the future :).

I have openfire configured with AD and all its fine.
Filter: (&(objectCategory=user)(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))) is working fine.

I have used this to add user roles to all imported accounts from AD:
Go to terminal on ubuntu. I have RC instaled as snap.
“sudo rocketchat-server.mongo”
"use parties" - this is the key to work with users accounts
“dp.users.update({“ldap”:true},{$set:{‘roles’:[“user”]}},{multi:true”});"

PS (additionaly info)
And if u want to delete all ldap users you can use “dp.users.remove({“ldap”:true});”

Same Problem here on fresh UCS Installation. Very bad.

the update is no out in UCS

I experience the same issue here.
Temproraily I have fixed it by running teh mongo db update command, but it is not a long term solution.

Also on top of that, the LDAP sync got all but two users, which I can not add even when I run the sync manually…

Seems wierd. If someone can look at it it would be great, I can post any log files if needed.

Hi,

please always make sure you test on the latest release - currently 3.13.x

Also, please check github for relevant issues too. Issues are being fixed all the time so there is a chance that it is already fixed.