Hi,
We are trying to setup LDAP authentication for our app and have based it mostly on the information here: https://support.abp.io/QA/Questions/715/LDAP-Setup-documentation
We have replaced the LdapExternalLoginProvider and overriden the NormalizeUserName() function to set the username as required. In our case this is actually of the format as follows: user@my.domain.com
We now seem to get past the initial authentication, but then run into an error when ABP tries to do additional directory look ups - we think when doing the mapping to user roles. Do you have any advice about how to overcome this?
Our goal is to be able to map user roles to certain user groups in LDAP - would it be possible to point to some documentation about how this all works within ABP so we can understand how to set it up. Does anyone perhaps have a suggestion or sample configuration?
- ABP Framework version: v4.2.2
- UI type: Blazor WebAssembly
- DB provider: EF Core
- Exception message and stack trace:
20:19:00,182 INFO Microsoft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint '/Account/Login'
20:19:00,190 ERROR Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware - An unhandled exception has occurred while executing the request.
LdapForNet.LdapOperationsErrorException: Operations error. 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839. R
esult: 1. Method: ldap_parse_result. Details: ErrorMessage: 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
at LdapForNet.Native.LdapNative.ThrowIfError(SafeHandle ld, Int32 res, String method, IDictionary`2 details)
at LdapForNet.LdapConnection.ThrowIfResponseError(DirectoryResponse response)
at LdapForNet.LdapConnection.SendRequestAsync(DirectoryRequest directoryRequest, CancellationToken token)
at LdapForNet.LdapConnection.SearchAsync(String base, String filter, String[] attributes, LdapSearchScope scope, CancellationToken token)
at Volo.Abp.Account.Public.Web.Ldap.OpenLdapManager.GetUserEmailAsync(String userName)
at Volo.Abp.Account.Public.Web.Ldap.LdapExternalLoginProvider.GetUserInfoAsync(String userName)
at Volo.Abp.Identity.ExternalLoginProviderBase.CreateUserAsync(String userName, String providerName)
at Volo.Abp.Identity.AspNetCore.AbpSignInManager.PasswordSignInAsync(String userName, String password, Boolean isPersistent, Boolean lockoutOnFailure)
at Volo.Abp.Account.Web.Pages.Account.IdentityServerSupportedLoginModel.OnPostAsync(String action)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync()
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync()
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|24_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|19_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)
at IdentityServer4.Hosting.MutualTlsEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Builder.ApplicationBuilderAbpJwtTokenMiddlewareExtension.<>c__DisplayClass0_0.<<UseJwtTokenMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Builder.Extensions.MapWhenMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
20:19:00,194 INFO Microsoft.AspNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful.
20:19:00,195 INFO Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware - No CORS policy found for the specified request.
- Steps to reproduce the issue:
- Login from user login screen with the LDAP user credentials.
- The UI reports 500 Internal Server Error :(
At first glance, the log looks like it is due to invalid credentials, however this not due to the login screen user name and password beign incorrect. If we enter invalid credentials at the login screen, the UI reports "Invalid username or password" as expected.
Thanks for any help!
2 Answer(s)
-
0
hi
We have a document and test sample of LDAP, Can you check?
https://docs.abp.io/en/commercial/4.3/modules/account/ldap https://github.com/abpframework/abp-samples/blob/master/AbpLdapSample/AbpLdapSample/Program.cs
-
0
Thanks, this helped, but in the end, in the end the answer came from reimplementing the ExternalLoginProviderBase and LdapManager classes in the source. Thanks