New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Active Directory Authentication showing "Internal Server Error" #4
Comments
Hi jmgascoriego |
Hi Marc, I've tried to follow the container logs while authenticating, but nothing is showing up. Inside the container, tailing the file /var/log/other_vhosts_access.log, I can see the requests:
That's all what I can get about logs. Thanks! |
Hi Marc, I have deployed a brand new gip/gip-mysql instance on a brand new docker host:
As soon as you try to login with the user AD account (username or username@domain format), I am getting this "Internal Server Error" in the application.
Not sure how we can troubleshoot this directly inside the container. Going back to the AD, my service account is a member of the default "Domain Users" group with the default "Read all properties" permission at domain level. I have other applications integrated with this domain and working without any issue. Thank you. |
Thank you for that information. Do you have multiple active LDAP groups configured? |
Hi Marc, No, I just have the one defined in OP. Thank you! |
Hi Then display again the logs with "docker logs -f gip" and try the login again. Regards |
Please try also the following: Access, to the container, open the file /etc/apache2/sites-available/gestioip.conf with an editor and change the line
to
Then restart the apache web server and check if the LDAP authentication error persists. |
Hi Marc, Thanks a lot for all those suggestions. Enabling the debugging mode in Apache provides better visibility of the errors. After some troubleshooting, I think I'm on the way to get it fixed, but I'm not there yet. Even fixing the above finding manually inside the container, I can't connect with the AD user yet, but I'm no longer receiving the "Internal Server Error". It just keeps asking you for user and password on the login page while I'm getting the below error in the logs:
Comparing the above error with a ldapsearch request using the same parameters that I can see in the LDAP URI string, I'm getting a successful output:
I'm still not sure about the root cause, but I will continue troubleshooting and testing. Regarding the AuthFormProvider parameter, I can see it included already when you configure the LDAP server:
However, it's also present by default in /etc/apache2/sites-enabled/gestioip.conf as below:
Deleting the line from gestioip.conf doesn't make any difference. In parallel, I have noticed that if you redeploy gip container keeping MySQL DB container alive, GestioIP shows the LDAP server configuration is correctly defined. Still, the configuration itself is missing in the container conf files. Maybe something to look at afterwards:
GUI LDAP Server section view: https://imgur.com/UJNAG3U I just need to delete the current configuration from the GUI and recreate it again. Sorry for the long update, but I wanted to share as many details as possible. Thank you! |
Hi jmgascoriego Thank you very much for this information. I'm made some more tests, and noticed also login problems. In my deployment, they seem to be in relation with the line
In my case I changed the line to
and deleted the line from /usr/share/gestioip/etc/apache/apache_ldap.conf After this the authentication with an LDAP user group is working. I will make some more tests and tell you something. Also may thanks for advising the issue with the "+"/whitespace. This will be fixed in the next days. I was able to reproduce the redeploy issue. I will also have a look at this issue. Regards, |
Hi jmgascoriego |
Hi Marc, I'm happy to confirm that it's working perfectly with the latest version. |
Hi jmgascoriego A new version, resolving the problem, that the content of the files in /usr/share/gestioip/etc/apache is reset to the default values after a redeploy, will be released, soon. Best regards |
Hi Marc, Appreciated your time fixing these bugs. I will be happy to test the new container once is ready. Thanks! |
@muebel @jmgascoriego I was having problems using reverse proxy with GestioIP. So I created the containers again and didn't use a proxy. I created self-signed certificates and set the url to https://localhost. When I login with the default username and password I get the message below. On the GestioIp screen it shows "Internal Server Error". It's like I logged in with the wrong username and password.
When I don't use ssl this error doesn't happen. |
I created a new Dockerfile with few lines. It looks like it solved the problem for now. I will run more tests.
|
Hi Marc,
After the issue #2, I'm unable to login with an AD user account. Every time that I try the logon, the application is giving an "Internal Server Error" and it seems the website is not fully loaded:
https://imgur.com/ImVuE3V
These are my settings for the LDAP server:
In my case, I am using LDAP Groups:
I have tested the service account and it can read correctly objects in Active Directory, so I doubt it's a permissions issue.
I also have tried to check error logs in the container during the login process, but I can't find anything.
Checking the domain controller security events, it's like GestioIP is not even sending the authentication request to the AD as no failure or success event is identified. Both, AD and Docker host where GestioIP is running are using the same subnet, so there is no FW in between.
Not sure what else should I check.
Thank you,
Kind regards.
The text was updated successfully, but these errors were encountered: