Ldap sinc dont work well since update

Description:

Good morning I updated rocketchat from version 3.13.3 to 4.5.4 and although at first everything went well, but soon I discovered the bugs associated with these versions, to solve one of them today I updated again to 4.6.0 but I find that the synchronization with the LDAP does not work.

Steps to reproduce:

  1. go to settings → LDAP → click on: Test connection = Message in green all ok
  2. Test LDAP search = error in color red invalid attribute name
  3. Synchronize now = ask for admin pass and nothing happens

Expected behavior:

Get the new user from the LDAP

Actual behavior:

Nothing

Server Setup Information:

  • Version of Rocket.Chat Server: 4.6.0
  • Operating System: Centos
  • Deployment Method: Amazon Workspaces
  • Number of Running Instances: 1
  • DB Replicaset Oplog: 1.31.0
  • NodeJS Version: 14.0.0
  • MongoDB Version: 4.0.20

Client Setup Information

  • Desktop App or Browser Version: Chorme Versión 99.0.4844.82 (Build oficial) (64 bits)
  • Operating System: Win 10

Additional context

Before the update, the chat was updating correctly. the rest of the users who were already using it do not have any problem.

Relevant logs:

I20220404-15:22:42.572(2) Loaded the Apps Framework and loaded a total of 0 Apps!
I20220404-15:22:43.238(2) ±------------------------------------------------------------+
I20220404-15:22:43.238(2) | SERVER RUNNING |
I20220404-15:22:43.238(2) ±------------------------------------------------------------+
I20220404-15:22:43.238(2) | |
I20220404-15:22:43.239(2) | Rocket.Chat Version: 4.6.0 |
I20220404-15:22:43.239(2) | NodeJS Version: 14.0.0 - x64 |
I20220404-15:22:43.239(2) | MongoDB Version: 4.0.20 |
I20220404-15:22:43.239(2) | MongoDB Engine: mmapv1 |
I20220404-15:22:43.239(2) | Platform: linux |
I20220404-15:22:43.239(2) | Process Port: 3000 |
I20220404-15:22:43.239(2) | Site URL: http:/(URL):3000/ |
I20220404-15:22:43.239(2) | ReplicaSet OpLog: Enabled |
I20220404-15:22:43.239(2) | Commit Hash: 843d7ad |
I20220404-15:22:43.240(2) | Commit Branch: HEAD |
I20220404-15:22:43.240(2) | |
I20220404-15:22:43.240(2) ±------------------------------------------------------------+
I20220404-15:22:43.240(2) ±---------------------------------------------------------------------+
I20220404-15:22:43.240(2) | DEPRECATION |
I20220404-15:22:43.240(2) ±---------------------------------------------------------------------+
I20220404-15:22:43.241(2) | |
I20220404-15:22:43.241(2) | YOUR CURRENT MONGODB VERSION (4.0.20) IS DEPRECATED. |
I20220404-15:22:43.241(2) | IT WILL NOT BE SUPPORTED ON ROCKET.CHAT VERSION 5.0.0 AND GREATER, |
I20220404-15:22:43.241(2) | PLEASE UPGRADE MONGODB TO VERSION 4.2 OR GREATER |
I20220404-15:22:43.241(2) | |
I20220404-15:22:43.241(2) ±---------------------------------------------------------------------+
{“level”:50,“time”:“2022-04-04T13:22:44.431Z”,“pid”:3508,“hostname”:“ip-(IP).eu-west-2.compute.internal”,“name”:“LDAP”,“err”:{“type”:“Error”,“message”:“invalid attribute name”,“stack”:“Error: invalid attribute name
at parseExpr (/opt/Rocket.Chat/programs/server/npm/node_modules/ldap-filter/lib/index.js:147:11)
at parseFilter (/opt/Rocket.Chat/programs/server/npm/node_modules/ldap-filter/lib/index.js:228:14)
at parseFilter (/opt/Rocket.Chat/programs/server/npm/node_modules/ldap-filter/lib/index.js:204:13)
at Object.parse (/opt/Rocket.Chat/programs/server/npm/node_modules/ldap-filter/lib/index.js:252:18)
at Object.parseString (/opt/Rocket.Chat/programs/server/npm/node_modules/ldapjs/lib/filters/index.js:179:27)
at Client.search (/opt/Rocket.Chat/programs/server/npm/node_modules/ldapjs/lib/client/client.js:571:30)
at server/lib/ldap/Connection.ts:333:16
at new Promise ()
at server/lib/ldap/Connection.ts:332:10
at /opt/Rocket.Chat/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40
=> awaited here:
at Function.Promise.await (/opt/Rocket.Chat/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:56:12)
at server/lib/ldap/Manager.ts:163:15
at /opt/Rocket.Chat/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40”},“msg”:“invalid attribute name”}|

Hi!

Do you still see this error message on latest 5.1.2 version?

This error traces back to ldap-filter.

newer versions might have updated, so it’s worth a try.

Also, considering that it’s breaking at ldap-filter, try reviewing some of the parameters you are providing.

A next step would be trying the same version of ldap-filter onde a simple node app that will filter your ldap and try using the same parameters.

let me know if this helps!

Thanks! And sorry for the delay here :grimacing:

Hi all,

today I upgraded from a working
3.18.7/stable installed as snap on ubuntu 20.04.5
via 4.8.7/stable to 5.4.0/stable

---------------------------------------------------------+
| SERVER RUNNING |
±--------------------------------------------------------+
Rocket.Chat Version: 5.4.0
NodeJS Version: 14.19.3 - x64
MongoDB Version: 4.4.15
MongoDB Engine: wiredTiger
Platform: linux
Process Port: 3000
Site URL: https://chat.xxx

ldapsettings are unchanged and point to an SambaAD on Debian 11.

on login I get

{“level”:50,“time”:“2022-12-07T15:04:42.953Z”,“pid”:452177,“hostname”:“lx05-rchat”,
“name”:“LDAP”,“err”:{“type”:“Error”,
“message”:“invalid attribute name”,"
stack":"Error: invalid attribute name
at parseExpr
(/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:147:11)

at parseFilter (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:228:14)

at parseFilter (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:213:13)

at parseFilter (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:204:13)

at Object.parse (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:25
2:18)
at Object.parseString (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldapjs/lib/filte
rs/index.js:179:27)
at Client.search (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldapjs/
lib/client/client.js:571:30)
at server/lib/ldap/Connection.ts:338:16
at new Promise ()<br

at server/lib/ldap/Connection.ts:337:10
at /snap/rocketchat-server/1536/programs/server/npm/node_modul
es/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40
=> awaited here:
at Function.Promise.
await (/snap/rocketchat-server/1536/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/pr
omise_server.js:56:12)
at server/lib/ldap/Manager.ts:160:15
at /snap/rocketchat-server/1536/programs
/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40"},“msg”:“invalid attribute
name”}

how did you fix this problem?

br
Thomas

Hi Dudangueira,

sorry, for not answering your questions ;(

  1. the LDAP-Filter is working fine before the update. It looks like this
    (&(objectCategory=person)(objectclass=user)(memberOf=CN=rocketchat_accessgroup,OU=service,DC=xxx,DC=xx))

  2. I did a packetcapture on an unencrypted ldap-session
    the tool does on ldap-bind with the service-account, which is successfull.
    but after authentcation the connection is closed again, without sending a search request

br
Thomas