lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-05-15T20:31:11Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1113OIDC Provider to SAML SP does not work2018-05-15T20:31:11Zdcoutadeur dcoutadeurOIDC Provider to SAML SP does not workI have 3 machines :
- 1 is ODIC RP
- 1 is OIDC Provider + SAML SP
- 1 is SAML IdP
When trying to make a chain :
- Relying Party contacts OpenID Connect Provider
then
- OpenID Connect Provider (configured as SAML SP) contacts SAML IdP
t...I have 3 machines :
- 1 is ODIC RP
- 1 is OIDC Provider + SAML SP
- 1 is SAML IdP
When trying to make a chain :
- Relying Party contacts OpenID Connect Provider
then
- OpenID Connect Provider (configured as SAML SP) contacts SAML IdP
the final return does not work : ie SAML SP not calling his internal IdP
I propose a basic patch, which, in summary :
- happens before soring relay state in SAML SP (Portal/_SAML.pm)
- gets called URL
- if URL match with current portal URL, store it in relay state.
The patch is working, but maybe these points should be validated :
- make sure it is generic, in particular make sure the other way is working: SAML IdP calling an OIDC RP
- security: make sure we won't redirect to unsecure locations
- using CGI module may be improved ? (if the portal is to be made more generic and less adherence to apache)
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1150Can't get captcha to work with LDAP as backend2018-05-15T20:31:11ZMichael GoldfingerCan't get captcha to work with LDAP as backendAfter getting the websites to work and get LDAP to run as configuration backend I wanted to change the backend for the captcha from Apache::Session::File to Apache::Session::LDAP.
I configured the system like shown on the screenshots. ...After getting the websites to work and get LDAP to run as configuration backend I wanted to change the backend for the captcha from Apache::Session::File to Apache::Session::LDAP.
I configured the system like shown on the screenshots. The ldapBindDN and ldapBindPassword are used for the configuration backend to so they are workling. I even tried ldapBindPassword as {SSHA}xxx and in clear text, but I would prever if the {SSHA} would work. However the effect is that instead of the captcha I get the image broken icon and nothing is written into the ldap.
The nginx error_log shows only the warnings about the demo accounts.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1171Session explorer freezes when session number is high2018-05-15T20:31:11ZJean-Charles RogezSession explorer freezes when session number is highWhen browsing thousands of sessions, the browser freezes (see the attached screenshot).
We think that browsing is not a good solution in this case.
A solution should be to replace the browsing tree by a search formular (uid and ip for a...When browsing thousands of sessions, the browser freezes (see the attached screenshot).
We think that browsing is not a good solution in this case.
A solution should be to replace the browsing tree by a search formular (uid and ip for active sessions, uid for persistent sessions).
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1327Facebook module not working due to API changes in Facebook2018-06-23T06:36:23ZClément OUDOTFacebook module not working due to API changes in FacebookThere is an issue in Net::Facebook::Oauth2: https://github.com/mamod/Net-Facebook-Oauth2/issues/14
I think we can get rid of this module as we only need 2 or 3 GET requests, like it is done in LinkedIn module.There is an issue in Net::Facebook::Oauth2: https://github.com/mamod/Net-Facebook-Oauth2/issues/14
I think we can get rid of this module as we only need 2 or 3 GET requests, like it is done in LinkedIn module.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1594Cannot select oidcConsents tab in menu2018-12-17T14:16:13ZClément OUDOTCannot select oidcConsents tab in menuFollowing #1592, we need to add oidcConsents tab in the list of menu tabs to be able to select it.Following #1592, we need to add oidcConsents tab in the list of menu tabs to be able to select it.2.0.1Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1592Cannot select a menu tab with ?tab=<tab id> in URL2018-12-18T16:25:34ZClément OUDOTCannot select a menu tab with ?tab=<tab id> in URLIn 1.9, we could display a menu tab by passing tab parameter in URL. For example: https://auth.example.com/?tab=password
It does not work in 2.0.In 1.9, we could display a menu tab by passing tab parameter in URL. For example: https://auth.example.com/?tab=password
It does not work in 2.0.2.0.1Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1589Error in MailReset when asking to resend confirmation mail2018-12-21T14:03:24ZClément OUDOTError in MailReset when asking to resend confirmation mailIf you already have a reset session and you ask a new reset, we ask if you want to resend the confirmation mail.
When doing it we have the error "invalid authentication attempt":
```
Dec 17 11:00:55 llng-site LLNG[39934]: User not authe...If you already have a reset session and you ask a new reset, we ask if you want to resend the confirmation mail.
When doing it we have the error "invalid authentication attempt":
```
Dec 17 11:00:55 llng-site LLNG[39934]: User not authenticated, Try in use, cancel redirection
Dec 17 11:00:55 llng-site LLNG[39934]: Start routing resetpwd
Dec 17 11:00:55 llng-site LLNG[39934]: Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
Dec 17 11:00:55 llng-site LLNG[39934]: Token 1545033775_164 created
Dec 17 11:00:55 llng-site LLNG[39934]: Prepare captcha
Dec 17 11:00:55 llng-site LLNG[39934]: Display called with code: 81
Dec 17 11:00:55 llng-site LLNG[39934]: Skin bootstrap selected from GET/POST parameter
Dec 17 11:00:55 llng-site LLNG[39934]: Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/mail.tpl
Dec 17 11:00:55 llng-site LLNG[39934]: Skin bootstrap selected from GET/POST parameter
Dec 17 11:00:55 llng-site LLNG[39934]: Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/mail.tpl
Dec 17 11:00:55 llng-site LLNG[39934]: Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action *;frame-ancestors 'none';
```2.0.1Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1588Captcha is validated with additional letters2018-12-20T09:49:41ZClément OUDOTCaptcha is validated with additional lettersIf we add some lettes to captcha code, it is still accepted.
This is a minor issue, but we should not accept a code that is not exactly the same as the one displayed.If we add some lettes to captcha code, it is still accepted.
This is a minor issue, but we should not accept a code that is not exactly the same as the one displayed.2.0.1YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1587Captcha is not displayed in Register form if mail already exists2018-12-18T10:18:02ZClément OUDOTCaptcha is not displayed in Register form if mail already existsWhen we have the error "mail already exists", the captcha is not displayed anymore.When we have the error "mail already exists", the captcha is not displayed anymore.2.0.1Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1586Portal message override do not work on plugins and mails templates2018-12-20T09:48:59ZClément OUDOTPortal message override do not work on plugins and mails templatesWhen overriding messages in Portal (see https://lemonldap-ng.org/documentation/latest/portalcustom#messages), it works well on main pages (login, menu), but not on mailreset, register.When overriding messages in Portal (see https://lemonldap-ng.org/documentation/latest/portalcustom#messages), it works well on main pages (login, menu), but not on mailreset, register.2.0.1Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1582MongoDB Conf backend looses sub hash keys2018-12-17T20:38:04ZMathieu Lecompte-melançonMongoDB Conf backend looses sub hash keys### Concerned version
Version: %2.0.0
Platform: Nginx
### Summary
In Manager, setting up combination in Module list not seem to keep Use section
### Logs
![image](/uploads/6a67b1a534fd70404157e609133659ec/image.png)
```
Dec 13 09:55...### Concerned version
Version: %2.0.0
Platform: Nginx
### Summary
In Manager, setting up combination in Module list not seem to keep Use section
### Logs
![image](/uploads/6a67b1a534fd70404157e609133659ec/image.png)
```
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6430]: Lemonldap::NG::Handler::Server::Main: configuration is up to date
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6431]: Apply configuration for reload2.interne.urgences-sante.qc.ca: ok
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6431]: Apply configuration for reload4.dmz.urgences-sante.qc.ca: ok
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6431]: Apply configuration for reload3.dmz.urgences-sante.qc.ca: ok
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6431]: Apply configuration for reload1.dmz.urgences-sante.qc.ca: ok
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6431]: Apply configuration for reload1.interne.urgences-sante.qc.ca: ok
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6431]: $VAR1 = {'cfgNum' => 463,'details' => {'__warnings__' => [{'message' => 'Your manager seems to be unprotected'}],'__applyResult__' => [{'message' => 'reload2.dmz.urgences-sante.qc.ca: OK'},{'message' => 'reload4.interne.urgences-sante.qc.ca: OK'},{'message' => 'reload3.interne.urgences-sante.qc.ca: OK'},{'message' => 'reload2.interne.urgences-sante.qc.ca: OK'},{'message' => 'reload4.dmz.urgences-sante.qc.ca: OK'},{'message' => 'reload3.dmz.urgences-sante.qc.ca: OK'},{'message' => 'reload1.dmz.urgences-sante.qc.ca: OK'},{'message' => 'reload1.interne.urgences-sante.qc.ca: OK'}]},'message' => '','result' => 1};
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Start routing confs
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Search for cfgNum in conf
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Cfgnum set to latest
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Search for cfgAuthor in conf
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Cfgnum set to 463
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Search for cfgDate in conf
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Cfgnum set to 463
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Search for cfgAuthorIP in conf
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Cfgnum set to 463
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Search for cfgLog in conf
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Cfgnum set to 463
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Search for cfgVersion in conf
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: Cfgnum set to 463
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: User anonymous ask for configuration metadata (463)
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6425]: $VAR1 = {'cfgVersion' => '2.0.0','cfgLog' => '','prev' => 462,'cfgNum' => 463,'cfgDate' => '1544712900','cfgAuthorIP' => '10.193.11.11','cfgAuthor' => 'anonymous'};
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6426]: Start routing confs
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6426]: User anonymous asks for key portal
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6426]: Search for portal in conf
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6426]: Cfgnum set to 463
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6429]: Start routing confs
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6429]: User anonymous asks for key domain
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6429]: Search for domain in conf
Dec 13 09:55:01 srv-pr-nginxv2 LLNG[6429]: Cfgnum set to 463
```
### Backends used
MongoDB Backend
### Possible fixes2.0.1Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1579SOAP Backend error for empty collection2018-12-12T14:12:54ZMathieu Lecompte-melançonSOAP Backend error for empty collection### Concerned version
Version: %2.0.0
Platform: Nginx
### Summary
Error happen, when trying to connect a second poetal to the SOAP backend of the main portal
Proabblye due to empty collection value
### Logs
```
Dec 11 16:00:11 srv...### Concerned version
Version: %2.0.0
Platform: Nginx
### Summary
Error happen, when trying to connect a second poetal to the SOAP backend of the main portal
Proabblye due to empty collection value
### Logs
```
Dec 11 16:00:11 srv-pr-nginxdmzv2 systemd: Starting FastCGI server for Lemonldap::NG websso system...
Dec 11 16:00:11 srv-pr-nginxdmzv2 LLNG[8139]: Logger Lemonldap::NG::Common::Logger::Syslog loaded
Dec 11 16:00:11 srv-pr-nginxdmzv2 LLNG[8139]: User logger Lemonldap::NG::Common::Logger::Syslog loaded
Dec 11 16:00:11 srv-pr-nginxdmzv2 LLNG[8139]: Check configuration for Lemonldap::NG::Handler::Server::Main
Dec 11 16:00:11 srv-pr-nginxdmzv2 LLNG[8139]: Lemonldap::NG::Common::Conf::Backends::SOAP loaded.#012Configuration unchanged, get configuration from cache.
Dec 11 16:00:11 srv-pr-nginxdmzv2 LLNG[8139]: Get configuration 455
Dec 11 16:00:11 srv-pr-nginxdmzv2 llng-fastcgi-server: Can't use string ("") as a HASH ref while "strict refs" in use at /usr/share/perl5/vendor_perl/Lemonldap/NG/Handler/Main/Reload.pm line 216.
Dec 11 16:00:11 srv-pr-nginxdmzv2 LLNG[8139]: Loading configuration 455 for process 8139
Dec 11 16:00:11 srv-pr-nginxdmzv2 LLNG[8139]: Process 8139 calls defaultValuesInit
Dec 11 16:00:11 srv-pr-nginxdmzv2 LLNG[8139]: Options https for vhost go.interne.urgences-sante.qc.ca: 1
Dec 11 16:00:11 srv-pr-nginxdmzv2 systemd: llng-fastcgi-server.service: control process exited, code=exited status=255
Dec 11 16:00:11 srv-pr-nginxdmzv2 systemd: Failed to start FastCGI server for Lemonldap::NG websso system.
Dec 11 16:00:11 srv-pr-nginxdmzv2 systemd: Unit llng-fastcgi-server.service entered failed state.
Dec 11 16:00:11 srv-pr-nginxdmzv2 systemd: llng-fastcgi-server.service failed.
```
### Backends used
SOAP Config Backend
### Possible fixes
Overloading empty colelction in ini file:
```
groups = {}
grantSessionRules = {}
sessionDataToRemember = {}
trustedProxies = {}
samlIDPMetaDataXML = {}
oidcOPMetaDataJSON = {}
casSrvMetaDataOptions = {}
portalSkinRules = {}
oidcOPMetaDataOptions = {}
SMTPTLSOpts = {}
casSrvMetaDataExportedVars = {}
autoSigninRules = {}
logoutServices = {}
rest2fInitArgs = {}
casStorageOptions = {}
oidcStorageOptions = {}
lwpOpts = {}
casAttributes = {}
casAppMetaDataOptions = {}
rest2fVerifyArgs = {}
sessionDataToRemember = {}
samlIDPMetaDataOptions = {}
nginxCustomHandlers = {}
lwpSslOpts = {}
casAppMetaDataExportedVars = {}
samlStorageOptions = {}
demoExportedVars = {}
oidcOPMetaDataExportedVars = {}
oidcOPMetaDataJWKS = {}
```2.0.1YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1576Browser doesn t select Portal appropriate language2018-12-14T22:12:20ZChristophe Maudouxchrmdx@gmail.comBrowser doesn t select Portal appropriate language### Concerned version
Version: 2.0
### Summary
When lang cookie isn t defined browser doesn t select the right Portal language.
### Possible fixes
Issue due to multi similare languages (fr fr-FR fr-CH etc...)### Concerned version
Version: 2.0
### Summary
When lang cookie isn t defined browser doesn t select the right Portal language.
### Possible fixes
Issue due to multi similare languages (fr fr-FR fr-CH etc...)2.0.1Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1572Error when saving in manager (mongoDB as ConfigurationBackend)2018-12-12T14:19:52ZMathieu Lecompte-melançonError when saving in manager (mongoDB as ConfigurationBackend)### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
When save in manager we receive a Bad Request prompt.
The backend was MongoDB, and working fine in 1.9.
The change, after the save, seem to be correctly set in data...### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
When save in manager we receive a Bad Request prompt.
The backend was MongoDB, and working fine in 1.9.
The change, after the save, seem to be correctly set in data...
Configuration in ini for MongoDB Replicaset
```
type = MongoDB
dbName = llng_db
collectionName = configuration
host = mongodb://lemonldap_1.bd.interne.urgences-sante.qc.ca:27017,lemonldap_2.bd.interne.urgences-sante.qc.ca:27017,lemonldap_3.bd.interne.urgences-sante.qc.ca:27017
; authentication parameters
db_name = llng_db
username = quoi
password = cestunsecret
connect_timeout_ms=3000
read_pref_mode = primaryPreferred
replica_set_name = rs0
w = 1
wtimeout = 3000
```
### Logs
```
Dec 5 08:32:10 srv-pr-nginxv2 LLNG[7234]: Apply configuration for reload2.interne.urgences-sante.qc.ca: ok
Dec 5 08:32:10 srv-pr-nginxv2 LLNG[7234]: Apply configuration for reload4.dmz.urgences-sante.qc.ca: ok
Dec 5 08:32:10 srv-pr-nginxv2 LLNG[7234]: Apply configuration for reload3.dmz.urgences-sante.qc.ca: ok
Dec 5 08:32:10 srv-pr-nginxv2 LLNG[7234]: Apply configuration for reload1.dmz.urgences-sante.qc.ca: ok
Dec 5 08:32:10 srv-pr-nginxv2 LLNG[7234]: Apply configuration for reload1.interne.urgences-sante.qc.ca: ok
Dec 5 08:32:10 srv-pr-nginxv2 LLNG[7234]: [anonymous] encountered object 'MongoDB::InsertOneResult=HASH(0x717fc98)', but neither allow_blessed nor convert_blessed settings are enabled at /usr/share/perl5/vendor_perl/Lemonldap/NG/Common/PSGI.pm line 119.
Dec 5 08:32:10 srv-pr-nginxv2 LLNG[7234]: Error 500: encountered object 'MongoDB::InsertOneResult=HASH(0x717fc98)', but neither allow_blessed nor convert_blessed settings are enabled at /usr/share/perl5/vendor_perl/Lemonldap/NG/Common/PSGI.pm line 119.
```
### Backends used
MongoDB
### Possible fixes2.0.1YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1564Function authLogout is missing in package "Lemonldap::NG::Portal::Auth::SSL"2018-12-01T21:44:34ZChristophe Maudouxchrmdx@gmail.comFunction authLogout is missing in package "Lemonldap::NG::Portal::Auth::SSL"### Concerned version
Version: 2.0.0
### Summary
Hello.
Function authLogout is missing in package "Lemonldap::NG::Portal::Auth::SSL" (file /usr/share/perl5/Lemonldap/NG/Portal/Auth/SSL.pm on Debian) with LemonLDAP::NG 2.0.0. When you...### Concerned version
Version: 2.0.0
### Summary
Hello.
Function authLogout is missing in package "Lemonldap::NG::Portal::Auth::SSL" (file /usr/share/perl5/Lemonldap/NG/Portal/Auth/SSL.pm on Debian) with LemonLDAP::NG 2.0.0. When you logout with SSL authentication, it raises an 500 error :
### Logs
2018/12/01 12:53:39 [error] 32328#32328: *1764 FastCGI sent in stderr: "Can't locate object method "authLogout" via package "Lemonldap::NG::Portal::Auth::SSL" at /usr/share/perl5/Lemonldap/NG/Common/Combination/Parser.pm line 138" while reading response header from upstream, client: 127.0.0.1, server: auth.example.com, request: "GET /?logout=1 HTTP/2.0", upstream: "fastcgi://unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock:", host: "auth.example.com", referrer: "https://auth.example.com/?logout=1"
### Possible fixes
Fixing is easy, just add three lines after authenticate function (line 58) :
sub authLogout {
PE_OK;
}
Kind regards.
Damien Wertz2.0.1Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1649Error about Handler when saving configuration in lmConfigEditor2019-02-11T17:00:54ZClément OUDOTError about Handler when saving configuration in lmConfigEditorFrom the latest 2.0 code:
```
root@llng-site:~# /usr/share/lemonldap-ng/bin/lmConfigEditor
Running as uid 33 and gid 33 0
Test cookieNameChanged failed: Can't locate object method "tsv" via package "Lemonldap::NG::Handler::Main" (perhaps...From the latest 2.0 code:
```
root@llng-site:~# /usr/share/lemonldap-ng/bin/lmConfigEditor
Running as uid 33 and gid 33 0
Test cookieNameChanged failed: Can't locate object method "tsv" via package "Lemonldap::NG::Handler::Main" (perhaps you forgot to load "Lemonldap::NG::Handler::Main"?) at /usr/share/perl5/Lemonldap/NG/Manager/Conf/Tests.pm line 241, <F1> line 1427.
Test testApacheSession failed: Can't locate object method "tsv" via package "Lemonldap::NG::Handler::Main" (perhaps you forgot to load "Lemonldap::NG::Handler::Main"?) at /usr/share/perl5/Lemonldap/NG/Manager/Conf/Tests.pm line 202, <F1> line 1427.
Configuration 404 saved
```
I will push a fix.2.0.2Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1648ldapAuthnLevel and dbiAuthnLevel are ignored2019-02-11T10:56:13ZClément OUDOTldapAuthnLevel and dbiAuthnLevel are ignoredThe configuration attributes ldapAuthnLevel and dbiAuthnLevel are not used in portal code. We only have the WebForm authentication level.The configuration attributes ldapAuthnLevel and dbiAuthnLevel are not used in portal code. We only have the WebForm authentication level.2.0.2Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1644error while reseting password with ppolicy enabled2019-02-07T19:16:58Zdcoutadeur dcoutadeurerror while reseting password with ppolicy enabled### Concerned version
```
Apache/2.4.25 (Debian) (prefork)
Debian 9.7
libapache2-mod-perl2 2.0.10-2
libmouse-perl 2.4.7-1
```
Platform: (Apache -> Any ?)
### Summary
When enabling OpenLDAP ppolicy, the password change is sometime inc...### Concerned version
```
Apache/2.4.25 (Debian) (prefork)
Debian 9.7
libapache2-mod-perl2 2.0.10-2
libmouse-perl 2.4.7-1
```
Platform: (Apache -> Any ?)
### Summary
When enabling OpenLDAP ppolicy, the password change is sometime incorrect.
```
Password policy control -> enabled
Extended password modify -> disabled
change as user -> enabled
```
Working kinematic:
- log in as non-privileged user
- change password (ask old one)
- password changed
Non-working kinematic:
- log in as non-privileged user
- change password (ask old one), entering a new password that does not match the ppolicy (for example too short password)
- ppolicy show correct message : password too short,
- change password (ask old one), entering a new password that matches the ppolicy
-> ERROR: Bad old password
Note that restarting Apache fixes the problem. The error occurs any time after a ppolicy error is returned.
After investigating, I found out that error occurs in file Net/LDAP.pm:
```
else {
if ($oldpassword) {
# Check old password with a bind
$mesg = $self->bind(
$dn,
password => $oldpassword,
control => [$pp]
);
my ($bind_resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
unless ( defined $bind_resp ) {
if ( $mesg->code != 0 ) {
$self->{portal}->logger->debug("Bad old password");
return PE_BADOLDPASSWORD;
}
}
```
I noticed that the bind operation fails with a $mesg->code equal to 81, and the BIND operation is never sent to the LDAP server, as if there was a cache in the Net::LDAP library or Lemon code.
Variables $dn and $oldpassword are correctly set.
### Logs
```
[debug] Launching ::Password::LDAP::_modifyPassword
[debug] Get DN from request data: cn=user,ou=branch,dc=domain,dc=com
[debug] Call modify password for cn=user,ou=branch,dc=domain,dc=com
[debug] Call bind for cn=user,ou=branch,dc=domain,dc=com
[debug] Bad old password
[debug] Unbind and disconnect from ldaps://ldap.domain.com
[debug] Returned error: 39
[debug] Skin returned: error
[debug] Calling sendHtml with template error
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self';frame-ancestors 'none';
```
### Backends used2.0.2YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1643Portal CSS is sent with empty background when portalSkinBackground is not def...2019-02-05T17:47:49ZClément OUDOTPortal CSS is sent with empty background when portalSkinBackground is not definedWhen we want to disable portalSkinBackground, portal.css is sent with a bogus code:
```css
html,body {
background:url("/static/common/backgrounds/") no-repeat center fixed;
background-size:cover;
}
```
This leads to error in web serve...When we want to disable portalSkinBackground, portal.css is sent with a bogus code:
```css
html,body {
background:url("/static/common/backgrounds/") no-repeat center fixed;
background-size:cover;
}
```
This leads to error in web server logs:
```
2019/02/05 17:22:14 [error] 90151#90151: *21 directory index of "/usr/share/lemonldap-ng/portal/htdocs/static/common/backgrounds/" is forbidden, client: 81.250.130.213, server: auth.openid.club, request: "GET /static/common/backgrounds/ HTTP/1.1", host: "auth.openid.club", referrer: "https://auth.openid.club/portal.css"
```2.0.2Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1642Unable to select skin from URL2019-02-05T18:08:36ZClément OUDOTUnable to select skin from URLWhen using skin GET parameter, the selected skin is not displayed. I think skin rules are also broken.
The log shows that templateDir is initialized before calling getSkin:
```
[debug] Calling sendHtml with template login
[debug] Starti...When using skin GET parameter, the selected skin is not displayed. I think skin rules are also broken.
The log shows that templateDir is initialized before calling getSkin:
```
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Skin myskin selected from GET/POST parameter
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
```
In Portal::Main::Init, we can't call getSkin as we don't have the request parameter. We should be able to select skin before calling sendHtml.
@guimard I need your help on this to find the best way to fix this regression.2.0.2YaddYadd