Quantcast
Channel: Monitoring-Portal Feed
Viewing all articles
Browse latest Browse all 1338

Icingaweb2 LDAP auth problems (array to string conversion)

October 2, 2015, 10:00 am
$
0
0
Versions: OS SLES11 SP4

Quellcode

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

# rpm -qa | grep -i icinga | sort
icinga-doc-1.13.3-0
icinga-gui-1.13.3-0
icinga2-2.3.10-1
icinga2-bin-2.3.10-1
icinga2-classicui-config-2.3.10-1
icinga2-common-2.3.10-1
icinga2-debuginfo-2.3.10-1
icinga2-ido-mysql-2.3.10-1
icingacli-2.0.0-5
icingaweb2-2.0.0-5
icingaweb2-common-2.0.0-5
icingaweb2-vendor-HTMLPurifier-4.6.0-1
icingaweb2-vendor-JShrink-1.0.1-1
icingaweb2-vendor-Parsedown-1.0.0-1
icingaweb2-vendor-dompdf-0.6.1-1
icingaweb2-vendor-lessphp-0.4.0-1
php-Icinga-2.0.0-5
python-icinga2-2.1.1-1


Hi,

I'm getting the following error for LDAP auth during setup of new icingaweb2 install:

Params:
* Host: ldap.xxx.com
* Root DN: o=XXX
* LDAP User Object Class: inetOrgPerson (Default)
* LDAP User Name Attribute: cn
* LDAP Base DN (for now): ou=Users,ou=XXX,o=XXX
* LDAP Group Object Class: groupOfNames (???)
* LDAP Group Name Attribute: cn (???)
* LDAP Group Member Attribute: member (Default)
* LDAP Group Base DN (for now): ou=U_Groups,ou=Users,ou=XXX,o=XXX
* First admin user: By name: XXXX

Quellcode

 
1
2
3
4
5
6
7
8
9
10
11
12
13

Array to string conversion
#0 [internal function]: Icinga\Application\{closure}(8, 'Array to string...', '/usr/share/php/...', 157, Array)
#1 /usr/share/php/Icinga/Authentication/Auth.php(157): array_combine(Array, Array)
#2 /usr/share/icingaweb2/application/forms/Authentication/LoginForm.php(92): Icinga\Authentication\Auth->setAuthenticated(Object(Icinga\User))
#3 /usr/share/php/Icinga/Web/Form.php(1152): Icinga\Forms\Authentication\LoginForm->onSuccess()
#4 /usr/share/icingaweb2/application/controllers/AuthenticationController.php(48): Icinga\Web\Form->handleRequest()
#5 /usr/share/php5/Zend/Controller/Action.php(516): Icinga\Controllers\AuthenticationController->loginAction()
#6 /usr/share/php/Icinga/Web/Controller/Dispatcher.php(75): Zend_Controller_Action->dispatch('loginAction')
#7 /usr/share/php5/Zend/Controller/Front.php(954): Icinga\Web\Controller\Dispatcher->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#8 /usr/share/php/Icinga/Application/Web.php(333): Zend_Controller_Front->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#9 /usr/share/php/Icinga/Application/webrouter.php(109): Icinga\Application\Web->dispatch()
#10 /usr/share/icingaweb2/public/index.php(4): require_once('/usr/share/php/...')
#11 {main}


-----

Workaround: Configure DB backend and add LDAP resource and backend later I can login alright but have no permissions.

Trying to set up authentication for an LDAP user, if I leave the default LDAP User Name Attribute, I get:

Quellcode

 
1
2
3
4
5
6
7
8
9
10

Validation Log
Connect without encryption
LDAP bind to ldap.XXX.XXX:389 ( / ***) successful
NetIQ Corporation
LDAP Agent for NetIQ eDirectory 8.8 SP8 (20805.02)
Supports STARTTLS: True
Default naming context: o=XXX
Searching for: objectClass "inetOrgPerson" in DN "o=XXX" (Filter: None)
1559 users found in backend
UserNameAttribute "uid" not existing in objectClass "inetOrgPerson"

So I change LDAP User Name Attribute to "cn", which validates alright and I can even login.

However, when trying to set up authorization, I get (on page /icingaweb2/user/list?backend=my_ldap_user_backend)

Quellcode

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

htmlspecialchars() expects parameter 1 to be string, array given
#0 [internal function]: Icinga\Application\{closure}(2, 'htmlspecialchar...', '/usr/share/php/...', 88, Array)
#1 /usr/share/php/Icinga/Web/View.php(88): htmlspecialchars(Array, 6, 'UTF-8', true)
#2 /usr/share/php/Icinga/Web/View/helpers/url.php(57): Icinga\Web\View->escape(Array)
#3 [internal function]: Icinga\Web\View\{closure}(Array, 'user/show', Array, Array)
#4 /usr/share/php/Icinga/Web/View.php(134): call_user_func_array(Object(Closure), Array)
#5 /usr/share/php/Icinga/Web/View.php(221): Icinga\Web\View->callHelperFunction('qlink', Array)
#6 zend.view:///usr/share/icingaweb2/application/views/scripts/user/list.phtml(74): Icinga\Web\View->__call('qlink', Array)
#7 zend.view:///usr/share/icingaweb2/application/views/scripts/user/list.phtml(74): Icinga\Web\View->qlink(Array, 'user/show', Array, Array)
#8 /usr/share/php/Icinga/Web/View.php(204): include('zend.view:///us...')
#9 /usr/share/php5/Zend/View/Abstract.php(888): Icinga\Web\View->_run('/usr/share/icin...')
#10 /usr/share/php5/Zend/Controller/Action/Helper/ViewRenderer.php(900): Zend_View_Abstract->render('user/list.phtml')
#11 /usr/share/php5/Zend/Controller/Action/Helper/ViewRenderer.php(921): Zend_Controller_Action_Helper_ViewRenderer->renderScript('user/list.phtml', NULL)
#12 /usr/share/php5/Zend/Controller/Action/Helper/ViewRenderer.php(960): Zend_Controller_Action_Helper_ViewRenderer->render()
#13 /usr/share/php5/Zend/Controller/Action/HelperBroker.php(277): Zend_Controller_Action_Helper_ViewRenderer->postDispatch()
#14 /usr/share/php5/Zend/Controller/Action.php(527): Zend_Controller_Action_HelperBroker->notifyPostDispatch()
#15 /usr/share/php/Icinga/Web/Controller/Dispatcher.php(75): Zend_Controller_Action->dispatch('listAction')
#16 /usr/share/php5/Zend/Controller/Front.php(954): Icinga\Web\Controller\Dispatcher->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#17 /usr/share/php/Icinga/Application/Web.php(333): Zend_Controller_Front->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#18 /usr/share/php/Icinga/Application/webrouter.php(109): Icinga\Application\Web->dispatch()
#19 /usr/share/icingaweb2/public/index.php(4): require_once('/usr/share/php/...')
#20 {main}


The only bug that I found and that may be related is https://dev.icinga.org/issues/8246 but was fixed already. So this seems to be different after all...

Anyone have an idea?

BFN

Marki
Search
Viewing all articles
Browse latest Browse all 1338
Search