Ldap sinc dont work well since update

Community Support
1

Description:

Good morning I updated rocketchat from version 3.13.3 to 4.5.4 and although at first everything went well, but soon I discovered the bugs associated with these versions, to solve one of them today I updated again to 4.6.0 but I find that the synchronization with the LDAP does not work.

Steps to reproduce:

  1. go to settings → LDAP → click on: Test connection = Message in green all ok
  2. Test LDAP search = error in color red invalid attribute name
  3. Synchronize now = ask for admin pass and nothing happens

Expected behavior:

Get the new user from the LDAP

Actual behavior:

Nothing

Server Setup Information:

  • Version of Rocket.Chat Server: 4.6.0
  • Operating System: Centos
  • Deployment Method: Amazon Workspaces
  • Number of Running Instances: 1
  • DB Replicaset Oplog: 1.31.0
  • NodeJS Version: 14.0.0
  • MongoDB Version: 4.0.20

Client Setup Information

  • Desktop App or Browser Version: Chorme Versión 99.0.4844.82 (Build oficial) (64 bits)
  • Operating System: Win 10

Additional context

Before the update, the chat was updating correctly. the rest of the users who were already using it do not have any problem.

Relevant logs:

I20220404-15:22:42.572(2) Loaded the Apps Framework and loaded a total of 0 Apps!
I20220404-15:22:43.238(2) ±------------------------------------------------------------+
I20220404-15:22:43.238(2) | SERVER RUNNING |
I20220404-15:22:43.238(2) ±------------------------------------------------------------+
I20220404-15:22:43.238(2) | |
I20220404-15:22:43.239(2) | Rocket.Chat Version: 4.6.0 |
I20220404-15:22:43.239(2) | NodeJS Version: 14.0.0 - x64 |
I20220404-15:22:43.239(2) | MongoDB Version: 4.0.20 |
I20220404-15:22:43.239(2) | MongoDB Engine: mmapv1 |
I20220404-15:22:43.239(2) | Platform: linux |
I20220404-15:22:43.239(2) | Process Port: 3000 |
I20220404-15:22:43.239(2) | Site URL: http:/(URL):3000/ |
I20220404-15:22:43.239(2) | ReplicaSet OpLog: Enabled |
I20220404-15:22:43.239(2) | Commit Hash: 843d7ad |
I20220404-15:22:43.240(2) | Commit Branch: HEAD |
I20220404-15:22:43.240(2) | |
I20220404-15:22:43.240(2) ±------------------------------------------------------------+
I20220404-15:22:43.240(2) ±---------------------------------------------------------------------+
I20220404-15:22:43.240(2) | DEPRECATION |
I20220404-15:22:43.240(2) ±---------------------------------------------------------------------+
I20220404-15:22:43.241(2) | |
I20220404-15:22:43.241(2) | YOUR CURRENT MONGODB VERSION (4.0.20) IS DEPRECATED. |
I20220404-15:22:43.241(2) | IT WILL NOT BE SUPPORTED ON ROCKET.CHAT VERSION 5.0.0 AND GREATER, |
I20220404-15:22:43.241(2) | PLEASE UPGRADE MONGODB TO VERSION 4.2 OR GREATER |
I20220404-15:22:43.241(2) | |
I20220404-15:22:43.241(2) ±---------------------------------------------------------------------+
{“level”:50,“time”:“2022-04-04T13:22:44.431Z”,“pid”:3508,“hostname”:“ip-(IP).eu-west-2.compute.internal”,“name”:“LDAP”,“err”:{“type”:“Error”,“message”:“invalid attribute name”,“stack”:“Error: invalid attribute name
at parseExpr (/opt/Rocket.Chat/programs/server/npm/node_modules/ldap-filter/lib/index.js:147:11)
at parseFilter (/opt/Rocket.Chat/programs/server/npm/node_modules/ldap-filter/lib/index.js:228:14)
at parseFilter (/opt/Rocket.Chat/programs/server/npm/node_modules/ldap-filter/lib/index.js:204:13)
at Object.parse (/opt/Rocket.Chat/programs/server/npm/node_modules/ldap-filter/lib/index.js:252:18)
at Object.parseString (/opt/Rocket.Chat/programs/server/npm/node_modules/ldapjs/lib/filters/index.js:179:27)
at Client.search (/opt/Rocket.Chat/programs/server/npm/node_modules/ldapjs/lib/client/client.js:571:30)
at server/lib/ldap/Connection.ts:333:16
at new Promise ()
at server/lib/ldap/Connection.ts:332:10
at /opt/Rocket.Chat/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40
=> awaited here:
at Function.Promise.await (/opt/Rocket.Chat/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:56:12)
at server/lib/ldap/Manager.ts:163:15
at /opt/Rocket.Chat/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40”},“msg”:“invalid attribute name”}|

2

Hi!

Do you still see this error message on latest 5.1.2 version?

This error traces back to ldap-filter.

newer versions might have updated, so it’s worth a try.

Also, considering that it’s breaking at ldap-filter, try reviewing some of the parameters you are providing.

A next step would be trying the same version of ldap-filter onde a simple node app that will filter your ldap and try using the same parameters.

let me know if this helps!

Thanks! And sorry for the delay here :grimacing:

3

Hi all,

today I upgraded from a working
3.18.7/stable installed as snap on ubuntu 20.04.5
via 4.8.7/stable to 5.4.0/stable

---------------------------------------------------------+
| SERVER RUNNING |
±--------------------------------------------------------+
Rocket.Chat Version: 5.4.0
NodeJS Version: 14.19.3 - x64
MongoDB Version: 4.4.15
MongoDB Engine: wiredTiger
Platform: linux
Process Port: 3000
Site URL: https://chat.xxx

ldapsettings are unchanged and point to an SambaAD on Debian 11.

on login I get

{“level”:50,“time”:“2022-12-07T15:04:42.953Z”,“pid”:452177,“hostname”:“lx05-rchat”,
“name”:“LDAP”,“err”:{“type”:“Error”,
“message”:“invalid attribute name”,"
stack":"Error: invalid attribute name
at parseExpr
(/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:147:11)

at parseFilter (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:228:14)

at parseFilter (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:213:13)

at parseFilter (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:204:13)

at Object.parse (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldap-filter/lib/index.js:25
2:18)
at Object.parseString (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldapjs/lib/filte
rs/index.js:179:27)
at Client.search (/snap/rocketchat-server/1536/programs/server/npm/node_modules/ldapjs/
lib/client/client.js:571:30)
at server/lib/ldap/Connection.ts:338:16
at new Promise ()<br

at server/lib/ldap/Connection.ts:337:10
at /snap/rocketchat-server/1536/programs/server/npm/node_modul
es/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40
=> awaited here:
at Function.Promise.
await (/snap/rocketchat-server/1536/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/pr
omise_server.js:56:12)
at server/lib/ldap/Manager.ts:160:15
at /snap/rocketchat-server/1536/programs
/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40"},“msg”:“invalid attribute
name”}

how did you fix this problem?

br
Thomas

4

Hi Dudangueira,

sorry, for not answering your questions ;(

  1. the LDAP-Filter is working fine before the update. It looks like this
    (&(objectCategory=person)(objectclass=user)(memberOf=CN=rocketchat_accessgroup,OU=service,DC=xxx,DC=xx))

  2. I did a packetcapture on an unencrypted ldap-session
    the tool does on ldap-bind with the service-account, which is successfull.
    but after authentcation the connection is closed again, without sending a search request

br
Thomas

5

Hi all,

just to help the next, if someone has the problem also.
After upgrading the system from rocketchat 3 to 4.x to 5.x and 6.x problem still was there.

Afterwards I reverted all LDAP-Settings to default.
Set all settings new, finally it worked.

br
Thomas

6

In my case I have tried to upgrade the mongo database but due to constant errors in the process, the unintuitive guide that exists and that it seems that with each update the rocket team decides to remove basic features that exist in older versions to move them to the payment plan I have chosen to give up with the upgrade and stay with this obsolete version that gives me “what I need”.

Should this no longer be the case I guess I would look for a different chat application.