lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2023-09-22T14:13:29Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549[security:low, CVE-2021-35473] OAuth2 handler does not verify access token va...2023-09-22T14:13:29ZMaxime Besson[security:low, CVE-2021-35473] OAuth2 handler does not verify access token validity### Concerned version
Version: %2.0.4 to %2.0.11
### Summary
* Configure an OIDC client
* Configure a OAuth2 handler
* Set access token lifetime to 10 seconds
* Use Access Token from OIDC client to access the OAuth2 handler => works
...### Concerned version
Version: %2.0.4 to %2.0.11
### Summary
* Configure an OIDC client
* Configure a OAuth2 handler
* Set access token lifetime to 10 seconds
* Use Access Token from OIDC client to access the OAuth2 handler => works
* Wait 30 seconds
* Use Access Token from OIDC client to access the OAuth2 handler => *WORKS*
* /userinfo or /introspection correctly show that the token is expired
### Logs
```
[debug] Found OAuth2 access token 597d0faa693e96f08823e73164c87366b586104f575dcc648cf7b90a88b8988e
[debug] Get OIDC session 597d0faa693e96f08823e73164c87366b586104f575dcc648cf7b90a88b8988e
# missing validation here
[debug] Get user session id 59941a30e71df1c86fb05e14eec697264ca38311b18c082731230af6f23f8787
```2.0.12Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2477[security:low] Wildcard in virtualhost allows being redirected to untrusted d...2023-09-22T14:13:29ZAndreas Deschka[security:low] Wildcard in virtualhost allows being redirected to untrusted domainsOne of our users has reported to us the following security problem, which could be used for phishing.
In Lemonldap 2.0.10 when you create a virtual host with a wildcard, for example `*.subdomain.local.test`, an attacker can forward user...One of our users has reported to us the following security problem, which could be used for phishing.
In Lemonldap 2.0.10 when you create a virtual host with a wildcard, for example `*.subdomain.local.test`, an attacker can forward users to every domain by using specially designed urls.
Target url: `https://google.com#abc.subdomain.local.test/` (The slash at the end is important.)
Base64 encoded: `aHR0cHM6Ly9nb29nbGUuY29tI2FiYy5zdWJkb21haW4ubG9jYWwudGVzdC8=`
Url which the user clicks on (looks like it is safe to use): `https://myportal.local.test/url=aHR0cHM6Ly9nb29nbGUuY29tI2FiYy5zdWJkb21haW4ubG9jYWwudGVzdC8=`
User will now get redirected to `https://google.com#abc.subdomain.local.test`
I checked if cda is also affected, but from what I saw, it seems to be not. (We anyway do not have it activated.) The following line always rejects correctly:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/v2.0/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm#L29
I have no problems, with publishing this issue, when you do not have anything against it.
I used chrome version 88.0.4324.192 for testing.2.0.12YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2495[security:medium] XSS on register form2023-09-22T14:13:29ZClément OUDOT[security:medium] XSS on register formIn register form, we do not check XSS attack before registering data into session:
```perl
# Use submitted value
$req->data->{registerInfo}->{mail} = $req->param('mail');
$req->data->{registerInfo}->{firstnam...In register form, we do not check XSS attack before registering data into session:
```perl
# Use submitted value
$req->data->{registerInfo}->{mail} = $req->param('mail');
$req->data->{registerInfo}->{firstname} = $req->param('firstname');
$req->data->{registerInfo}->{lastname} = $req->param('lastname');
$req->data->{registerInfo}->{ipAddr} = $req->address;
```
This allow to inject HTML code in form that will be displayed in mail for the end user, and can lead to malicious information (redirection on a hacker's site).
We should check for XSS before registering data, for example:
```perl
# Check input
if ( $self->p->checkXSSAttack('mail', $req->param('mail') ) or $self->p->checkXSSAttack('firstname', $req->param('firstname') ) or $self->p->checkXSSAttack('lastname', $req->param('lastname') ) ) {
$self->logger->error("XSS on Register form");
return PE_MALFORMEDUSER;
}
# Use submitted value
$req->data->{registerInfo}->{mail} = $req->param('mail');
$req->data->{registerInfo}->{firstname} = $req->param('firstname');
$req->data->{registerInfo}->{lastname} = $req->param('lastname');
$req->data->{registerInfo}->{ipAddr} = $req->address;
```
A review on all public form should be done to check we have on other issues.2.0.12Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2946userControl regexp is not applied by authSlave2023-09-22T13:59:59ZChristophe Maudouxchrmdx@gmail.comuserControl regexp is not applied by authSlave### Affected version
Version: All
Platform: All
Slave authentication module can submit an unvalid login### Affected version
Version: All
Platform: All
Slave authentication module can submit an unvalid login2.17.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3010oidcServiceAllowOnlyDeclaredScopes option drop offline_access scope2023-09-20T09:26:16ZYaddoidcServiceAllowOnlyDeclaredScopes option drop offline_access scope2.17.1https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2711Cannot override configuration in lemonldap-ng.ini when value is "0"2023-09-20T09:03:18ZMaxime BessonCannot override configuration in lemonldap-ng.ini when value is "0"### Concerned version
Version: 2.0.14
### Summary
* In config, set `portalDisplayRegister=1`
* In lemonldap-ng.ini, set `portalDisplayRegister=0`
* Expected: Register button is not displayed
* Actual: Register button is displayed
##...### Concerned version
Version: 2.0.14
### Summary
* In config, set `portalDisplayRegister=1`
* In lemonldap-ng.ini, set `portalDisplayRegister=0`
* Expected: Register button is not displayed
* Actual: Register button is displayed
### Logs
In portal `reloadConf`:
* `$conf` is configuration from backend
```
%{ $self->{conf} } = %{ $self->localConfig };
...
# Load conf in portal object
foreach my $key ( keys %$conf ) {
$self->{conf}->{$key} ||= $conf->{$key};
}
```
### Possible fixes
* `||=` should probably be `//=`
* Side effects ?
* Perhaps localConf should be loaded info `$self->{conf}` after `$conf` ?
* Does this happen elsewhere?2.17.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2996Invalid URL for application logo in myapplications web service2023-09-15T13:46:19ZClément OUDOTInvalid URL for application logo in myapplications web serviceThe logo URL returned by /myapplications is malformed: `http:/auth.example.com//static/common/apps/demo.png`. There is a missing `/` after `http:`.
The bug was introduced in commit 6fde3a06502c0fb13375830e5e9b0ebb21c6692b
The associate...The logo URL returned by /myapplications is malformed: `http:/auth.example.com//static/common/apps/demo.png`. There is a missing `/` after `http:`.
The bug was introduced in commit 6fde3a06502c0fb13375830e5e9b0ebb21c6692b
The associated unit test is wrong, as it test the malformed value:
```
ok(
$res->{myapplications}->[0]->{Applications}->[0]->{'Application Test 1'}
->{AppLogo} eq 'http:/auth.example.com//static/common/apps/demo.png',
' Logo app1 found'
);
```
Commenting the last regexp on basePath is enough to fix the problem:
```
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
index f5b760e1c..cb8b88155 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
@@ -788,7 +788,7 @@ sub myApplications {
my $basePath = $self->conf->{portal};
$basePath =~ s#/*$#/#;
$basePath .= $self->p->{staticPrefix} . '/common/apps/';
- $basePath =~ s#//+#/#;
+ #$basePath =~ s#//+#/#;
my @appslist = map {
my @apps = map {
{
```
A better solution might be found.2.17.1Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2491Use environment variables placeholder in lemonldap json configuration2023-09-13T16:01:41Zandy tanUse environment variables placeholder in lemonldap json configuration### Summary
I would like to be able to use ENV vars placeholder inside lemonldap json configuration.
### Design proposition
Ex:
```
1 / "managerPassword" : "$ENV{LDAP_MANAGER_PASSWORD}",
```
```
2 / "oidcRPMetaDataOptions" : {
...### Summary
I would like to be able to use ENV vars placeholder inside lemonldap json configuration.
### Design proposition
Ex:
```
1 / "managerPassword" : "$ENV{LDAP_MANAGER_PASSWORD}",
```
```
2 / "oidcRPMetaDataOptions" : {
"example" : {
"oidcRPMetaDataOptionsClientSecret" : "$ENV{OIDC_EXAMPLE_CLIENT_SECRET_PASSWORD}",
"oidcRPMetaDataOptionsClientID" : "example",
"oidcRPMetaDataOptionsPublic" : 1,
"oidcRPMetaDataOptionsRefreshToken" : 1,
"oidcRPMetaDataOptionsRequirePKCE" : 0
},
```
```
3 / "persistentStorageOptions" : {
"collection" : "persistent_sessions",
"connect_timeout" : "10000",
"db_name" : "db_example",
"host" : "mongodb://localhost:27017/?replicaSet=rs0&authSource=admin",
"password" : "$ENV{MONGO_PERSISTENT_STORAGE_PASSWORD}",
"ssl" : "0",
"username" : "james"
},
```2.0.15YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2992WAYF not triggered when using SAML federation plugin + one other provider2023-09-08T13:24:45ZMaxime BessonWAYF not triggered when using SAML federation plugin + one other provider### Affected version
Version: 2.16.2
### Summary
* Set Auth=SAML
* Configure samlFederationFiles
* Configure samlDiscoveryProtocolURL/samlDiscoveryProtocolActivation
* Add one IDP (samltest.id)
* Browse to portal
* You get redirected...### Affected version
Version: 2.16.2
### Summary
* Set Auth=SAML
* Configure samlFederationFiles
* Configure samlDiscoveryProtocolURL/samlDiscoveryProtocolActivation
* Add one IDP (samltest.id)
* Browse to portal
* You get redirected to the non-federated IDP instead of the federation
### Possible fixes
getIDP assumes that having one entityID in idpList means we need to use it. But WAYF may lazy load another IDP.
We should disable this heuristic when samlFederationFiles is set
Is there a better way?2.17.1Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3002managerPassword is incorrectly decoded when using Conf::LDAP2023-09-08T02:07:47ZMaxime BessonmanagerPassword is incorrectly decoded when using Conf::LDAP### Affected version
Version: 2.17.0
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure LDAP as a conf backend and an auth backend
* set managerPassword=é
Password is incorrectly encoded when sent to LDAP server
related to #2...### Affected version
Version: 2.17.0
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure LDAP as a conf backend and an auth backend
* set managerPassword=é
Password is incorrectly encoded when sent to LDAP server
related to #2748
```Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2912Non reproducible error when redirect to another url (SAML,..)2023-08-30T15:10:53ZWalter BenderNon reproducible error when redirect to another url (SAML,..)### Concerned version
Version: %2.16.1-1 (Ubuntu)
Platform: Various
### Summary
We updated from 2.0.13 to 2.16.1 and got an non-reproducible-error when redirecting to another url (as used for SAML authentification). Some perl process...### Concerned version
Version: %2.16.1-1 (Ubuntu)
Platform: Various
### Summary
We updated from 2.0.13 to 2.16.1 and got an non-reproducible-error when redirecting to another url (as used for SAML authentification). Some perl processes worked without problems. With higher load, we get more and more processes with "Bad URL" errors. After a restart of the service the error vanished first, but than grows up to about 50% redirection with an error message. We are not sure, what caused the error and if it's a security issue. Downgrading back to 2.0.13 solved the issue.
Hint: The same problem happenend in version 2.0.16
### Logs
```
Apr 6 18:34:05 XHOSTX LLNG[44612]: [debug] Required Params URL: URI::https=SCALAR(0x563e0fd10f40)
Apr 6 18:34:05 XHOSTX LLNG[44612]: [debug] Set CSP form-action with Params URL: URI::https=SCALAR(0x563e0fd10f40)
Apr 6 18:34:14 XHOSTX LLNG[44591]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fdd1838)
Apr 6 18:34:26 XHOSTX LLNG[44593]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fdedbb8)
Apr 6 18:36:22 XHOSTX LLNG[44589]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0e9a2e38)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Required urldc: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Set CSP form-action with urldc: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Required Params URL: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Set CSP form-action with Params URL: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:38:26 XHOSTX LLNG[44603]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fd74fd0)
Apr 6 18:39:47 XHOSTX LLNG[44589]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0e8df388)
Apr 6 18:41:17 XHOSTX LLNG[44596]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fd9eb08)
Apr 6 18:44:16 XHOSTX LLNG[44611]: [debug] [error] Bad URL URI::https=SCALAR(0x55c915768d50)
```
### Backends used
We use redis as backend
### Possible fixes
Downgrade to former version2.17.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2952Unable to change password if LDAP returns PE_PP_CHANGE_AFTER_RESET and captch...2023-08-29T16:58:03ZChristophe Maudouxchrmdx@gmail.comUnable to change password if LDAP returns PE_PP_CHANGE_AFTER_RESET and captcha is enabled### Affected version
Version: All
Platform: All
### Summary
Enable captcha and LDAP password policy with pwdReset attribute.
Reset a userPassword -> pwdReset is set to TRUE
Login -> PE_25 thrown by LDAP server
Captcha input is not...### Affected version
Version: All
Platform: All
### Summary
Enable captcha and LDAP password policy with pwdReset attribute.
Reset a userPassword -> pwdReset is set to TRUE
Login -> PE_25 thrown by LDAP server
Captcha input is not displayed => unable to change password
![Capture_d_écran_du_2023-07-03_22-39-17](/uploads/4c84ef3dc56a7b6488db5762040a60e3/Capture_d_écran_du_2023-07-03_22-39-17.png)
Captcha is not displayed!
![Capture_d_écran_du_2023-07-03_22-40-19](/uploads/4134988b8c6788a354bc322e592ffcea/Capture_d_écran_du_2023-07-03_22-40-19.png)
![Capture_d_écran_du_2023-07-03_22-40-46](/uploads/775f7471da8f8a9a40f17ae66f8fe0a2/Capture_d_écran_du_2023-07-03_22-40-46.png)
### Logs
```
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Get configuration from cache without verification.
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:37:44 vm5704 LLNG[1252]: [info] No cookie found
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Start routing default route
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing checkUnauthLogout
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing controlUrl
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Cancel called, push authCancel calls
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing extractFormInfo
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Return TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca created
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Returned error: 9 (PE_FIRSTACCESS)
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Display type standardform
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Skin returned: login
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Calling sendHtml with template login
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Apply following CORS policy:
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Origin
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Credentials
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] true
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Headers
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Methods
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] POST,GET
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Expose-Headers
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Max-Age
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] 86400
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:37:55 vm5704 LLNG[1252]: [info] No cookie found
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Start routing default route
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing checkUnauthLogout
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing restoreArgs
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing controlUrl
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Cancel called, push authCancel calls
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing extractFormInfo
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Trying to load token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Try to get TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Get session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca from Portal::Main::Run
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Return TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Good captcha response
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Captcha code verified
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing getUser
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing authenticate
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Call bind for uid=173668,ou=personnes,dc=police,dc=interieur,dc=gouv,dc=fr
Jul 3 22:37:56 vm5704 LLNG[1252]: [error] Error when binding to LDAP server: Invalid credentials
Jul 3 22:37:56 vm5704 LLNG[1252]: [warn] Bad password for 173668 (10.100.160.1)
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] [warn] Bad password for 173668 (10.100.160.1)
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Return TOKEN session ef7091e69d87f73c364ea5d7e69346a73dfb0a572ef12c9f7c9c9575497caef8
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Token ef7091e69d87f73c364ea5d7e69346a73dfb0a572ef12c9f7c9c9575497caef8 created
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] -> authResult = 5
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing setSessionInfo
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing setMacros
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing setPersistentSessionInfo
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Persistent session found for 173668
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Restore persistent parameter _loginHistory
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Restore persistent parameter _updateTime
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Launching ::Plugins::BruteForceProtection::run afterSub setPersistentSessionInfo
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] -> Failed login maxAge = 2205
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Number of failed login(s) to take into account = 4
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] -> Delta = 65
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] -> Waiting time = 30
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing storeHistory
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Current login saved into failedLogin
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Current login -> 5
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Found 'whatToTrace' -> 173668
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Update 173668 persistent session
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Returned error: 5 (PE_BADCREDENTIALS)
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Returned error: 5 (PE_BADCREDENTIALS)
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Display type standardform
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Skin returned: login
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Calling sendHtml with template login
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Apply following CORS policy:
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Origin
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Credentials
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] true
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Headers
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Methods
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] POST,GET
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Expose-Headers
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Max-Age
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] 86400
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Get configuration from cache without verification.
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:38:49 vm5704 LLNG[1252]: [info] No cookie found
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Start routing default route
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing checkUnauthLogout
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing restoreArgs
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing controlUrl
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Cancel called, push authCancel calls
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing extractFormInfo
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Trying to load token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Try to get TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:49 vm5704 LLNG[1252]: [notice] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/DBI.pm line 93.
Jul 3 22:38:49 vm5704 LLNG[1252]: [notice] Bad (or expired) token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:49 vm5704 LLNG[1252]: [warn] Captcha token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca isn't valid
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Return TOKEN session 09f322507d878a152dd54468ec3f5208d5b97b7e56441a508b682735ab49e2aa
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Token 09f322507d878a152dd54468ec3f5208d5b97b7e56441a508b682735ab49e2aa created
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:50 vm5704 LLNG[1252]: [warn] Captcha failed
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] [warn] Captcha failed
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Returned error: 76 (PE_CAPTCHAERROR)
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Display type standardform
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Skin returned: login
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Calling sendHtml with template login
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Apply following CORS policy:
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Origin
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] *
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Credentials
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] true
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Headers
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] *
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Methods
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] POST,GET
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Expose-Headers
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] *
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Max-Age
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] 86400
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Get configuration from cache without verification.
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:38:53 vm5704 LLNG[41826]: [info] No cookie found
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Start routing default route
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing checkUnauthLogout
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing restoreArgs
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing controlUrl
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing code ref
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Cancel called, push authCancel calls
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing code ref
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing extractFormInfo
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Trying to load token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Try to get TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:53 vm5704 LLNG[41826]: [notice] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/DBI.pm line 93.
Jul 3 22:38:53 vm5704 LLNG[41826]: [notice] Bad (or expired) token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:53 vm5704 LLNG[41826]: [warn] Captcha token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca isn't valid
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Try to get a new TOKEN session
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Check session validity -> 900s
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Return TOKEN session fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Token fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596 created
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Prepare captcha
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:53 vm5704 LLNG[41826]: [warn] Captcha failed
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] [warn] Captcha failed
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Returned error: 76 (PE_CAPTCHAERROR)
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Display type standardform
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Skin returned: login
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Calling sendHtml with template login
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Apply following CORS policy:
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Origin
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] *
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Credentials
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] true
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Headers
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] *
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Methods
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] POST,GET
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Expose-Headers
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] *
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Max-Age
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] 86400
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:39:31 vm5704 LLNG[1252]: [info] No cookie found
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Start routing default route
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing checkUnauthLogout
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing restoreArgs
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing controlUrl
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Cancel called, push authCancel calls
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing extractFormInfo
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Trying to load token fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Try to get TOKEN session fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Get session fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596 from Portal::Main::Run
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Return TOKEN session fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Good captcha response
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Captcha code verified
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing getUser
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing authenticate
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Call bind for uid=173668,ou=personnes,dc=police,dc=interieur,dc=gouv,dc=fr
Jul 3 22:39:31 vm5704 LLNG[1252]: [error] Password policy error 2 for 173668
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] [error] Password policy error 2 for 173668
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Return TOKEN session 9c99d95aa4b3f790ba4d5526cbfec751cf4f858d83530ecf68335a0fcd2c17a0
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Token 9c99d95aa4b3f790ba4d5526cbfec751cf4f858d83530ecf68335a0fcd2c17a0 created
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Return TOKEN session d5acf9ad3db0e334fd4328968aad025f31052a24a280e644bee52487386ebf89
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Token d5acf9ad3db0e334fd4328968aad025f31052a24a280e644bee52487386ebf89 created
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] -> authResult = 25
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing setSessionInfo
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing setMacros
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing setPersistentSessionInfo
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Persistent session found for 173668
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Restore persistent parameter _updateTime
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Restore persistent parameter _loginHistory
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Launching ::Plugins::BruteForceProtection::run afterSub setPersistentSessionInfo
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] -> Failed login maxAge = 2205
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Number of failed login(s) to take into account = 5
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] -> Delta = 95
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] -> Waiting time = 60
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing storeHistory
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Current login saved into failedLogin
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Current login -> 25
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Found 'whatToTrace' -> 173668
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Update 173668 persistent session
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Returned error: 5 (PE_BADCREDENTIALS)
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Returned error: 25 (PE_PP_CHANGE_AFTER_RESET)
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin returned: login
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Calling sendHtml with template login
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Apply following CORS policy:
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Origin
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] *
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Credentials
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] true
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Headers
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] *
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Methods
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] POST,GET
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Expose-Headers
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] *
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Max-Age
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] 86400
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:40:01 vm5704 CRON[42207]: (root) CMD (/opt/rudder/bin/rudder agent check -q >> /var/log/rudder/agent-check/check.log 2>&1)
Jul 3 22:40:01 vm5704 CRON[42215]: (root) CMD (if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi)
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Get configuration from cache without verification.
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:40:22 vm5704 LLNG[41826]: [info] No cookie found
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Start routing default route
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing checkUnauthLogout
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing restoreArgs
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing controlUrl
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing code ref
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Cancel called, push authCancel calls
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing code ref
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing extractFormInfo
Jul 3 22:40:22 vm5704 LLNG[41826]: [warn] No response provided for Captcha::SecurityImage
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Try to get a new TOKEN session
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Check session validity -> 900s
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Return TOKEN session b5322520b9b8673206f3e24ffcb942848841aed2fef400cc5d38e7b1dc4c2775
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Token b5322520b9b8673206f3e24ffcb942848841aed2fef400cc5d38e7b1dc4c2775 created
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Prepare captcha
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:40:22 vm5704 LLNG[41826]: [warn] Captcha failed
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] [warn] Captcha failed
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Returned error: 76 (PE_CAPTCHAERROR)
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Display type standardform
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Skin returned: login
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Calling sendHtml with template login
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Apply following CORS policy:
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Origin
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] *
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Credentials
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] true
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Headers
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] *
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Methods
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] POST,GET
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Expose-Headers
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] *
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Max-Age
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] 86400
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
```2.17.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2984Test fails with Perl 5.382023-08-28T16:00:34ZYaddTest fails with Perl 5.38From https://bugs.debian.org/1043239 :
> Source: lemonldap-ng
> Version: 2.16.1+ds-2
> Severity: important
> Tags: ftbfs trixie sid
> User: debian-perl@lists.debian.org
> Usertags: perl-5.38-transition
>
> This package fails to build f...From https://bugs.debian.org/1043239 :
> Source: lemonldap-ng
> Version: 2.16.1+ds-2
> Severity: important
> Tags: ftbfs trixie sid
> User: debian-perl@lists.debian.org
> Usertags: perl-5.38-transition
>
> This package fails to build from source with Perl 5.38 (currently in experimental.)
>
> http://perl.debian.net/rebuild-logs/perl-5.38-throwaway/lemonldap-ng_2.16.1+ds-2/lemonldap-ng_2.16.1+ds-2_amd64-2023-08-04T06:12:12Z.build
# Failed test 'Found correct error message'
# at t/12-Lemonldap-NG-Handler-Jail.t line 114.
# 'syntax error at (eval 52) line 1, at EOF
# Execution of (eval 52) aborted due to compilation errors.
# '
# doesn't match '(?^:Missing right curly or square bracket)'
# Looks like you failed 1 test of 22.
# Failed test 'Found correct error message'
# at t/13-Lemonldap-NG-Handler-Fake-Safe.t line 107.
# 'syntax error at (eval 47) line 1, at EOF
# Execution of (eval 47) aborted due to compilation errors.
# '
# doesn't match '(?^:Missing right curly or square bracket)'
# Looks like you failed 1 test of 16.
Test Summary Report
-------------------
t/12-Lemonldap-NG-Handler-Jail.t (Wstat: 256 (exited 1) Tests: 22 Failed: 1)
Failed test: 22
Non-zero exit status: 1
t/13-Lemonldap-NG-Handler-Fake-Safe.t (Wstat: 256 (exited 1) Tests: 16 Failed: 1)
Failed test: 16
Non-zero exit status: 1
Files=25, Tests=405, 7 wallclock secs ( 0.08 usr 0.03 sys + 4.03 cusr 0.70 csys = 4.84 CPU)
Result: FAIL
> This looks like just an issue of changed diagnostics, but please don't hesitate to file a bug against perl in case it turns out to have runtime effects that warrant a Breaks entry.2.17.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2929Set more than one class on LDAP group filter2023-08-18T16:24:32ZSoisik FrogerSet more than one class on LDAP group filter
We use two types of groups in our LDAP: groupOfNames, groupOfURLs. To be able to fetch them all, we have to set the class "top" in LDAP Parameters > Groups > Object Class, as this field is single-valued.
Making this field multi-valued...
We use two types of groups in our LDAP: groupOfNames, groupOfURLs. To be able to fetch them all, we have to set the class "top" in LDAP Parameters > Groups > Object Class, as this field is single-valued.
Making this field multi-valued would allow us to get different types of groups (static and dynamic) in a cleaner way than using the class "top".
Tks2.17.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2922Remove | as separator for Choice configuration values2023-08-18T16:23:59ZClément OUDOTRemove | as separator for Choice configuration valuesFor now we accept both `;` and `|` as separator for choices configuration values, but this leads to a bug when using `|` in a value, for example when overriding an LDAP fitler.
We need to check that `|` separator is not needed anymore, ...For now we accept both `;` and `|` as separator for choices configuration values, but this leads to a bug when using `|` in a value, for example when overriding an LDAP fitler.
We need to check that `|` separator is not needed anymore, and remove it from the code that splits the choice value.2.17.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2987Cannot use single quote in passwordPolicySpecialChar2023-08-18T14:58:23ZMaxime BessonCannot use single quote in passwordPolicySpecialChar### Affected version
Version: 2.16.2
### Summary
* Try to add a `'` in passwordPolicySpecialChar
* Display the password change interface
* JS error
### Logs
```
Parsing error SyntaxError: Bad escaped character in JSON at position 59...### Affected version
Version: 2.16.2
### Summary
* Try to add a `'` in passwordPolicySpecialChar
* Display the password change interface
* JS error
### Logs
```
Parsing error SyntaxError: Bad escaped character in JSON at position 5979
at JSON.parse (<anonymous>)
at HTMLScriptElement.<anonymous> (portal.js:105:20)
at Function.each (jquery.min.js:2:2976)
at S.fn.init.each (jquery.min.js:2:1454)
at n (portal.js:102:42)
at portal.js:277:13
at dispatch (jquery.min.js:2:43090)
at v.handle (jquery.min.js:2:41074)
```
### Possible fixes
`ESCAPE='js'` from HTML::Template does not correctly escape JSON strings. We need to do it before setting the template parameter2.17.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2986Delete sessions of a user through Rest API2023-08-18T09:01:59ZKanthanathan SDelete sessions of a user through Rest API
We need to understand if there is a way to terminate all the sessions of a given user through Rest API/SOAP API.
We have an ldap at the backend and we have a self service portal that allows users to change their passwords. As part of...
We need to understand if there is a way to terminate all the sessions of a given user through Rest API/SOAP API.
We have an ldap at the backend and we have a self service portal that allows users to change their passwords. As part of our compliance, once the password is changed/reset all users sessions needs to be invalidated. WE are trying to achieve this with API integration.
Please advice.https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2981perl-lasso package2023-08-17T00:26:27ZShane Treweekperl-lasso packagejust wondering I have installed lemonldap-ng on Nethserver(centos 7) running on Raspberry Pi I only need the perl-lasso package which I had access to one in the past that was compiled for arm32 but I know longer have access to the repo f...just wondering I have installed lemonldap-ng on Nethserver(centos 7) running on Raspberry Pi I only need the perl-lasso package which I had access to one in the past that was compiled for arm32 but I know longer have access to the repo for it could you suggest anything (basically I just had to reinstall everything and my backup hdd was corrupted) if I had access to the .src.rpm I could compile itFAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2913Lemonldap-NG-Handler: 2 test failures against Perl 5 blead (development version)2023-08-08T08:41:35ZJames KeenanLemonldap-NG-Handler: 2 test failures against Perl 5 blead (development version)A change in the development branch of the Perl 5 core distribution has triggered failures in the test suite of Lemonldap-NG-Handler. As this development branch is likely to be released as perl-5.38.0 in our annual production release on ...A change in the development branch of the Perl 5 core distribution has triggered failures in the test suite of Lemonldap-NG-Handler. As this development branch is likely to be released as perl-5.38.0 in our annual production release on or after May 20 2023, your attention to this problem is requested.
Sample CPAN testers report:
http://www.cpantesters.org/cpan/report/2cd8dd76-d6f9-11ed-8cf5-4eaba9ff8ba7
Overview of test failure reports:
http://fast-matrix.cpantesters.org/?dist=Lemonldap-NG-Handler
Extract of test failures:
```
Running make test for COUDOT/Lemonldap-NG-Handler-2.0.16.tar.gz
PERL_DL_NONLAZY=1 "/usr/home/jkeenan/testing/blead/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/01-Lemonldap-NG-Handler-Main.t ........................... ok
[Sun Apr 9 17:08:33 2023] [LLNG:44931] [error] Bad logLevel value '', switching to 'info'
t/05-Lemonldap-NG-Handler-Reload.t ......................... ok
# Failed test 'Found correct error message'
# at t/12-Lemonldap-NG-Handler-Jail.t line 111.
# 'syntax error at (eval 52) line 1, at EOF
# Execution of (eval 52) aborted due to compilation errors.
# '
# doesn't match '(?^:Missing right curly or square bracket)'
# Looks like you failed 1 test of 22.
t/12-Lemonldap-NG-Handler-Jail.t ...........................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/22 subtests
# Failed test 'Found correct error message'
# at t/13-Lemonldap-NG-Handler-Fake-Safe.t line 104.
# 'syntax error at (eval 47) line 1, at EOF
# Execution of (eval 47) aborted due to compilation errors.
# '
# doesn't match '(?^:Missing right curly or square bracket)'
# Looks like you failed 1 test of 16.
t/13-Lemonldap-NG-Handler-Fake-Safe.t ......................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/16 subtests
t/14-Lemonldap-NG-Handler-Rule-Building.t .................. ok
...
t/99-pod.t ................................................. ok
Test Summary Report
-------------------
t/12-Lemonldap-NG-Handler-Jail.t (Wstat: 256 (exited 1) Tests: 22 Failed: 1)
Failed test: 22
Non-zero exit status: 1
t/13-Lemonldap-NG-Handler-Fake-Safe.t (Wstat: 256 (exited 1) Tests: 16 Failed: 1)
Failed test: 16
Non-zero exit status: 1
Files=25, Tests=571, 6 wallclock secs ( 0.09 usr 0.03 sys + 4.63 cusr 1.64 csys = 6.39 CPU)
Result: FAIL
Failed 2/25 test programs. 2/571 subtests failed.
*** Error code 255
```
This problem was originally reported on Dec 31 2022 here: https://github.com/Perl/perl5/issues/20346#issuecomment-1368210714
The change in Perl 5 blead is discussed at the top of GH 20346. My own, non-authoritative reading of that ticket suggests that, for perl-5.37.4 and later versions, you will have to modify the two test files to expect a different error message to be thrown. (Nonetheless, I applaud you for testing for error messages!)
Thank you very much.2.16.2Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2985Ugrade to 2.172023-08-08T08:30:51ZArnaud PeifferUgrade to 2.17Good morning,
Currently in v2.16.2. I need for some applications published only as a link on my auth page to put an insubnet rule but I see that this feature is only available from v2.17.
Do you have a release date or is there a particul...Good morning,
Currently in v2.16.2. I need for some applications published only as a link on my auth page to put an insubnet rule but I see that this feature is only available from v2.17.
Do you have a release date or is there a particular method to patch my version? through the traditional channel I remain up to date in v2.16...