Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Bind was found but type uid is not supported" - Looking up LDAP user names (lowercase/uppercase) #97

Open
tgurr opened this issue Jun 22, 2021 · 3 comments

Comments

@tgurr
Copy link

tgurr commented Jun 22, 2021

#71 is expected to fix this problem, however I'm still running into an issue. As can be seen in the logs the users are actually found but no result is given to Element due to the error message Bind was found but type uid is not supported.

In the logs when doing a search via Element I have:

Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Performing search for 'xx00001'
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Original request URL: http://matrix.domain.local/_matrix/client/r0/user_directory/search
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Querying HS at http://localhost:8008/_matrix/client/r0/user_directory/search
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Found 0 match(es) in HS for 'xx00001'
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Using Directory provider LdapDirectoryProvider
Jun 22 14:33:17 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Performing LDAP directory search on display name using 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Found possible match, DN: CN=lastname name,OU=corporate,DC=domain,DC=local
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - DN CN=lastname name,OU=corporate,DC=domain,DC=local is a valid match
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapBackend - UID XX00001 from LDAP has been changed to lowercase to match the Synapse specifications
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] WARN io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Bind was found but type uid is not supported
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Display name: found 0 match(es) for 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Performing LDAP directory search on 3PIDs using 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Found possible match, DN: CN=lastname name,OU=corporate,DC=domain,DC=local
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - DN CN=lastname name,OU=corporate,DC=domain,DC=local is a valid match
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.backend.ldap.LdapBackend - UID XX00001 from LDAP has been changed to lowercase to match the Synapse specifications
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] WARN io.kamax.mxisd.backend.ldap.LdapDirectoryProvider - Bind was found but type uid is not supported
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Threepid: found 0 match(es) for 'xx00001'
Jun 22 14:33:18 matrixhost ma1sd[3476760]: [XNIO-1 task-1] INFO io.kamax.mxisd.directory.DirectoryManager - Total matches: 0 - limited? false

My ma1sd configuration has:

ldap:
  enabled: true
  lookup: true # hash lookup
  activeDirectory: true
  defaultDomain: 'domain.local'
  connection:
    host: 'addc1.domain.local'
    port: 389
    bindDn: 'CN=matrixldapuser,OU=services,OU=corporate,DC=domain,DC=local'
    bindPassword: 'xxxxxxx'
    baseDNs:
      - 'OU=corporate,DC=domain,DC=local'
  attribute:
    uid:
      type: 'uid' # or mxid
      value: 'sAMAccountName'
    name: 'displayName'
  identity:
    filter: '(objectClass=inetOrgPerson)'

If it's a configuration issue on my side it would be nice if someone could tell me what needs to be changed.

@tgurr
Copy link
Author

tgurr commented Jun 22, 2021

To answer myself, removing activeDirectory: true appears to fix the problem.

@q-wertz
Copy link

q-wertz commented Jun 19, 2022

Hi, sorry never saw this. I did the patch back then but still don't have Synapse in use...

I'm not very familiar with the code/all the specifications.

The error seems to happen in the search function here:

log.info("DN {} is a valid match", entry.getDn().getName());
try {
UserDirectorySearchResult.Result entryResult = new UserDirectorySearchResult.Result();
entryResult.setUserId(buildMatrixIdFromUid(uid));
getAttribute(entry, atCfg.getName()).ifPresent(entryResult::setDisplayName);
result.addResult(entryResult);
} catch (IllegalArgumentException e) {
log.warn("Bind was found but type {} is not supported", atCfg.getUid().getType());
}

I think the exception is thrown in line 79 where something is broken when activeDirectory: true (in that case the a UPN object is used to get the localpart and this expects a @ in the UID -> not present -> throws the IllegalArgumentException).

But in that case there should be line 76 present in the logs so I cannot really follow 😅

Could you maybe try to search login@domain and see if it also happens then?

Craeckie pushed a commit to Craeckie/ma1sd that referenced this issue Dec 12, 2022
…hutter.junixsocket-junixsocket-core-2.5.1

Bump junixsocket-core from 2.4.0 to 2.5.1
@tobast
Copy link

tobast commented Jul 1, 2024

I can confirm that the issue is still present (ma1sd version 2.5.0). Setting activeDirectory to false still seems to mitigate the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants