When using LDAP authentication the first time, warnings may appear in logs

[arno-st]

On a fresh install on cacti 1.2.26, with php 8.2.14
When I setup the authentication method 'Multiple LDAP/AD domain', and create a profile under User Domains.
I setup a template account for this, and use some LDAP config.
And a LDAP CN Setting to retreive the Full name of the user.
When a user is connectiong the first time I got the following error

04/01/2024 11:36:30 - AUTH LOGIN: User 'ME' Authenticated via Authentication Cookie
04/01/2024 11:36:30 - AUTH LOGIN: User 'ME' authenticated
04/01/2024 11:36:30 - AUTH LOGIN: fields not found code: 0
04/01/2024 11:36:30 - CMDPHP PHP ERROR Backtrace: (/index.php[25]:include(), /include/auth.php[158]:require_once(), /auth_login.php[105]:domains_login_process(), /lib/auth.php[3877]:cacti_ldap_search_cn(), /lib/ldap.php[232]:CactiErrorHandler())
04/01/2024 11:36:30 - ERROR PHP DEPRECATED: Creation of dynamic property Ldap::$cn is deprecated in file: /usr/share/cacti/lib/ldap.php on line: 232
04/01/2024 11:36:30 - AUTH NOTE: User 'ME' does not exist, copying template user
04/01/2024 11:36:30 - AUTH LOGIN: LDAP User 'ME' Authenticated from Domain 'OUADMIN'
04/01/2024 11:36:30 - AUTH LDAP_SEARCH: Authentication Success, DN: CN=ME,OU=OU Users,OU=OU SRV,OU=OU DIR ,OU=OUSITE,OU=___,DC=OUDC,DC=ch

It only happen the first time, and the files Full Name of this user is empty.

[TheWitness]

Okay, this should be resolved now.

[arno-st]

Sorry for that question, but the DEV version is 1.3.0, dose that mean you stop the code on 1.2.x ?

Or if I update from the 1.2.x branch is still ok ?

[xmacan]

For production is better 1.2.x branch. 1.2.x is stable. From 1.2.25 gets only fixes and security updates, no new features.
1.3 (develop branch) is a development version with new features. From my perspective - 1.3 not yet for production now.

We appreciate it when someone tries 1.3 and reports bugs to us

[arno-st]

Thanks @xmacan

So I update to the latest 1.2.x
And I don't have the error anymore
But still it's not getting back the information from my LDAP.
And doing a DEBUG mode, is giving me this error:

30/01/2024  17:05:58 - AUTH LDAP_SEARCH: (/index.php[25]:include(),  /include/auth.php[158]:require_once(),  /auth_login.php[105]:domains_login_process(),  /lib/auth.php[3805]:domains_ldap_search_dn(),  /lib/auth.php[4057]:Ldap->Search(),  /lib/ldap.php[813]:LdapError::GetErrorDetails(),  /lib/ldap.php[367]:cacti_debug_backtrace())
--
 ```

I'm gona look deeper on the code, because doing that with a LDAP tools is ok.
And I have this info on cacti 1.2.26

[TheWitness]

Can you show the error?

[arno-st]

So here is the full output of the debug mode:(I clear some field)
30/01/2024 17:05:58 - AUTH LOGIN: User 'AD_USER' authenticated
30/01/2024 17:05:58 - AUTH LOGIN: LDAP User Authenticated from Domain 'AD User account'
30/01/2024 17:05:58 - AUTH LDAP: Binding with "CN=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx"
30/01/2024 17:05:58 - AUTH NOTE: Setting Bind Timeout to 5 seconds
30/01/2024 17:05:58 - AUTH NOTE: Setting Network Timeout to 2 seconds
30/01/2024 17:05:58 - AUTH LDAP: Connect using ldap://domain.com:389
30/01/2024 17:05:58 - AUTH LDAP_SEARCH: (/index.php[25]:include(), /include/auth.php[158]:require_once(), /auth_login.php[105]:domains_login_process(), /lib/auth.php[3805]:domains_ldap_search_dn(), /lib/auth.php[4057]:Ldap->Search(), /lib/ldap.php[813]:LdapError::GetErrorDetails(), /lib/ldap.php[367]:cacti_debug_backtrace())
30/01/2024 17:05:58 - AUTH LDAP_SEARCH: Authentication Success, DN: CN=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx
30/01/2024 17:05:58 - AUTH NOTE: Setting Bind Timeout to 5 seconds
30/01/2024 17:05:58 - AUTH NOTE: Setting Network Timeout to 2 seconds
30/01/2024 17:05:58 - AUTH LDAP: Connect using ldap://domain.com:389
30/01/2024 17:05:50 - AUTH LOGIN: User 'AD_USER' authenticated
30/01/2024 17:05:49 - AUTH LOGIN: fields not found code: 0
30/01/2024 17:05:49 - AUTH NOTE: Setting Bind Timeout to 5 seconds
30/01/2024 17:05:49 - AUTH NOTE: Setting Network Timeout to 2 seconds
30/01/2024 17:05:49 - AUTH LDAP: Connect using ldap://domain.com:389
30/01/2024 17:05:49 - AUTH NOTE: User 'AD_USER' does not exist, copying template user
30/01/2024 17:05:49 - AUTH LOGIN: LDAP User 'AD_USER' Authenticated from Domain 'AD User account'
30/01/2024 17:05:49 - AUTH LDAP: Binding with "CN=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx"
30/01/2024 17:05:49 - AUTH NOTE: Setting Bind Timeout to 5 seconds
30/01/2024 17:05:49 - AUTH NOTE: Setting Network Timeout to 2 seconds
30/01/2024 17:05:49 - AUTH LDAP: Connect using ldap://domain.com:389
30/01/2024 17:05:49 - AUTH LDAP_SEARCH: (/index.php[25]:include(), /include/auth.php[158]:require_once(), /auth_login.php[105]:domains_login_process(), /lib/auth.php[3805]:domains_ldap_search_dn(), /lib/auth.php[4057]:Ldap->Search(), /lib/ldap.php[813]:LdapError::GetErrorDetails(), /lib/ldap.php[367]:cacti_debug_backtrace())
30/01/2024 17:05:49 - AUTH LDAP_SEARCH: Authentication Success, DN: CN=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx
30/01/2024 17:05:49 - AUTH NOTE: Setting Bind Timeout to 5 seconds
30/01/2024 17:05:49 - AUTH NOTE: Setting Network Timeout to 2 seconds
30/01/2024 17:05:49 - AUTH LDAP: Connect using ldap://domain.com:389

And Here is the print screen of the user I'm testing:

The field full name is suppose to be the displayName from the AD, as for the email it should be EmailAddress
Both are valid value taken from the AD.

And one more thing, when you log for the first time, you have to do it 2 times.
The first time it copy the template:
31/01/2024 13:57:27 - AUTH NOTE: User 'AD_USER' does not exist, copying template user

then it log authenticated:
31/01/2024 13:57:27 - AUTH LOGIN: User 'AD_USER' authenticated

But you still have to log again.
That wasn't the case with 1.2.25

[TheWitness]

So, I think that backtrace might be some ill-placed debug code. I'll take a look as the login search appears to succeed. Might be the result of late night code work. That happens you know.