Login with AD User not possible

[edelmanns]

Page on which it happened

Login

Steps to reproduce

1. Login with AD User

Expected behaviour

Login with an User from AD is possible

Actual behaviour

Login with an User from AD is not possible

Server configuration

Operating system: Linux myserver 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 x86_64

Web server: Apache/2.4.52 (Ubuntu)

Database: 11.2.2-MariaDB-log

PHP version: 8.1.2-1ubuntu2.14

Teampass version: 3.1.1

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '0',
'log_connections' => '1',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '1',
'item_duplicate_in_same_folder' => '0',
'duplicate_item' => '1',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html/teampass',
'cpassman_url' => 'http://<anonym_url>/teampass
'favicon' => 'http://<anonym_url>/teampass/favicon.ico',
'path_to_upload_folder' => '/var/www/html/teampass/upload',
'path_to_files_folder' => '/var/www/html/teampass/files',
'url_to_files_folder' => 'http://<anonym_url>/teampass/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'teampass_version' => '3.1.1',
'ldap_mode' => '1',
'ldap_type' => 'ActiveDirectory',
'ldap_suffix' => '0',
'ldap_domain_dn' => '0',
'ldap_domain_controler' => '0',
'ldap_user_attribute' => 'samaccountname',
'ldap_ssl' => '0',
'ldap_tls' => '0',
'ldap_search_base' => '0',
'ldap_port' => '389',
'richtext' => '0',
'allow_print' => '1',
'roles_allowed_to_print' => '0',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '1',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => '',
'default_language' => 'english',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'send_stats_time' => '1702888622',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'sending_emails' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => '<removed>'
'email_smtp_auth' => '',
'email_auth_username' => '<removed>'
'email_auth_pwd' => '<removed>'
'email_port' => '25',
'email_security' => '',
'email_server_url' => '',
'email_from' => '<removed>'
'email_from' => '<removed>'
'pwd_maximum_length' => '40',
'google_authentication' => '0',
'delay_item_edition' => '0',
'allow_import' => '1',
'proxy_ip' => '<removed>'
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for ChangeMe',
'api' => '0',
'subfolder_rights_as_parent' => '1',
'show_only_accessible_folders' => '1',
'enable_suggestion' => '0',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '360',
'duo' => '0',
'enable_server_password_change' => '0',
'ldap_object_class' => '0',
'bck_script_path' => '/var/www/html/teampass/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '0',
'syslog_host' => '<removed>'
'syslog_port' => '514',
'manager_move_item' => '0',
'create_item_without_password' => '1',
'otv_is_enabled' => '0',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '0',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'Europe/Berlin',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '0',
'disable_show_forgot_pwd_link' => '1',
'offline_key_level' => '48',
'enable_http_request_login' => '0',
'ldap_and_local_authentication' => '1',
'secure_display_image' => '1',
'upload_zero_byte_file' => '0',
'upload_all_extensions_file' => '1',
'bck_script_passkey' => '<removed>'
'admin_2fa_required' => '0',
'password_overview_delay' => '4',
'copy_to_clipboard_small_icons' => '1',
'duo_ikey' => '<removed>'
'duo_skey' => '<removed>'
'duo_host' => '<removed>'
'duo_failmode' => 'secure',
'roles_allowed_to_print_select' => '',
'clipboard_life_duration' => '30',
'mfa_for_roles' => '',
'tree_counters' => '1',
'settings_offline_mode' => '1',
'settings_tree_counters' => '0',
'enable_massive_move_delete' => '1',
'email_debug_level' => '0',
'ga_reset_by_user' => '',
'onthefly-backup-key' => '<removed>'
'onthefly-restore-key' => '<removed>'
'ldap_user_dn_attribute' => 'distinguishedname',
'ldap_dn_additional_user_dn' => '',
'ldap_user_object_filter' => '(objectCategory=Person)(sAMAccountName=*)',
'ldap_bdn' => 'ou=Employees,dc=DE,dc=mycomp-GROUP,dc=COM',
'ldap_hosts' => '<removed>'
'ldap_password' => '<removed>'
'ldap_username' => 'cn=myserver_binduser,ou=Binduser,ou=ServiceAccounts,ou=ADM Users,dc=de,dc=mycomp-group,dc=com',
'api_token_duration' => '60',
'last_folder_change' => '',
'enable_tasks_manager' => '1',
'task_maximum_run_time' => '300',
'tasks_manager_refreshing_period' => '20',
'maximum_number_of_items_to_treat' => '100',
'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
'enable_tasks_log' => '0',
'upgrade_timestamp' => '1705480622',
'enable_ad_users_with_ad_groups' => '0',
'enable_ad_user_auto_creation' => '0',
'ldap_group_object_filter' => '',
'ldap_guid_attibute' => 'objectguid',
'sending_emails_job_frequency' => '2',
'user_keys_job_frequency' => '1',
'items_statistics_job_frequency' => '5',
'users_personal_folder_task' => '',
'clean_orphan_objects_task' => '',
'purge_temporary_files_task' => '',
'rebuild_config_file' => '',
'reload_cache_table_task' => '',
'maximum_session_expiration_time' => '360',
'items_ops_job_frequency' => '1',
'enable_refresh_task_last_execution' => '1',
'ldap_group_objectclasses_attibute' => '',

Updated from an older Teampass or fresh install:

fresh installation

Client configuration

**Browser: Chrome -

Operating system: Windows 10 - bits

Logs

Web server error log

[Wed Jan 17 15:27:02.606423 2024] [php:error] [pid 15881] [client 10.1.13.7:55997] PHP Fatal error:  
Uncaught Error: Call to a member function isEnabled() on null in /var/www/html/teampass/vendor/teampassclasses/ldapextra/src/ActiveDirectoryExtra.php:131\n
Stack trace:\n#0 /var/www/html/teampass/sources/identify.php(1206): TeampassClasses\\LdapExtra\\ActiveDirectoryExtra->userIsEnabled()\n#1 
/var/www/html/teampass/sources/identify.php(2315): authenticateThroughAD()\n#2 /var/www/html/teampass/sources/identify.php(298): identifyDoLDAPChecks()\n
#3 /var/www/html/teampass/sources/identify.php(141): identifyUser()\n#4 {main}\n  thrown in 
/var/www/html/teampass/vendor/teampassclasses/ldapextra/src/ActiveDirectoryExtra.php on line 131, 
referer: http://myserver/teampass/index.php

Log from the web-browser developer console (CTRL + SHIFT + i)

Request URL:
http://myserver/teampass/sources/identify.php
Request Method:
POST
Status Code:
500 Internal Server Error
Remote Address:
10.0.31.38:80
Referrer Policy:
strict-origin-when-cross-origin

[edelmanns]

Same sever with 3.0.10.153 login with AD user is possible.
The same configuration like 3.1.1.17

[ThryNext]

Hello everyone, is there a solution to this, I have the same problem. LADP synchronization works as well as user activation but the AD login does not work.
Please for a quick solution
Thank you.
Version 3.0.10.x works fine but with version 3.1.1.17 its not working.

[nilsteampassnet]

@edelmanns @ThryNext

Quick fix to unlock you si to bypass this check.
Open file sourcesidentify.php
Replace

        // Is user enabled? Only ActiveDirectory
        if ($SETTINGS['ldap_type'] === 'ActiveDirectory' && isset($activeDirectoryExtra) === true && $activeDirectoryExtra instanceof ActiveDirectoryExtra) {
            //require_once 'ldap.activedirectory.php';
            if ($activeDirectoryExtra->userIsEnabled((string) $userADInfos['dn'], $ldapConnection) === false) {
                return [
                    'error' => true,
                    'message' => "Error : User is not enabled",
                ];
            }
        }

by

/*
        // Is user enabled? Only ActiveDirectory
        if ($SETTINGS['ldap_type'] === 'ActiveDirectory' && isset($activeDirectoryExtra) === true && $activeDirectoryExtra instanceof ActiveDirectoryExtra) {
            //require_once 'ldap.activedirectory.php';
            if ($activeDirectoryExtra->userIsEnabled((string) $userADInfos['dn'], $ldapConnection) === false) {
                return [
                    'error' => true,
                    'message' => "Error : User is not enabled",
                ];
            }
        }
*/

And save the file

[raimundoa]

@nilsteampassnet this #4014 (comment) is same

[edelmanns]

Hello,
with 3.1.1.53 works fine, thanks.
Closed