LDAP Authentication issue

Hi, after upgrading to 0.37.02 one user is experiencing authentication issue, the error the user gets is
:message “ERROR: duplicate key value violates unique constraint “core_user_email_key”\n Detail: Key (email)=(xxxx.xxxx@xxx.com) already exists.”

any way to resolve this?

I have deactivated the user, then reactivated them. I have also deleted all the users sessions.

was going to try delete the user from the DB and see if the user can create their account again but decided to ask here first.

thanks

Hi @charliedv84
Since this is only happening to a single user, could it be that parts of the email is mixed case (uppercase, lowercase) - either in Metabase core_user.email or LDAP or what the user inputs?
Since 0.37 all logins will be stored as lowercase and should only be validated as such.

Hi @flamber

the user is using their domain login, to authenticate, not using their email address, however the user did try with email address but the issue was still there.

in Metabase the user email is stored in lowercase (in user_core), the ldap search returns mixed upper case and lower case and the user using lowercase user name and email when trying.

is there a way to get around upercase lowercase in email from LDAP?

a second user is not experiencing this issue as i write this reply

@charliedv84 I don’t understand what you mean, but is the problem caused by casing? If yes, then tell the person to login using lowercase and make sure the existing values are lowercase.

I don’t know what is going on with your system, I was just guessing, since I know casing has changed.
A redacted screenshot and a constraint error doesn’t tell much here.

Check the logs, look at the LDAP requests/responses to figure out what is going on. Check the database log to figure out the query that fails.

Hi @flamber

apologies, was in a meeting when typing the previous reply.

the screenshot is below, as you stated it could be related to the storing of emails as lowercase now, however LDAP should not have an issue confirming authentication using lowercase emails, we use it in our other systems.

I will check the logs when I get approval to upgrade again, I had to roll back because its end of months and people want reports.

many thanks for your assistance.

@charliedv84 But is the email in core_user.email perhaps initially stored with mixed case? If this only happens to a single user, then it should be fairly simple to look through the Metabase application database and see what the difference is between the working and non-working users.

@flamber, @charliedv84 We’re seeing the same error - but so far only with some Admin permissioned people. We upgraded to 0.37.0.2 from 0.36.6 last night and 3 admin users are running into this today. Not all Admins have the issue. We have not yet heard of a non-Admin user having the issue. will edit if we do today. May revert tonight.

@flamber, @charliedv84 It appears to be casing like you state. We reverted to 36.6 and both came in via a 'new' ldap user fine. CK, we attempted deactivating and reactivating in 37.0.2 but it didn't work. Both MK and CK were removed from Admin in 37.0.2 to see if that had anything to do with it. It didn't. These pictures are from 36.6, we're deactivating the lowercase users to get back down to one id per user. These emails in our AD are stored full lowercase.

We have the same problem with LDAP authentication.
I have updated the email in the core_user table to match the case of the entry in LDAP. It worked.

For reference:
https://github.com/metabase/metabase/issues/13739 - upvote by clicking :+1: on the first post