Bug LDAP

[BerMan7328]

SysPass Version

sysPass version	3.2 (322.21031301)Config: 322.21031301App: 322.21031301DB: 322.21031301
Database	SERVER_VERSION : 5.5.5-10.2.37-MariaDB-1:10.2.37+maria~bionicCLIENT_VERSION : mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $SERVER_INFO : Uptime: 62264 Threads: 7 Questions: 4479 Slow queries: 0 Opens: 48 Flush tables: 1 Open tables: 41 Queries per second avg: 0.071CONNECTION_STATUS : db via TCP/IPNome: syspass@db
PHP	Version: 7.3.27-1~deb10u1Extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, sodium, session, standard, apache2handler, mysqlnd, PDO, xml, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, intl, json, ldap, exif, mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, Zend OPcacheUnavailable extensions:Used Memory: 4096 KBUser: rootDownload rate: 43 MB/sOP Cachenum_cached_scripts : 531num_cached_keys : 999max_cached_keys : 16229hits : 58339start_time : 1616704281last_restart_time : 0oom_restarts : 0hash_restarts : 0manual_restarts : 0misses : 532blacklist_misses : 0blacklist_miss_ratio : 0opcache_hit_rate : 99,096329262285
Server	Apache/2.4.38 (Debian)
Configuration Backup	Fri, 26 Mar 2021 13:39:12 +0000DOWNLOAD JSON
Language help_outlineTells whether the language is available or not.If it is not installed, you would need install the right operating system locales. More info at Wiki.	pt_BR.utf8
Encrypted Session help_outlineTells whether the session data are encrypted in the server side or not	Yes
Loaded Plugins
Log file	DOWNLOAD SYSPASS.LOG

After filling the LDAP config labels and save, if i check return error bind (49).
But is a interface error.
I realized this when doing troubleshooting.
By accessing the container and using searchldap, I was able to connect to AD.
Then, even returning the connection error I was able to log in with an active direcory user.
The error is only in interface.
But, i cant export accounts from my Active Directory because returns the same error.

To Reproduce
Connection error (BIND)
Invalid credentials (49)

Expected behavior
Syspass must to return a valid satus of the connection with ldap, and must to export accouns from AD.

Screenshots

Event log
#0 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(114): SP\Providers\Auth\Ldap\LdapConnection->bind()
#1 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(95): SP\Providers\Auth\Ldap\LdapConnection->connectAndBind()
#2 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/Ldap.php(96): SP\Providers\Auth\Ldap\LdapConnection->checkConnection()
#3 /var/www/html/sysPass/lib/SP/Services/Ldap/LdapCheckService.php(51): SP\Providers\Auth\Ldap\Ldap->factory(Object(SP\Providers\Auth\Ldap\LdapParams),Object(SP\Core\Events\EventDispatcher),Boolean)
#4 /var/www/html/sysPass/app/modules/web/Controllers/ConfigLdapController.php(156): SP\Services\Ldap\LdapCheckService->checkConnection(Object(SP\Providers\Auth\Ldap\LdapParams))
#5 [internal function]: SP\Modules\Web\Controllers\ConfigLdapController->checkAction()
#6 /var/www/html/sysPass/lib/SP/Bootstrap.php(240): call_user_func_array(Array,Array)
#7 [internal function]: SP\Bootstrap->SP{closure}(Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)
#8 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(879): call_user_func(Object(Closure),Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)
#9 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route),Object(Klein\DataCollection\RouteCollection),Array)
#10 /var/www/html/sysPass/lib/SP/Bootstrap.php(464): Klein\Klein->dispatch(Object(Klein\Request))
#11 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap->run(Object(DI\Container))
#12 /var/www/html/sysPass/index.php(28): require(String)","caller":"N/A"}
[2021-03-26 14:07:05] syspass.INFO: logger {"message":"Extensions checked","caller":"SP\Core\PhpExtensionChecker::checkMandatory"}
[2021-03-26 14:07:05] syspass.INFO: logger {"message":"Saved icons cache","caller":"SP\Core\UI\Theme::saveIcons"}
[2021-03-26 14:07:05] syspass.INFO: logger {"message":"Loaded actions cache","caller":"SP\Core\Acl\Actions::loadCache"}
[2021-03-26 14:07:06] syspass.EXCEPTION: logger {"message":"Connection error (BIND)
#0 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(114): SP\Providers\Auth\Ldap\LdapConnection->bind()
#1 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(95): SP\Providers\Auth\Ldap\LdapConnection->connectAndBind()
#2 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/Ldap.php(96): SP\Providers\Auth\Ldap\LdapConnection->checkConnection()
#3 /var/www/html/sysPass/lib/SP/Services/Ldap/LdapCheckService.php(51): SP\Providers\Auth\Ldap\Ldap->factory(Object(SP\Providers\Auth\Ldap\LdapParams),Object(SP\Core\Events\EventDispatcher),Boolean)
#4 /var/www/html/sysPass/app/modules/web/Controllers/ConfigLdapController.php(156): SP\Services\Ldap\LdapCheckService->checkConnection(Object(SP\Providers\Auth\Ldap\LdapParams))
#5 [internal function]: SP\Modules\Web\Controllers\ConfigLdapController->checkAction()
#6 /var/www/html/sysPass/lib/SP/Bootstrap.php(240): call_user_func_array(Array,Array)
#7 [internal function]: SP\Bootstrap->SP{closure}(Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)
#8 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(879): call_user_func(Object(Closure),Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)
#9 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route),Object(Klein\DataCollection\RouteCollection),Array)
#10 /var/www/html/sysPass/lib/SP/Bootstrap.php(464): Klein\Klein->dispatch(Object(Klein\Request))
#11 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap->run(Object(DI\Container))
#12 /var/www/html/sysPass/index.php(28): require(String)","caller":"N/A"}
[2021-03-26 14:07:31] syspass.INFO: logger {"message":"Extensions checked","caller":"SP\Core\PhpExtensionChecker::checkMandatory"}
[2021-03-26 14:07:31] syspass.INFO: logger {"message":"Saved icons cache","caller":"SP\Core\UI\Theme::saveIcons"}
[2021-03-26 14:07:31] syspass.INFO: logger {"message":"Loaded actions cache","caller":"SP\Core\Acl\Actions::loadCache"}
[2021-03-26 14:07:47] syspass.INFO: logger {"message":"Extensions checked","caller":"SP\Core\PhpExtensionChecker::checkMandatory"}
[2021-03-26 14:07:48] syspass.INFO: logger {"message":"Saved icons cache","caller":"SP\Core\UI\Theme::saveIcons"}
[2021-03-26 14:07:48] syspass.INFO: logger {"message":"Loaded actions cache","caller":"SP\Core\Acl\Actions::loadCache"}
[2021-03-26 14:07:48] syspass.EXCEPTION: logger {"message":"Connection error (BIND)
#0 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(114): SP\Providers\Auth\Ldap\LdapConnection->bind()
#1 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(95): SP\Providers\Auth\Ldap\LdapConnection->connectAndBind()
#2 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/Ldap.php(96): SP\Providers\Auth\Ldap\LdapConnection->checkConnection()
#3 /var/www/html/sysPass/lib/SP/Services/Ldap/LdapCheckService.php(51): SP\Providers\Auth\Ldap\Ldap->factory(Object(SP\Providers\Auth\Ldap\LdapParams),Object(SP\Core\Events\EventDispatcher),Boolean)
#4 /var/www/html/sysPass/app/modules/web/Controllers/ConfigLdapController.php(156): SP\Services\Ldap\LdapCheckService->checkConnection(Object(SP\Providers\Auth\Ldap\LdapParams))
#5 [internal function]: SP\Modules\Web\Controllers\ConfigLdapController->checkAction()
#6 /var/www/html/sysPass/lib/SP/Bootstrap.php(240): call_user_func_array(Array,Array)
#7 [internal function]: SP\Bootstrap->SP{closure}(Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)
#8 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(879): call_user_func(Object(Closure),Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)
#9 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route),Object(Klein\DataCollection\RouteCollection),Array)
#10 /var/www/html/sysPass/lib/SP/Bootstrap.php(464): Klein\Klein->dispatch(Object(Klein\Request))
#11 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap->run(Object(DI\Container))
#12 /var/www/html/sysPass/index.php(28): require(String)","caller":"N/A"}
[2021-03-26 14:08:01] syspass.INFO: logger {"message":"Extensions checked","caller":"SP\Core\PhpExtensionChecker::checkMandatory"}
[2021-03-26 14:08:01] syspass.INFO: logger {"message":"Saved icons cache","caller":"SP\Core\UI\Theme::saveIcons"}
[2021-03-26 14:08:01] syspass.INFO: logger {"message":"Loaded actions cache","caller":"SP\Core\Acl\Actions::loadCache"}
[2021-03-26 14:08:02] syspass.EXCEPTION: logger {"message":"Connection error (BIND)
#0 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(114): SP\Providers\Auth\Ldap\LdapConnection->bind()
#1 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/LdapConnection.php(95): SP\Providers\Auth\Ldap\LdapConnection->connectAndBind()
#2 /var/www/html/sysPass/lib/SP/Providers/Auth/Ldap/Ldap.php(96): SP\Providers\Auth\Ldap\LdapConnection->checkConnection()
#3 /var/www/html/sysPass/lib/SP/Services/Ldap/LdapImportService.php(164): SP\Providers\Auth\Ldap\Ldap->factory(Object(SP\Providers\Auth\Ldap\LdapParams),Object(SP\Core\Events\EventDispatcher),Boolean)
#4 /var/www/html/sysPass/lib/SP/Services/Ldap/LdapImportService.php(175): SP\Services\Ldap\LdapImportService->getLdap(Object(SP\Providers\Auth\Ldap\LdapParams))
#5 /var/www/html/sysPass/app/modules/web/Controllers/ConfigLdapController.php(268): SP\Services\Ldap\LdapImportService->importUsers(Object(SP\Providers\Auth\Ldap\LdapParams),Object(SP\Services\Ldap\LdapImportParams))
#6 [internal function]: SP\Modules\Web\Controllers\ConfigLdapController->importAction()
#7 /var/www/html/sysPass/lib/SP/Bootstrap.php(240): call_user_func_array(Array,Array)
#8 [internal function]: SP\Bootstrap->SP{closure}(Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)
#9 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(879): call_user_func(Object(Closure),Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)
#10 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route),Object(Klein\DataCollection\RouteCollection),Array)
#11 /var/www/html/sysPass/lib/SP/Bootstrap.php(464): Klein\Klein->dispatch(Object(Klein\Request))
#12 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap->run(Object(DI\Container))
#13 /var/www/html/sysPass/index.php(28): require(String)","caller":"N/A"}
[2021-03-26 14:08:08] syspass.INFO: logger {"message":"Extensions checked","caller":"SP\Core\PhpExtensionChecker::checkMandatory"}
[2021-03-26 14:08:09] syspass.INFO: logger {"message":"Saved icons cache","caller":"SP\Core\UI\Theme::saveIcons"}
[2021-03-26 14:08:09] syspass.INFO: logger {"message":"Loaded actions cache","caller":"SP\Core\Acl\Actions::loadCache"}

Platform (please complete the following information):
CentOS Linux release 7.6.1810 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.6.1810 (Core)
CentOS Linux release 7.6.1810 (Core)

browser: Opera

Additional context
The connection is working, i can login with any account from my ldap.

[oleksandrmeleshchuk-epm]

Having same issue, it's related to the chaning "Bind Password" field value after pressing save button on the LDAP configuration page.

[RuTHlessBEat200]

Hi,
Enter the bind password and then go all the way to the bottom and click import. Do not click save or any other button. That fixed the problem for me. I have to do this every time I import new users from LDAP.

[smokeyy92]

@nuxsmin we are having the same issue we have just deployed the latest 3.2 version we are attempting to authenticate via ldap but it is not allowing us, the errors can vary from invalid credentials (49) connection error (bind).

[CyrosX]

According to my experience, most times it has something to do with certificates.
Putting TLS_REQCERT never in ldap.conf is a possible solution in a trusted environment.

[nuxsmin]

Hello,

This issue seems to be related to @RuTHlessBEat200 answer.

Regards