Project

General

Profile

Actions

Bug #15122

closed

PHP errors in LDAP server prevent it from falling back to Local Database

Added by Christopher Cope 12 months ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Category:
Authentication
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
Affected Architecture:
All

Description

The following error can be hit when attempting to login with a misconfigured LDAP server, which prevents the code from falling back to the Local Database. The error checking in the ldap_backed() function should be moved to before the call to the ldap_setup_caenv() function. I'll be doing some testing and will submit a merge request in the next couple of days.

Fatal error: Uncaught TypeError: ldap_set_option(): Argument #1 ($ldap) must be of type ?LDAP\Connection, bool given in /etc/inc/auth.inc:1100 Stack trace: #0 /etc/inc/auth.inc(1100): ldap_set_option(false, 24582, 1) #1 /etc/inc/auth.inc(1604): ldap_setup_caenv(false, Array) #2 /etc/inc/auth.inc(2103): ldap_backed('admin', 'pfsense', Array, Array) #3 /etc/inc/auth.inc(2161): authenticate_user('admin', 'pfsense', Array, Array) #4 /etc/inc/authgui.inc(37): session_auth() #5 /usr/local/www/guiconfig.inc(62): require_once('/etc/inc/authgu...') #6 /usr/local/www/index.php(46): require_once('/usr/local/www/...') #7 {main} thrown in /etc/inc/auth.inc on line 1100 PHP ERROR: Type: 1, File: /etc/inc/auth.inc, Line: 1100, Message: Uncaught TypeError: ldap_set_option(): Argument #1 ($ldap) must be of type ?LDAP\Connection, bool given in /etc/inc/auth.inc:1100 Stack trace: #0 /etc/inc/auth.inc(1100): ldap_set_option(false, 24582, 1) #1 /etc/inc/auth.inc(1604): ldap_setup_caenv(false, Array) #2 /etc/inc/auth.inc(2103): ldap_backed('admin', 'pfsense', Array, Array) #3 /etc/inc/auth.inc(2161): authenticate_user('admin', 'pfsense', Array, Array) #4 /etc/inc/authgui.inc(37): session_auth() #5 /usr/local/www/guiconfig.inc(62): require_once('/etc/inc/authgu...') #6 /usr/local/www/index.php(46): require_once('/usr/local/www/...') #7 {main} thrown

Actions #1

Updated by Christopher Cope 12 months ago

  • Status changed from New to Pull Request Review
Actions #2

Updated by Marcos M 12 months ago

  • Status changed from Pull Request Review to Feedback
  • Target version set to 2.8.0
  • % Done changed from 0 to 100
  • Plus Target Version set to 24.03
  • Affected Architecture All added
Actions #4

Updated by Danilo Zrenjanin 11 months ago

The firewall couldn't reach the LDAP server and I couldn't replicate that on 23.09.1.

Is there any specifically wrong LDAP config that causes that to fail?

Do you have specific steps on how to misconfigure LDAP to provoke that PHP error?

Actions #5

Updated by Christopher Cope 11 months ago

Danilo Zrenjanin wrote in #note-4:

The firewall couldn't reach the LDAP server and I couldn't replicate that on 23.09.1.

Is there any specifically wrong LDAP config that causes that to fail?

Do you have specific steps on how to misconfigure LDAP to provoke that PHP error?

I am unable to reproduce the original issue locally either. I tested this fix, with the customer's permission, live on the problem system and it resolved it. I think the most important feedback here is to make sure everything else is still behaving as expected.

Actions #6

Updated by Danilo Zrenjanin 10 months ago

  • Status changed from Feedback to Resolved

I didn't experience any issues after applying the patch, and I was unable to reproduce the PHP error regardless of the LDAP configuration.

I am closing this ticket as resolved.

Actions #7

Updated by aleksei prokofiev 9 months ago

  • File c48e3d87347538a6ef3e8b7542bdd498176343dd.diff added
Actions #8

Updated by Jim Pingle 9 months ago

  • File deleted (c48e3d87347538a6ef3e8b7542bdd498176343dd.diff)
Actions #9

Updated by Jim Pingle 9 months ago

No need to put a manual patch file on here that's already in the public Git repo. The diff is already linked on the "Associated Revisions" tab or you can reference it via c48e3d87347538a6ef3e8b7542bdd498176343dd

Actions

Also available in: Atom PDF