lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2020-12-07T15:25:04Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1496Server error when LL::NG can't connect to LDAP directory2020-12-07T15:25:04ZClément OUDOTServer error when LL::NG can't connect to LDAP directoryWhen configuring LDAP authentication and LDAP server is not available, instead of an error on the portal, we get a 500 server error:
```
ep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls jailInit
Sep 3 18:11:28 ...When configuring LDAP authentication and LDAP server is not available, instead of an error on the portal, we get a 500 server error:
```
ep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls jailInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls portalInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls locationRulesInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls sessionStorageInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls headersInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls postUrlInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Process 11870 calls aliasInit
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev LLNG[11870]: Lemonldap::NG::Handler::Server::Main: configuration is up to date
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev llng-fastcgi-server[11870]: FastCGI daemon started (pid 11872)
Sep 3 18:11:28 cchum-epcc-refid-llng1-dev systemd[1]: Started FastCGI server for Lemonldap::NG websso system.
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Module Lemonldap::NG::Portal::Main::Menu loaded
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Plugin ::Main::Menu initializated
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Module Lemonldap::NG::Portal::Auth::LDAP loaded
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Connection refused
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: LDAP error:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add POST route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add PUT route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add DELETE route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add POST route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add PUT route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add DELETE route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Route "*" redefined
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add POST route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Route "*" redefined
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Route "*" redefined
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add POST route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Route "*" redefined
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route * added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route psgi.js added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route psgi.js added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route portal.css added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route portal.css added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route : added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route : added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring unauth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route ping added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route ping added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route refresh added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Declaring auth route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Add GET route:
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: route logout added
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: User not authenticated, Try in use, cancel redirection
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Start routing default route
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Processing controlUrl
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Processing extractFormInfo
Sep 3 18:11:33 cchum-epcc-refid-llng1-dev LLNG[11875]: Returned error: 24
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1359TOTP plugin2020-04-03T09:08:16ZYaddTOTP pluginUsing [Auth::GoogleAuth](https://metacpan.org/pod/Auth::GoogleAuth), it seems easy to build a Google Authenticator plugin:
* a protected interface that can generate the base code for any user (used by admin)
* a second factor plugin th...Using [Auth::GoogleAuth](https://metacpan.org/pod/Auth::GoogleAuth), it seems easy to build a Google Authenticator plugin:
* a protected interface that can generate the base code for any user (used by admin)
* a second factor plugin that ask for TOTP code2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1317Wildcard in virtualhost names2020-02-20T16:21:59ZFrédéric MASSOTWildcard in virtualhost namesHi,
The DNS zone and Apache with the vhost_alias module and the VirtualDocumentRoot directive handle addresses with a wildcard like: *.projects.domain.com
In Apache you can configure a virtual host with:
ServerAlias *.projects.dom...Hi,
The DNS zone and Apache with the vhost_alias module and the VirtualDocumentRoot directive handle addresses with a wildcard like: *.projects.domain.com
In Apache you can configure a virtual host with:
ServerAlias *.projects.domain.com
VirtualDocumentRoot "/var/www/projects/%1"
Unfortunately we can not protect these addresses with LemonLDAP, if we add an address with a wildcard in the manager we have the error:
exportedHeaders/*.projects.domain.com: Bad hostname
locationRules/*.projects.domain.com: Bad hostname
Can you add support for wildcard addresses in LemonLDAP, please?
Regards.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1500Possibility to override parameters in Choice modules2019-10-01T12:50:31ZAnthony ROUSSELPossibility to override parameters in Choice modules### Concerned version
Version: 1.9.17
Platform: Apache2,
### Summary
Hello
we want to try authentication choice with severals LDAP servers :
1. Active Directory for our internal users
2. OpenLDAP for "partner's users"
In managerUi,...### Concerned version
Version: 1.9.17
Platform: Apache2,
### Summary
Hello
we want to try authentication choice with severals LDAP servers :
1. Active Directory for our internal users
2. OpenLDAP for "partner's users"
In managerUi, when choosing Authmodule,usermodule,pwdmodule == Authentication Choice, I then specify "allowed modules":
- AuthAD / Active Directory / Active Directory / Active Directory / noUrl / noCondition
- AuthLDAP / LDAP / LDAP / LDAP / noUrl / noCondition
but I can only specify One LDAP configuration in "LDAP Parameters".
Am i doing it wrong or is this a "display bug" ?
I guess the problem would be the same with multiple LDAP
### Backends used
FileConf2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1204Propose reauthentication if higher access level is requested2019-07-09T17:15:57ZClément OUDOTPropose reauthentication if higher access level is requestedWe need to be able to know which authentication level is requested (acr_values in OpenID Connect, requestedauthenticationcontext in SAML, a new parameter in Hanlder). Then compare this level to current level and force reauthentication if...We need to be able to know which authentication level is requested (acr_values in OpenID Connect, requestedauthenticationcontext in SAML, a new parameter in Hanlder). Then compare this level to current level and force reauthentication if the level is not enough.
This also implies to only propose authentication backends that are up to requested level in the combination module.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1386Multiple U2F keys2019-04-29T20:35:14ZYaddMultiple U2F keys### Summary
#1148 permits the registration of 1 U2F key. This issue propose to register more than one key _(inspired by GitLab)_.
### ToDo list
* Store more than one key in _u2f* entries *(comma separated)*
* Add a _u2f* entry to stor...### Summary
#1148 permits the registration of 1 U2F key. This issue propose to register more than one key _(inspired by GitLab)_.
### ToDo list
* Store more than one key in _u2f* entries *(comma separated)*
* Add a _u2f* entry to store a name for the key *(comma separated in the same order)*
* Modify self registration page to choose which key to remove
* Update manager U2F interface to choose which key to delete2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/971Server-to-Server Handler2019-04-23T06:00:21ZYaddServer-to-Server HandlerModern applications can have underlying REST requests to some other servers. We could develop a Kerberos-like ticket system to provide to application a ticket available to query other servers (ticket will be available a few seconds):
* i...Modern applications can have underlying REST requests to some other servers. We could develop a Kerberos-like ticket system to provide to application a ticket available to query other servers (ticket will be available a few seconds):
* in manager, just set an header containing {{llngTicket()}};
* application must set this ticket in an header (may be simply a cookie? a GET parameter?);
* handler will use the ticket instead of normal cookie to retrieve session and verify that {{$ticketTime + $class->tsv->ticketTimeout > time()}}. Then normal process;
* ticket can simply be {{cryptWithLlngKey ( random() . '/' . $sessionId . '/' . time() )}}2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1452Mouse < 2.5.1 breaks ApacheMP2 handler2019-02-06T09:10:48ZPaul CurieMouse < 2.5.1 breaks ApacheMP2 handler### Concerned version
Version: 2.0.0~alpha3+20180613130533+1994+master+stretch+olab1
Platform: Apache
### Summary
After a fresh install of the lastest llng from gitlab ppa on debian 9 with apache2, when selecting test apps as user dw...### Concerned version
Version: 2.0.0~alpha3+20180613130533+1994+master+stretch+olab1
Platform: Apache
### Summary
After a fresh install of the lastest llng from gitlab ppa on debian 9 with apache2, when selecting test apps as user dwho result in the error "Error occurs on the server" (/lmerror/500)
the same happens with an ldap user.
### Logs
```
[Wed Jun 13 19:27:30.759733 2018] [perl:error] [pid 12524:tid 139842479556352] [client 192.168.56.1:36998] Can't use an undefined value as a subroutine reference at /usr/share/perl5/Lemonldap/NG/Handler/Main/Run.pm line 376.\n
[Wed Jun 13 19:27:30.889148 2018] [perl:error] [pid 12525:tid 139842298005248] [client 192.168.56.1:37004] No package name defined for metaclass at /usr/lib/x86_64-linux-gnu/perl5/5.24/Mouse/Meta/Class.pm line 269.\n, referer: http://auth.demo.local/
```
### Backends used
Files for config/sessions
backend demo & ldap tested2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/595Portal powered by FastCGI (using Plack)2018-12-21T10:26:30ZYaddPortal powered by FastCGI (using Plack)For performances _(and many bugs with ModPerl::Registry / Apache-2.4)_, all CGI are replaced by FastCGI using [Plack|https://metacpan.org/pod/Plack] like Manager-1.9. This allows also a better Nginx integration.For performances _(and many bugs with ModPerl::Registry / Apache-2.4)_, all CGI are replaced by FastCGI using [Plack|https://metacpan.org/pod/Plack] like Manager-1.9. This allows also a better Nginx integration.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1561Configuration save generates bad warnings2018-12-01T21:44:18ZClément OUDOTConfiguration save generates bad warningsWe have an annoying issue in the 2.0.0 version, when saving configuration in Manager or with lemonldap-ng-cli, we have a lot of warnings:
```
{
'message' => 'totp2fActivation: __badExpression__: \'require\' trapped ...We have an annoying issue in the 2.0.0 version, when saving configuration in Manager or with lemonldap-ng-cli, we have a lot of warnings:
```
{
'message' => 'totp2fActivation: __badExpression__: \'require\' trapped by operation mask at (eval 166) line 1, <STDIN> line 1.'
},
{
'message' => 'issuerDBCASRule: __badExpression__: \'require\' trapped by operation mask at (eval 168) line 1, <STDIN> line 1.'
},
{
'message' => 'portalDisplayChangePassword: __badExpression__: \'require\' trapped by operation mask at (eval 170) line 1, <STDIN> line 1.'
},
{
'message' => 'portalSkinRules/1: __badExpression__: \'require\' trapped by operation mask at (eval 172) line 1, <STDIN> line 1.'
},
{
'message' => 'portalDisplayAppslist: __badExpression__: \'require\' trapped by operation mask at (eval 174) line 1, <STDIN> line 1.'
},
{
'message' => 'sfRequired: __badExpression__: \'require\' trapped by operation mask at (eval 176) line 1, <STDIN> line 1.'
},
{
'message' => 'utotp2fActivation: __badExpression__: \'require\' trapped by operation mask at (eval 178) line 1, <STDIN> line 1.'
},
{
'message' => 'portalDisplayLogout: __badExpression__: \'require\' trapped by operation mask at (eval 180) line 1, <STDIN> line 1.'
},
{
'message' => 'u2fActivation: __badExpression__: \'require\' trapped by operation mask at (eval 182) line 1, <STDIN> line 1.'
},
{
'message' => 'yubikey2fActivation: __badExpression__: \'require\' trapped by operation mask at (eval 184) line 1, <STDIN> line 1.'
},
{
'message' => 'totp2fSelfRegistration: __badExpression__: \'require\' trapped by operation mask at (eval 186) line 1, <STDIN> line 1.'
},
{
'message' => 'jsRedirect: __badExpression__: \'require\' trapped by operation mask at (eval 188) line 1, <STDIN> line 1.'
},
{
'message' => 'ext2fActivation: __badExpression__: \'require\' trapped by operation mask at (eval 190) line 1, <STDIN> line 1.'
},
{
'message' => 'rest2fActivation: __badExpression__: \'require\' trapped by operation mask at (eval 192) line 1, <STDIN> line 1.'
},
{
'message' => 'u2fSelfRegistration: __badExpression__: \'require\' trapped by operation mask at (eval 194) line 1, <STDIN> line 1.'
},
{
'message' => 'yubikey2fSelfRegistration: __badExpression__: \'require\' trapped by operation mask at (eval 196) line 1, <STDIN> line 1.'
},
{
'message' => 'issuerDBSAMLRule: __badExpression__: \'require\' trapped by operation mask at (eval 198) line 1, <STDIN> line 1.'
}
```
Should be linked to a recent change in the code?2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1559Warning in test suite when building on EL72018-11-29T20:38:31ZXavier BachelotWarning in test suite when building on EL7### Concerned version
Version: 2.0.0
Platform: N/A
### Summary
When building an RPM for EL7, the test suite is giving a number of warnings.
Building the same SRPM on Fedora 29 is clean of any warning, so this is likely an issue tied ...### Concerned version
Version: 2.0.0
Platform: N/A
### Summary
When building an RPM for EL7, the test suite is giving a number of warnings.
Building the same SRPM on Fedora 29 is clean of any warning, so this is likely an issue tied to different perl version (5.28 on F29 vs 5.16 on EL7) or perl modules versions (too many to list..).
### Logs
Extracts from the full log, which is attached below.
```
Missing argument in sprintf at /builddir/build/BUILD/lemonldap-ng-2.0.0/lemonldap-ng-handler/blib/lib/Lemonldap/NG/Handler/Main/Jail.pm line 11.
Missing argument in sprintf at /builddir/build/BUILD/lemonldap-ng-2.0.0/lemonldap-ng-common/blib/lib/Lemonldap/NG/Common/Session.pm line 16.
```
```
"my" variable $id masks earlier declaration in same scope at t/20-Auth-and-password-DBI-dynamic-hash.t line 193.
```
```
Use of uninitialized value $_[0] in substr at /usr/share/perl5/vendor_perl/IO/String.pm line 313, <FILE> line 2.
t/20-Auth-DBI-utf8.t .............................................. ok
```
```
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in string eq at (eval 132) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_user in string at (eval 132) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in pattern match (m//) at (eval 133) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::uid in string eq at (eval 141) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in string eq at (eval 146) line 1.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_user in string at (eval 146) line 1.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in pattern match (m//) at (eval 154) line 1.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::uid in string eq at (eval 157) line 1.
t/24-AuthApache.t ................................................. ok
```
```
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in string eq at (eval 132) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_user in string at (eval 132) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in pattern match (m//) at (eval 140) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::uid in string eq at (eval 143) line 1, <FILE> line 3.
t/12-save-changed-conf.t .... ok
```
```
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in string eq at (eval 132) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_user in string at (eval 132) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in pattern match (m//) at (eval 140) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::uid in string eq at (eval 143) line 1, <FILE> line 3.
t/14-bad-changes-in-conf.t .. o
```
```
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in string eq at (eval 133) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_user in string at (eval 133) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::_auth in pattern match (m//) at (eval 140) line 1, <FILE> line 3.
Use of uninitialized value $Lemonldap::NG::Manager::Attributes::uid in string eq at (eval 143) line 1, <FILE> line 3.
t/15-combination.t .......... ok
```
```
Use of uninitialized value $_[0] in substr at /usr/share/perl5/vendor_perl/IO/String.pm line 313, <FILE> line 2.
Use of uninitialized value $_[0] in substr at /usr/share/perl5/vendor_perl/IO/String.pm line 313.
t/50-notifications.t ........ ok
```
```
Illegal namespace identifier 'lemonldap/ng/common/psgi/soapservice' for URN 'urn:Lemonldap/NG/Common/PSGI/SOAPService' at /usr/share/perl5/vendor_perl/SOAP/Lite.pm line 2760.
```
Full test suite output: [lemonldap-ng-testsuite.log](/uploads/880c42e7a105bb17bd54a5f35bcad2a5/lemonldap-ng-testsuite.log)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1557Uninitialized vars errors with FCGIClient handler2018-11-29T09:05:50ZXavier BachelotUninitialized vars errors with FCGIClient handler### Concerned version
Version: 2.0
Platform: Apache
### Summary
When using the httpd FCGIClient handler, uninitialized variables errors are logged on each call to the handler.
This is on CentOS 7 with FCGI::Client 0.08 from EPEL 7.
...### Concerned version
Version: 2.0
Platform: Apache
### Summary
When using the httpd FCGIClient handler, uninitialized variables errors are logged on each call to the handler.
This is on CentOS 7 with FCGI::Client 0.08 from EPEL 7.
Conf extract:
```
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2::FCGIClient
PerlSetVar LLNG_SERVER host.domain.tld:8080
PerlSetVar VHOSTTYPE DevOps
```
### Logs
```
Use of uninitialized value $vlen in numeric lt (<) at /usr/share/perl5/vendor_perl/FCGI/Client/RecordFactory.pm line 91.
Use of uninitialized value $vlen in pack at /usr/share/perl5/vendor_perl/FCGI/Client/RecordFactory.pm line 92.
Use of uninitialized value $v in concatenation (.) or string at /usr/share/perl5/vendor_perl/FCGI/Client/RecordFactory.pm line 98.
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1490Be able to use DBD::MariaDB2018-11-26T13:22:13ZYaddBe able to use DBD::MariaDBDBD::MariaDB is a fork of DBD::mysql that manages better UTF-8. We must accept this DBD driver:
* in Apache::Session::Browseable
* in CDBI/RDBI
* in Lemonldap::NG::Common::Apache::SessionDBD::MariaDB is a fork of DBD::mysql that manages better UTF-8. We must accept this DBD driver:
* in Apache::Session::Browseable
* in CDBI/RDBI
* in Lemonldap::NG::Common::Apache::Session2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1504Upgrade to bootstrap 42018-11-24T11:22:33ZClément OUDOTUpgrade to bootstrap 4See http://upgrade-bootstrap.bootply.com/See http://upgrade-bootstrap.bootply.com/2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1212Propose SSL authentication by Ajax2018-11-21T19:17:21ZYaddPropose SSL authentication by AjaxTo be able to chain SSL with Combination, we could use an Ajax URL like in Kerberos auth moduleTo be able to chain SSL with Combination, we could use an Ajax URL like in Kerberos auth module2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1517Password backend not called with Choice2018-11-19T17:40:07ZClément OUDOTPassword backend not called with ChoiceI have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemo...I have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[debug] Get session 0e7d87c9809be37657096372bd2af908
[debug] removing cookie
[debug] User coudot was granted to access to /
[debug] Start routing default route
[debug] Processing importHandlerData
[debug] Processing restoreArgs
[debug] Processing controlUrl
[debug] Processing checkLogout
[debug] Processing code ref
[debug] Launching ::Auth::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::UserDB::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::Password::Choice::_modifyPassword
[debug] Choice 2LDAP selected
[debug] Choice 2LDAP selected from pdata
[debug] Bad old password
[debug] Unbind and disconnect from ldap://localhost
[debug] Returned error: 39
[debug] Skin returned: error
[debug] Calling sendHtml with template error
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Apply following CSP : form-action 'self';frame-ancestors 'none';
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1545Issue with Debian packages built with pipelines2018-11-19T13:23:57ZClément OUDOTIssue with Debian packages built with pipelinesHello,
here is an error we get when using Apache2 Handler from the packages built with gitlab pipelines:
```
[Fri Nov 16 15:38:58.099590 2018] [perl:debug] [pid 32503:tid 140025647814400] Check configuration for Lemonldap::NG::Handler::...Hello,
here is an error we get when using Apache2 Handler from the packages built with gitlab pipelines:
```
[Fri Nov 16 15:38:58.099590 2018] [perl:debug] [pid 32503:tid 140025647814400] Check configuration for Lemonldap::NG::Handler::ApacheMP2::Main
[Fri Nov 16 15:38:58.116866 2018] [perl:debug] [pid 32503:tid 140025647814400] Lemonldap::NG::Common::Conf::Backends::File loaded.\nGet configuration from cache without verification.
[Fri Nov 16 15:38:58.117096 2018] [perl:debug] [pid 32503:tid 140025647814400] Get configuration 159
[Fri Nov 16 15:38:58.117242 2018] [perl:info] [pid 32503:tid 140025647814400] Loading configuration 159 for process 32503
[Fri Nov 16 15:38:58.117354 2018] [perl:debug] [pid 32503:tid 140025647814400] Process 32503 calls defaultValuesInit
[Fri Nov 16 15:38:58.117528 2018] [perl:debug] [pid 32503:tid 140025647814400] Options maintenance for vhost xxxx: 0
[Fri Nov 16 15:38:58.117667 2018] [perl:debug] [pid 32503:tid 140025647814400] Process 32503 calls jailInit
[Fri Nov 16 15:38:58.118826 2018] [perl:error] [pid 32503:tid 140025647814400] [client 86.207.130.142:53048] No package name defined for metaclass at /usr/lib/x86_64-linux-gnu/perl5/5.24/Mouse/Meta/Class.pm line 269.\n
```
I can't reproduce this with packages built from sources with make ubuntu-install-for-apache
I suspect some troubles with Mouse/Moose. Any idea?2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1527Strange issue with build_urlencoded2018-11-15T09:38:33ZClément OUDOTStrange issue with build_urlencodedHad a strange issue this morning build_urlencoded
In LinkedIn module, we have this:
```perl
my $authn_uri = $self->linkedInAuthorizationEndpoint;
$authn_uri .= '?'
. build_urlencoded(
response_type ...Had a strange issue this morning build_urlencoded
In LinkedIn module, we have this:
```perl
my $authn_uri = $self->linkedInAuthorizationEndpoint;
$authn_uri .= '?'
. build_urlencoded(
response_type => 'code',
client_id => $self->conf->{linkedInClientID},
redirect_uri => $callback_url,
scope => $self->conf->{linkedInScope},
state => $stateSession->id,
);
```
But this does not work, client_id and scope are empty in URL.
To fix I add to do:
```perl
my $authn_uri = $self->linkedInAuthorizationEndpoint;
my $client_id = $self->conf->{linkedInClientID};
my $scope = $self->conf->{linkedInScope};
$authn_uri .= '?'
. build_urlencoded(
response_type => 'code',
client_id => $client_id,
redirect_uri => $callback_url,
scope => $scope,
state => $stateSession->id,
);
```
Any idea about this?2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1529Custom modules are erased by package updates2018-11-15T09:32:44ZClément OUDOTCustom modules are erased by package updatesWe have the possibility to have Custom modules in 2.0, but as they are part of the distribution, if we modify them, they are erased by packages update.
We should not ship these modules inside LL::NG code, or call them "Custom.example" i...We have the possibility to have Custom modules in 2.0, but as they are part of the distribution, if we modify them, they are erased by packages update.
We should not ship these modules inside LL::NG code, or call them "Custom.example" instead of "Custom.pm", or ship them in doc/, not in modules.
What do you think?2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1513SAML replay protection is not replaying authentication2018-10-28T12:27:08ZClément OUDOTSAML replay protection is not replaying authenticationAs SAML SP, when we check replay protection, we should replay authentication if the check fails:
```
unless ( $self->replayProtection($assertion_responded) ) {
# Assertion was already consumed or is e...As SAML SP, when we check replay protection, we should replay authentication if the check fails:
```
unless ( $self->replayProtection($assertion_responded) ) {
# Assertion was already consumed or is expired
# Force authentication replay
$self->userLogger->error(
"Message $assertion_responded already used or expired, replay authentication"
);
delete $req->{urldc};
$req->mustRedirect(1);
$req->steps( [] );
return PE_OK;
}
```
But at this moment we did not set $req->user so we end with this error in Portal/Main/Process.pm
```
sub extractFormInfo {
my ( $self, $req ) = @_;
return PE_ERROR unless ( $self->_authentication );
my $ret = $self->_authentication->extractFormInfo($req);
if ( $ret == PE_OK and not( $req->user or $req->continue ) ) {
$self->logger->error(
'Authentication module succeed but has not set $req->user');
return PE_ERROR;
}
```
Should we not set "$req->continue" in our SAML code?2.0.0YaddYadd