Open Closed

LDAP login and mapping user roles #1215


User avatar
0
mpvismer created

Hi,

We are trying to setup LDAP authentication for our app and have based it mostly on the information here: https://support.abp.io/QA/Questions/715/LDAP-Setup-documentation

We have replaced the LdapExternalLoginProvider and overriden the NormalizeUserName() function to set the username as required. In our case this is actually of the format as follows: user@my.domain.com

We now seem to get past the initial authentication, but then run into an error when ABP tries to do additional directory look ups - we think when doing the mapping to user roles. Do you have any advice about how to overcome this?

Our goal is to be able to map user roles to certain user groups in LDAP - would it be possible to point to some documentation about how this all works within ABP so we can understand how to set it up. Does anyone perhaps have a suggestion or sample configuration?

  • ABP Framework version: v4.2.2
  • UI type: Blazor WebAssembly
  • DB provider: EF Core
  • Exception message and stack trace:
20:19:00,182  INFO  Microsoft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint '/Account/Login'
20:19:00,190  ERROR Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware - An unhandled exception has occurred while executing the request.
LdapForNet.LdapOperationsErrorException: Operations error. 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839. R
esult: 1. Method: ldap_parse_result. Details: ErrorMessage: 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
   at LdapForNet.Native.LdapNative.ThrowIfError(SafeHandle ld, Int32 res, String method, IDictionary`2 details)
   at LdapForNet.LdapConnection.ThrowIfResponseError(DirectoryResponse response)
   at LdapForNet.LdapConnection.SendRequestAsync(DirectoryRequest directoryRequest, CancellationToken token)
   at LdapForNet.LdapConnection.SearchAsync(String base, String filter, String[] attributes, LdapSearchScope scope, CancellationToken token)
   at Volo.Abp.Account.Public.Web.Ldap.OpenLdapManager.GetUserEmailAsync(String userName)
   at Volo.Abp.Account.Public.Web.Ldap.LdapExternalLoginProvider.GetUserInfoAsync(String userName)
   at Volo.Abp.Identity.ExternalLoginProviderBase.CreateUserAsync(String userName, String providerName)
   at Volo.Abp.Identity.AspNetCore.AbpSignInManager.PasswordSignInAsync(String userName, String password, Boolean isPersistent, Boolean lockoutOnFailure)
   at Volo.Abp.Account.Web.Pages.Account.IdentityServerSupportedLoginModel.OnPostAsync(String action)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|24_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|19_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)
   at IdentityServer4.Hosting.MutualTlsEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
   at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Builder.ApplicationBuilderAbpJwtTokenMiddlewareExtension.<>c__DisplayClass0_0.<<UseJwtTokenMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Builder.Extensions.MapWhenMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
20:19:00,194  INFO  Microsoft.AspNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful.
20:19:00,195  INFO  Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware - No CORS policy found for the specified request.
  • Steps to reproduce the issue:
  • Login from user login screen with the LDAP user credentials.
  • The UI reports 500 Internal Server Error :(

At first glance, the log looks like it is due to invalid credentials, however this not due to the login screen user name and password beign incorrect. If we enter invalid credentials at the login screen, the UI reports "Invalid username or password" as expected.

Thanks for any help!


2 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    We have a document and test sample of LDAP, Can you check?

    https://docs.abp.io/en/commercial/4.3/modules/account/ldap https://github.com/abpframework/abp-samples/blob/master/AbpLdapSample/AbpLdapSample/Program.cs

  • User Avatar
    0
    mpvismer created

    Thanks, this helped, but in the end, in the end the answer came from reimplementing the ExternalLoginProviderBase and LdapManager classes in the source. Thanks

Made with ❤️ on ABP v9.1.0-preview. Updated on November 18, 2024, 05:54