Hi all.
I have a problem when user doesn't type correctly his/her password. If this user is the same that is configured in config.yml, it works fine: it throws a BadCredentialsException exception, and the error message is "The presented password is invalid". However, when another different user try to login and type a wrong password, the error message is: "Warning: ldap_search(): Search: Operations error in /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Driver/LdapConnection.php line 27". When both type the correct password, the login works fine.
I'm using FR3DLdap with FOSUser, and I don't know if this is a bug, or I don't have it configured properly.
******************************PROVIDER ES FR3D\LdapBundle\Security\Authentication\LdapAuthenticationProvider
**********************************VA A HACER AUTHENTICATE
************************AUTHENTICATIONEXCEPTION exception 'Symfony\Component\Security\Core\Exception\BadCredentialsException' with message 'The presented password is invalid.' in /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Security/Authentication/LdapAuthenticationProvider.php:97
Stack trace:
#0 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php(74): FR3D\LdapBundle\Security\Authentication\LdapAuthenticationProvider->checkAuthentication(Object(\Bundle\Bridge\UserBundle\Document\UsuarioMongo), Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#1 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php(64): Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#2 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php(79): Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#3 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php(139): Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener->attemptAuthentication(Object(Symfony\Component\HttpFoundation\Request))
#4 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall.php(64): Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->handle(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#5 [internal function]: Symfony\Component\Security\Http\Firewall->onKernelRequest(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#6 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Debug/TraceableEventDispatcher.php(82): call_user_func(Array, Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#7 /.../vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php(49): Symfony\Bundle\FrameworkBundle\Debug\TraceableEventDispatcher->doDispatch(Array, 'kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#8 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/ContainerAwareEventDispatcher.php(145): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#9 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(98): Symfony\Bundle\FrameworkBundle\ContainerAwareEventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#10 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(71): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
#11 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/HttpKernel.php(47): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#12 /.../app/bootstrap.php.cache(554): Symfony\Bundle\FrameworkBundle\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#13 /.../web/app_dev.php(17): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
#14 {main}
************************LASTEXCEPCTION exception 'Symfony\Component\Security\Core\Exception\BadCredentialsException' with message 'The presented password is invalid.' in /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Security/Authentication/LdapAuthenticationProvider.php:97
Stack trace:
#0 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php(74): FR3D\LdapBundle\Security\Authentication\LdapAuthenticationProvider->checkAuthentication(Object(\Bundle\Bridge\UserBundle\Document\UsuarioMongo), Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#1 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php(64): Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#2 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php(79): Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#3 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php(139): Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener->attemptAuthentication(Object(Symfony\Component\HttpFoundation\Request))
#4 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall.php(64): Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->handle(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#5 [internal function]: Symfony\Component\Security\Http\Firewall->onKernelRequest(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#6 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Debug/TraceableEventDispatcher.php(82): call_user_func(Array, Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#7 /.../vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php(49): Symfony\Bundle\FrameworkBundle\Debug\TraceableEventDispatcher->doDispatch(Array, 'kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#8 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/ContainerAwareEventDispatcher.php(145): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#9 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(98): Symfony\Bundle\FrameworkBundle\ContainerAwareEventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#10 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(71): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
#11 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/HttpKernel.php(47): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#12 /.../app/bootstrap.php.cache(554): Symfony\Bundle\FrameworkBundle\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#13 /.../web/app_dev.php(17): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
#14 {main}
******************************PROVIDER ES Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider
**********************************VA A HACER AUTHENTICATE
************************AUTHENTICATIONEXCEPTION exception 'ErrorException' with message 'Warning: ldap_search(): Search: Operations error in /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Driver/LdapConnection.php line 27' in /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php:67
Stack trace:
#0 [internal function]: Symfony\Component\HttpKernel\Debug\ErrorHandler->handle(2, 'ldap_search(): ...', '/...', 27, Array)
#1 /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Driver/LdapConnection.php(27): ldap_search(Resource id #991, 'ou=XXX...', '(&(mailnickname...', Array)
#2 /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Ldap/LdapManager.php(44): FR3D\LdapBundle\Driver\LdapConnection->search('ou=XXX...', '(&(mailnickname...', Array)
#3 /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Ldap/LdapManager.php(35): FR3D\LdapBundle\Ldap\LdapManager->findUserBy(Array)
#4 /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Security/User/LdapUserProvider.php(31): FR3D\LdapBundle\Ldap\LdapManager->findUserByUsername('YYY')
#5 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/User/ChainUserProvider.php(41): FR3D\LdapBundle\Security\User\LdapUserProvider->loadUserByUsername('YYY')
#6 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php(83): Symfony\Component\Security\Core\User\ChainUserProvider->loadUserByUsername('YYY')
#7 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php(67): Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider->retrieveUser('YYY', Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#8 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php(64): Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#9 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php(79): Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#10 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php(139): Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener->attemptAuthentication(Object(Symfony\Component\HttpFoundation\Request))
#11 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall.php(64): Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->handle(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#12 [internal function]: Symfony\Component\Security\Http\Firewall->onKernelRequest(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#13 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Debug/TraceableEventDispatcher.php(82): call_user_func(Array, Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#14 /.../vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php(49): Symfony\Bundle\FrameworkBundle\Debug\TraceableEventDispatcher->doDispatch(Array, 'kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#15 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/ContainerAwareEventDispatcher.php(145): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#16 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(98): Symfony\Bundle\FrameworkBundle\ContainerAwareEventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#17 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(71): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
#18 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/HttpKernel.php(47): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#19 /.../app/bootstrap.php.cache(554): Symfony\Bundle\FrameworkBundle\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#20 /.../web/app_dev.php(17): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
#21 {main}
So, the problem is in the numbers 5 and 6 of the last trace: DAO is calling at loadUserByUsername, this method try to do a ldap_search, but since the last ldap_bind was wrong, this function fail.
I solve the problem modifying the checkAuthentication function in LdapAuthenticationProvider.php, binding one more time the user of the config.yml to prevent this problem, but I don't know if this is the correct solution.
fos_user:
db_driver: mongodb
firewall_name: main
user_class: XXX\Bundle\Bridge\UserBundle\Document\UsuarioMongo
from_email:
address: [email protected]
sender_name: Acme
encoder:
algorithm: sha512
encode_as_base64: false
iterations: 10
template:
engine: twig
fr3d_ldap:
client:
host: X.X.X.X
port: 3268
version: 3
username: ADMIN
password: ADMIN
optReferrals: 0 # Optional
user:
baseDn: XXX
filter:
attributes: # Specify ldap attributes mapping [ldap attribute, user object method]
- { ldap_attr: mailnickname, user_method: setUsername } # Default
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
chain_provider:
providers: [fr3d_ldapbundle, fos_userbundle]
fos_userbundle:
id: fos_user.user_manager
fr3d_ldapbundle:
id: fr3d_ldap.security.user.provider
firewalls:
main:
pattern: ^/
fr3d_ldap: ~
form_login:
provider: chain_provider
always_use_default_target_path: true
default_target_path: /profile
login_path: /login
check_path: /login_check
remember_me:
key: aSecretKey
lifetime: 360000
path: /
domain: ~ # Defaults to the current domain from $_SERVER
httponly: false
secure: false
always_remember_me: true
logout: true
anonymous: true
factories:
- "%kernel.root_dir%/../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Resources/config/security_factories.xml"
access_control:
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
Thanks in advance.