Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade Graylog 1.3 to 2.0 breaks LDAP authentication #2176

Closed
VincentGijsen opened this issue May 3, 2016 · 5 comments
Closed

Upgrade Graylog 1.3 to 2.0 breaks LDAP authentication #2176

VincentGijsen opened this issue May 3, 2016 · 5 comments
Assignees
Labels
Milestone

Comments

@VincentGijsen
Copy link

@VincentGijsen VincentGijsen commented May 3, 2016

Problem description

Ldap authentication no longer works, when trying to change/ the server settings, the webinterface keeps loading indefinitely

Steps to reproduce the problem

  1. Install Graylog 1.3
  2. Configure LDAP to connect to DC
  3. Upgrade Graylog to 2.0
  4. Upgrade Elasticsearch
  5. Try to log via SAM account (will not work, only hardcoded systemaccount or local accounts)
  6. Try to change settings in webinterface (Users -> Configure LDAP), the resulting page well keep loading forever

Environment

  • Graylog Version: Graylog 2.0.0 (2dc6c03) on AGRLOG01.alewijnse.local (Oracle Corporation 1.8.0_77 on Linux 3.13.0-85-generic)
  • Elasticsearch Version: 2.1.2
  • MongoDB Version: 2.4.9
  • Operating System: Ubuntu 14.04
  • Browser version: Chrome
@joschi joschi added the ldap label May 3, 2016
@joschi
Copy link
Contributor

@joschi joschi commented May 3, 2016

@VincentGijsen Thanks for reporting this!

@VincentGijsen
Copy link
Author

@VincentGijsen VincentGijsen commented May 3, 2016

Did you change the password_secret configuration setting while upgrading to Graylog 2.0.0?
Are there any error messages in the logs of your Graylog server?
Are there any error messages in the JavaScript console of your web browser (see https://developers.google.com/web/tools/chrome-devtools/debug/console/console-ui)?

Hi @joschi
to answer your question(s)

  • The password_secret has been changed indeed (after the upgrade), but it didn't work when it wasn't changed
  • Graylog does didn't report any issues, but now that i've looked again, I got a nice stacktrace, its definitely related to the password:
2016-05-03T12:13:55.387+02:00 ERROR [AESTools] Could not decrypt value.
javax.crypto.BadPaddingException: Given final block not properly padded
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966) ~[sunjce_provider.jar:1.8.0_71]
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824) ~[sunjce_provider.jar:1.8.0_71]
        at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436) ~[sunjce_provider.jar:1.8.0_71]
        at javax.crypto.Cipher.doFinal(Cipher.java:2165) ~[?:1.8.0_71]
        at org.graylog2.security.AESTools.decrypt(AESTools.java:47) [graylog.jar:?]
        at org.graylog2.security.ldap.LdapSettingsImpl.getSystemPassword(LdapSettingsImpl.java:137) [graylog.jar:?]
        at org.graylog2.rest.resources.system.ldap.LdapResource.getLdapSettings(LdapResource.java:101) [graylog.jar:?]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_77]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_77]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_77]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_77]
        at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205) [graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [graylog.jar:?]
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [graylog.jar:?]
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [graylog.jar:?]
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [graylog.jar:?]
        at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?]
        at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?]
        at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?]
        at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?]
        at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?]
        at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?]
        at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_77]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_77]
        at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77]
2016-05-03T12:13:55.400+02:00 ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource
java.lang.NullPointerException: Null systemPassword
        at org.graylog2.rest.models.system.ldap.responses.AutoValue_LdapSettingsResponse.<init>(AutoValue_LdapSettingsResponse.java:54) ~[graylog.jar:?]
        at org.graylog2.rest.models.system.ldap.responses.LdapSettingsResponse.create(LdapSettingsResponse.java:103) ~[graylog.jar:?]
        at org.graylog2.rest.resources.system.ldap.LdapResource.getLdapSettings(LdapResource.java:98) ~[graylog.jar:?]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_77]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_77]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_77]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_77]
        at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) ~[graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) ~[graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) ~[graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205) ~[graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) ~[graylog.jar:?]
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) ~[graylog.jar:?]
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) ~[graylog.jar:?]
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) ~[graylog.jar:?]
        at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?]
        at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?]
        at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?]
        at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?]
        at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?]
        at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?]
        at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_77]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_77]
        at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77]

  • the error in the webconsole:
GET http://10.1.0.69:12900/system/ldap/settings 500 (Internal Server Error)
plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:13411 There was an error fetching a resource: cannot GET http://10.1.0.69:12900/system/ldap/settings (500). Additional information: Null systemPasswordFetchError @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:13411(anonymous function) @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:13479tryCatcher @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:18208Promise._settlePromiseFromHandler @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:16314Promise._settlePromiseAt @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:16388Promise._settlePromises @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:16504Async._drainQueue @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:13794Async._drainQueues @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:13804Async.drainQueues @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:13686
plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:14572 Unhandled rejection Error: cannot GET http://10.1.0.69:12900/system/ldap/settings (500)
@joschi
Copy link
Contributor

@joschi joschi commented May 3, 2016

The password_secret has been changed indeed (after the upgrade), but it didn't work when it wasn't changed

This was most probably the root cause. The password_secret is also being used to encrypt (and decrypt) the LDAP settings.

Please remove the ldap_settings collection from MongoDB (or delete all documents in it) and reconfigure LDAP in the Graylog web interface.

@VincentGijsen
Copy link
Author

@VincentGijsen VincentGijsen commented May 3, 2016

I've dropped the collection, and refresh the settings, and voila, i can reconfigure the LDAP settings

(for future reference)

user@server/$ mongo
use graylog2
db.ldap_settings.drop();

Seems to me this Bug/Feature this should be mentioned in the docs somewhere, and perhaps be handled more gracefully :)

thanks for the help @joschi

Should I close this issue?

@joschi
Copy link
Contributor

@joschi joschi commented May 3, 2016

@VincentGijsen Thanks for the update! It's certainly a bug that you got the 500 (Internal Server Error), so please don't close the issue.

@joschi joschi added the bug label May 3, 2016
@joschi joschi self-assigned this May 3, 2016
joschi pushed a commit that referenced this issue May 3, 2016
@joschi joschi added this to the 2.0.1 milestone May 3, 2016
dennisoelkers added a commit that referenced this issue May 4, 2016
@joschi joschi closed this in 5108f3d May 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.