Skip to content
This repository has been archived by the owner on Jul 24, 2023. It is now read-only.

Enabling TLS generates exception when attempting login #737

Closed
nerdalertdk opened this issue May 21, 2019 · 6 comments
Closed

Enabling TLS generates exception when attempting login #737

nerdalertdk opened this issue May 21, 2019 · 6 comments
Labels
bug FreeIPA

Comments

@nerdalertdk
Copy link

nerdalertdk commented May 21, 2019
edited
Loading

  • Laravel Version: 5.8
  • Adldap2-Laravel Version: 6.0
  • PHP Version: 7.2.17
  • LDAP Type: FreeIPA

Description:

When fallback is true and the site have not connection to ldap I get this error

#File: /app/vendor/adldap2/adldap2/src/Connections/Ldap.php

ErrorException (E_WARNING)
ldap_start_tls(): Unable to start TLS: Can't contact LDAP server

Site works fine in fallover mode with no TLS

Steps To Reproduce:

Add this to you .env file

LDAP_USE_TLS=true
LDAP_LOGIN_FALLBACK=true

First login where the site have an LDAP connection (to sync user)
then block ldap connection and login will fail
@stevebauman
Copy link
Member

stevebauman commented May 21, 2019
edited
Loading

Hi @nerdalertdk,

Unfortunately I'm not well-versed with FreeIPA - but I'll do my best to help you out.

On the server that hosts your web application, have you inserted your TLS certificate as instructed here?:

https://www.freeipa.org/page/HowTo/LDAP#Tool_configuration

#/etc/openldap/ldap.conf

TLS_CACERT /etc/ipa/ca.crt

This was required for me using ActiveDirectory to be able to connect via TLS with a server that is not connected to the domain - but required access to our AD server via TLS.

@nerdalertdk
Copy link
Author

nerdalertdk commented May 21, 2019
edited
Loading

Tls works fine when the site have access to the ldap server, as soon as it looses connection (think vpn) I get the exception. It should fall over to use Laravel database as Auth

When I set tls=false in the .env the site works but the log gets spammed with exception on every page view

@stevebauman
Copy link
Member

Oh okay I understand now, thanks for clarifying.

This is a bug, I'm able to reproduce this, fix is coming out shortly!

@stevebauman stevebauman added bug and removed question labels May 22, 2019
@nerdalertdk
Copy link
Author

Greate, one last question when the site don't have ldap access can we stop the error spam in the log :)

Next Adldap\Auth\BindException: Can't contact LDAP server in /app/vendor/adldap2/adldap2/src/Auth/Guard.php:109
Stack trace:
#0 /app/vendor/adldap2/adldap2/src/Auth/Guard.php(121): Adldap\Auth\Guard->bind('uid=service-not...', '...')
#1 /app/vendor/adldap2/adldap2/src/Connections/Provider.php(234): Adldap\Auth\Guard->bindAsAdministrator()
#2 /app/vendor/adldap2/adldap2-laravel/src/AdldapServiceProvider.php(106): Adldap\Connections\Provider->connect()

@stevebauman stevebauman changed the title Unable to start TLS when Enabling TLS generates exception when attempting login May 22, 2019
stevebauman added a commit that referenced this issue May 22, 2019
@stevebauman
Only log exceptions when logging is enabled
d488282 
#737
@stevebauman
Copy link
Member

Done! 😄

Connection exceptions will now only be sent to the log when logging is enabled.

@stevebauman
Copy link
Member

Released v6.0.6 with these changes. Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug FreeIPA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nerdalertdk @stevebauman