Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid credential error at LDAP authentication cause of case sensitive comparison of database contact_ldap_dn and LDAP contact info #18

Closed
1 of 4 tasks
quiiinty opened this issue Apr 17, 2023 · 1 comment
Closed
1 of 4 tasks

Invalid credential error at LDAP authentication cause of case sensitive comparison of database contact_ldap_dn and LDAP contact info #18

quiiinty opened this issue Apr 17, 2023 · 1 comment

Comments

@quiiinty
Copy link

Module version

centreon.noarch 19.04.20-4.el7.centos (after checking the concerned file it doesn't seem fix on the last version neither)

Operating System

CentOS 7

Browser used

  • Google Chrome
  • Firefox
  • Internet Explorer IE11
  • Safari

Version: 111.0.5563.148

Additional environment details (AWS, VirtualBox, physical, etc.):
Virtual machine

Description

At LDAP authentication users may have "invalid credentials" error when the case of the contact_ldap_dn from LDAP is different from the Centreon database one.
On LDAP side this information is case insensitive so it can change at a LDAP configuration, migration or other maintenance step and it is causing authentication problem even if the user is the correct one.

Steps to Reproduce

To reproduce the issue :
--Log out from Centreon
--Change the user DN case on Centreon database table "contact", field "contact_ldap_dn"
Ex: Change CN=TEST,OU=FR,OU=TEST,o=test,C=FR to CN=TEST,OU=FR,OU=TEST,O=TEST,C=FR
--Try to login again > you should got "invalid credential" error

Describe the received result

"invalid credential" error

Describe the expected result

Be able to login

Logs

PHP error logs

"[17-Apr-2023 17:03:14 Europe/Paris] PHP Notice: Undefined index: ldap_auto_sync in /usr/share/centreon/www/class/centreonLDAP.class.php on line 962"


### Additional relevant information (e.g. frequency, ...)

This bug can be fix by adding function strtolower to make the comparison case insensitive on the /www/class/centreonAuth.LDAP.class.php 
--line 117 for 19.04 version:
$this->ldap->findUserDn($this->contactInfos['contact_alias']) !== $this->contactInfos['contact_ldap_dn'] replaced by strtolower($this->ldap->findUserDn($this->contactInfos['contact_alias'])) !== strtolower($this->contactInfos['contact_ldap_dn'])
--line 116 On the master branch:
$userDn !== $this->contactInfos['contact_ldap_dn'] replaced by strtolower($userDn) !== strtolower($this->contactInfos['contact_ldap_dn'])
@quiiinty
Copy link
Author

Issue opened on the wrong repository. Closing it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@quiiinty