Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secondary LDAP server not evaluated when the first one has failed #5590

Closed
bmfmancini opened this issue Nov 21, 2023 · 6 comments
Closed

Secondary LDAP server not evaluated when the first one has failed #5590

bmfmancini opened this issue Nov 21, 2023 · 6 comments
Labels
bug Undesired behaviour confirmed Bug is confirm by dev team resolved A fixed issue
Milestone
1.2.26

Comments

@bmfmancini
Copy link
Member

When you have multiple LDAP servers configured in the auth settings the expected behaviour is that cacti will evaluate the LDAP servers from left to right

with the below failure the secondary server is not evaluated

2023-11-21 11:36:17 - AUTH LOGIN FAILED: LDAP Login Failed for user 'user' from IP Address ''.
2023-11-21 11:36:17 - AUTH LOGIN FAILED: LDAP Error: Protocol Error, Unable to bind, LDAP result: (Can't contact LDAP server) on Server (ldap hostname)
2023-11-21 11:36:17 - AUTH LDAP: Protocol Error, Unable to bind, LDAP result: (Can't contact LDAP server) on Server (ldap hostsname)
``

However in ling/ldap I see the following error conditions are checked and it does not include this error 


		/* unable to bind */
		$ldap_error = ldap_errno($ldap_conn);
		if ($ldap_error == 0x02) {
			/* protocol error */
			$output = LdapError::GetErrorDetails(LdapError::ProtocolErrorGeneral, $ldap_conn, $this->host);
		} elseif ($ldap_error == 0x31) {
			/* invalid credentials */
			$output = LdapError::GetErrorDetails(LdapError::Failure, $ldap_conn, $this->host);
		} elseif ($ldap_error == 0x32) {
			/* insufficient access */
			$output = LdapError::GetErrorDetails(LdapError::InsufficientAccess, $ldap_conn, $this->host);
		} elseif ($ldap_error == 0x51) {
			/* unable to connect to server */
			$output = LdapError::GetErrorDetails(LdapError::ConnectionUnavailable, $ldap_conn, $this->host);
		} elseif ($ldap_error == 0x55) {
			/* timeout */
			$output = LdapError::GetErrorDetails(LdapError::ConnectionTimeout, $ldap_conn, $this->host);
		} else {
			/* general bind error */
			$output = LdapError::GetErrorDetails(LdapError::ProtocolErrorBind, $ldap_conn, $this->host);
		}
	}
@bmfmancini bmfmancini added bug Undesired behaviour unverified Some days we don't have a clue labels Nov 21, 2023
@TheWitness
Copy link
Member

How did you get an empty IP address?

@bmfmancini
Copy link
Member Author

bmfmancini commented Nov 22, 2023 via email

@TheWitness
Copy link
Member

Okay

@TheWitness
Copy link
Member

This code block, you should log an error like this

		} else {
			/* general bind error */
cacti_log("LDAP Bind failed error was $ldap_error");
			$output = LdapError::GetErrorDetails(LdapError::ProtocolErrorBind, $ldap_conn, $this->host);
		}

@TheWitness TheWitness added confirmed Bug is confirm by dev team and removed unverified Some days we don't have a clue labels Nov 23, 2023
@TheWitness TheWitness added this to the 1.2.26 milestone Nov 23, 2023
@TheWitness TheWitness changed the title 1.2.25 Secondary LDAP server not evaluated when the first one has failed Secondary LDAP server not evaluated when the first one has failed Nov 23, 2023
TheWitness added a commit that referenced this issue Nov 23, 2023
@TheWitness
Fixing #5590 - LDAP Server issues
b16812d 
Secondary LDAP server not evaluated when the first one has failed
@TheWitness TheWitness added the resolved A fixed issue label Nov 23, 2023
TheWitness added a commit that referenced this issue Nov 23, 2023
@TheWitness
Fixing #5590 - LDAP Server issues
59cf144 
Secondary LDAP server not evaluated when the first one has failed
@TheWitness
Copy link
Member

give it a whirl again @bmfmancini.

@bmfmancini
Copy link
Member Author

Tested good!

@github-actions github-actions bot locked and limited conversation to collaborators Feb 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Undesired behaviour confirmed Bug is confirm by dev team resolved A fixed issue
Projects
None yet
Milestone
1.2.26
Development

No branches or pull requests
2 participants
@TheWitness @bmfmancini