Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-32566

server is doing auth for user 'Administrator' in ldap if previous login is a ldap authentication

    XMLWordPrintable

Details

    • Bug
    • Resolution: User Error
    • Major
    • 6.5.0
    • 6.5.0
    • ns_server
    • Enterprise Edition 6.5.0 build 1949 ‧ IPv4
    • Untriaged
    • Centos 64-bit
    • No

    Description

      1. Configure CB Server with LDAP and also with ldap group support
      2. Configure with ldap group and assign it a admin role
      3. Add a user to ldap group
      4. Now login via the ldap user. 
      5. Now login via "Administrator" 

      Logs show:

      [ns_server:debug,2019-01-10T01:32:45.214-08:00,ns_1@127.0.0.1:<0.25671.0>:ldap_util:with_connection:31]Connected to LDAP server

      [ns_server:debug,2019-01-10T01:32:45.519-08:00,ns_1@127.0.0.1:<0.25671.0>:ldap_util:with_authenticated_connection:61]Bind for dn "<ud>cn=Administrator,ou=Users,dc=couchbase,dc=com</ud>":

      {error,                                                                        invalidCredentials}

      [ns_server:debug,2019-01-10T01:32:45.519-08:00,ns_1@127.0.0.1:ns_audit<0.392.0>:ns_audit:handle_call:114]Audit login_failure: [{real_userid,{[

      {domain,rejected},

                                           {user,<<"<ud>Administrator</ud>">>}]}},

                            {remote,{[{ip,<<"10.112.180.1">>},\{port,52648}]}},

                            {timestamp,<<"2019-01-10T01:32:45.519-08:00">>}]

      [ns_server:debug,2019-01-10T01:32:55.006-08:00,ns_1@127.0.0.1:ns_audit<0.392.0>:ns_audit:handle_call:114]Audit login_failure: [{real_userid,{[{domain,rejected}

      ,

                                          

      {user,<<"<ud>Administrator</ud>">>}]}},

                            {remote,{[{ip,<<"10.112.180.1">>},\{port,52648}]}},

                            {timestamp,<<"2019-01-10T01:32:55.006-08:00">>}]

       

      Now wait for few seconds and refresh the browser and then try to login again.  This time it is 'Administrator' as builtin user.

      [ns_server:debug,2019-01-10T01:33:04.541-08:00,ns_1@127.0.0.1:ns_audit<0.392.0>:ns_audit:handle_call:114]Audit login_success: [{roles,[<<"admin">>]},

                            {real_userid,{[{domain,builtin},

                                           {user,<<"<ud>Administrator</ud>">>}

      ]}},

                           

      {sessionid,<<"01ee24aa72430d20cad09f394fd88294">>}

      ,

                            {remote,{[

      {ip,<<"10.112.180.1">>}

      ,{port,52648}]}},

                           

      {timestamp,<<"2019-01-10T01:33:04.541-08:00">>}

      ]

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            timofey.barmin Timofey Barmin
            ritam.sharma Ritam Sharma
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty