Bug #15122
closedPHP errors in LDAP server prevent it from falling back to Local Database
100%
Description
The following error can be hit when attempting to login with a misconfigured LDAP server, which prevents the code from falling back to the Local Database. The error checking in the ldap_backed() function should be moved to before the call to the ldap_setup_caenv() function. I'll be doing some testing and will submit a merge request in the next couple of days.
Fatal error: Uncaught TypeError: ldap_set_option(): Argument #1 ($ldap) must be of type ?LDAP\Connection, bool given in /etc/inc/auth.inc:1100 Stack trace: #0 /etc/inc/auth.inc(1100): ldap_set_option(false, 24582, 1) #1 /etc/inc/auth.inc(1604): ldap_setup_caenv(false, Array) #2 /etc/inc/auth.inc(2103): ldap_backed('admin', 'pfsense', Array, Array) #3 /etc/inc/auth.inc(2161): authenticate_user('admin', 'pfsense', Array, Array) #4 /etc/inc/authgui.inc(37): session_auth() #5 /usr/local/www/guiconfig.inc(62): require_once('/etc/inc/authgu...') #6 /usr/local/www/index.php(46): require_once('/usr/local/www/...') #7 {main} thrown in /etc/inc/auth.inc on line 1100 PHP ERROR: Type: 1, File: /etc/inc/auth.inc, Line: 1100, Message: Uncaught TypeError: ldap_set_option(): Argument #1 ($ldap) must be of type ?LDAP\Connection, bool given in /etc/inc/auth.inc:1100 Stack trace: #0 /etc/inc/auth.inc(1100): ldap_set_option(false, 24582, 1) #1 /etc/inc/auth.inc(1604): ldap_setup_caenv(false, Array) #2 /etc/inc/auth.inc(2103): ldap_backed('admin', 'pfsense', Array, Array) #3 /etc/inc/auth.inc(2161): authenticate_user('admin', 'pfsense', Array, Array) #4 /etc/inc/authgui.inc(37): session_auth() #5 /usr/local/www/guiconfig.inc(62): require_once('/etc/inc/authgu...') #6 /usr/local/www/index.php(46): require_once('/usr/local/www/...') #7 {main} thrown
Updated by Christopher Cope 12 months ago
- Status changed from New to Pull Request Review
Updated by Christopher Cope 12 months ago
Updated by Danilo Zrenjanin 11 months ago
The firewall couldn't reach the LDAP server and I couldn't replicate that on 23.09.1.
Is there any specifically wrong LDAP config that causes that to fail?
Do you have specific steps on how to misconfigure LDAP to provoke that PHP error?
Updated by Christopher Cope 11 months ago
Danilo Zrenjanin wrote in #note-4:
The firewall couldn't reach the LDAP server and I couldn't replicate that on 23.09.1.
Is there any specifically wrong LDAP config that causes that to fail?
Do you have specific steps on how to misconfigure LDAP to provoke that PHP error?
I am unable to reproduce the original issue locally either. I tested this fix, with the customer's permission, live on the problem system and it resolved it. I think the most important feedback here is to make sure everything else is still behaving as expected.
Updated by Danilo Zrenjanin 10 months ago
- Status changed from Feedback to Resolved
I didn't experience any issues after applying the patch, and I was unable to reproduce the PHP error regardless of the LDAP configuration.
I am closing this ticket as resolved.
Updated by aleksei prokofiev 9 months ago
- File c48e3d87347538a6ef3e8b7542bdd498176343dd.diff added
Updated by Jim Pingle 9 months ago
- File deleted (
c48e3d87347538a6ef3e8b7542bdd498176343dd.diff)
Updated by Jim Pingle 9 months ago
No need to put a manual patch file on here that's already in the public Git repo. The diff is already linked on the "Associated Revisions" tab or you can reference it via c48e3d87347538a6ef3e8b7542bdd498176343dd