cli purgeCentralCache fails to remove LDAP sessions by force
Affected version
Version: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.0.15.1 Also when importing : https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/d8cab667ea5a26306773ecf8679a84ccf52425af/lemonldap-ng-portal/scripts/purgeCentralCache
Platform:
- Nginx
- Centos7.7
- Perl v5.16.3
-
perl -MApache::Session::Browseable::LDAP -le 'print $Apache::Session::Browseable::LDAP::VERSION'
: 1.3.6
Summary
When running purgeCentralCache -f
the script is not able to connect to LDAP Backend.
Logs
/usr/libexec/lemonldap-ng/bin/purgeCentralCache -df
Configuration loaded
Timeout value: 72000
Session backend Apache::Session::Browseable::LDAP will be used
SAML backend Apache::Session::Browseable::LDAP will be used
CAS backend Apache::Session::Browseable::LDAP will be used
OIDC backend Apache::Session::Browseable::LDAP will be used
Check session 1beb766caadf8aeda9a008045900790a625185cb365c39fb27ae694a3b38abe0
Check session 1e4d67acbfa52c4978e1d87f118ada004f8f779d43f10d92f42d18b782d05d16
Check session 24b2e0eb110039ce09bedf13246aeeb2ec60705b819be28fdebfe4a0a1f4d4c5
Check session 26965dd49839f64874d77a8e38665ff7d3bf6fde12d284d3f9065741a91e1cb7
Session 26965dd49839f64874d77a8e38665ff7d3bf6fde12d284d3f9065741a91e1cb7 expired
Check session 54c501ebf3d30d164a7b9f7062fb982b1151ae0fcafd768f11c27f607669a47c
Check session 63d9c6b4b5069881f84704ed841e300dcae5d3a71392ba2c5d8c0ed7bf9d528b
Check session 663ee0a201ba73d5712402d687f995c1ec0cc304fa1a9b5710f653b801a9ea03
Check session 771ce6058bdf6e3aa03a9bc37f424058f61134d9008adfb39937d3d7125ff1f5
Check session 7cebad9962945963139bdf010bd55cbcb79b53efa16df5cec42f6d7f978888ac
Check session 80dd4a5694f51909763598554622d401858a750c949666ed072a5fb08a73fb39
Check session 8d52fb2517bfc189399f7e2edb632cac449aecf4c3dd17850adef3218fddc58e
Check session 8faccaace09a25794b2299b8d63bf8165797df0a9d44caf82a2aa5ffb3c4ca9b
Check session 9e0c96a143172c7d299022d810846c96bf41c7a5fc3f9c6cb8cb3bf33e74b3fe
Check session a4c9ab4969f9250c888d9a48e82a991faa65d33718451632b3401fcb2aa943fe
Session a4c9ab4969f9250c888d9a48e82a991faa65d33718451632b3401fcb2aa943fe expired
Check session a8269ef2e34000563c83e9e81c15564ba33d9d5b22ad613acc4f5be0fef6904d
Check session aaa751cc1644050c44d1abac31bb7148ed7fe72f9650e7e60c051cf91cbfbd9f
Check session aafcdcab5bd307a7b76f49d9f69cddb56e468d0f4f0921724bf2c5bc04d377df
Check session b17d10b8db2cb656fe45af2cd14e63e00e6489055e1f5e6d337e16c644e93cff
Check session bf4a2091fc2b090cfac81b2f91a1d2f89b4091a841d9517f583d65c44f71978c
Check session c55975a81ebdf73beea6f0f1ea7ca59f7706ecb25317918d7e0816425df91fd8
Check session d2b428a5e0fd08dc8c879ae8ca1af207dfe8e56a6b7bf570a5aa524dcca13d7f
Check session d6cc691ccdad1fb57d238731dbd4cd7de844cfcca37b326f9b54a6bd30e8f461
Check session e4ca5d8c128fb19c66159cd34bf9a2cc1fa758e3a7f2a54bda59ad2f4edfbf75
Check session ecf16c770f1a1137f586361e05878c1e07880849c470fa5303343a4425ac7e5a
Check session ee4f0a511b2d16a9e849acdd68f5085f51453e2db842d7514df8759143ebc95f
Check session f18c4fc56d1c9d224b511f8fd38424692b109fd6e106ebf63c91996e95812cd1
Check session f2e34a10159e893aa0ce3737087ede10124c5bc4372650f71f84637baf671eaf
Check session f307db08e37987a3210eed237278f16dd4e45a777116161049576ffdf6929b3d
Session 26965dd49839f64874d77a8e38665ff7d3bf6fde12d284d3f9065741a91e1cb7 has been purged
Session a4c9ab4969f9250c888d9a48e82a991faa65d33718451632b3401fcb2aa943fe has been purged
Can't call method "bind" on an undefined value at /usr/libexec/lemonldap-ng/bin/purgeCentralCache line 294.
## << -f is blocked here
Backends used
- openldap-ltb-2.4.59-1.el7.x86_64
- Apache::Session::Browseable::LDAP 1.3.6
Possible fixes
On line 294, perl tries to bind an ldap object that is not correctly instantiated.
When checking line 293 I notice the ldapServer
variable, which in my case got the value ldap://ldap1.domain.com ldap://ldap2.domain.com
.
I have tried different values like ldap://ldap1.domain.com
alone, or ldap://ldap1.domain.com:389
, or ldap://<IP>
and ldap://<IP>:389
but none is working...
Though, I night have understood that the connection method has been augmented in other libraries - maybe using https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/d8cab667ea5a26306773ecf8679a84ccf52425af/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm instead of Net::LDAP
?