Unable to login with LDAP group schema

Jbawa · February 10, 2023, 6:08am

Hi Team,

I have followed metabase documentation and was able to login via LDAP with user schema but now when I am trying to login as part of group ad, I am not able to do so.

PFB snippet for reference, where I have displayed my current configuration.

Below is the error, when I am trying to login as part of group member:

[4cdf3f7e-3837-4719-a7b7-67ba8e4582b3] 2023-02-10T09:35:20+04:00 INFO metabase.server.middleware.exceptions Request canceled before finishing.
[4cdf3f7e-3837-4719-a7b7-67ba8e4582b3] 2023-02-10T09:35:22+04:00 DEBUG metabase.server.middleware.log DELETE /api/session 204 3.3 ms (3 DB calls) App DB connections: 0/15 Jetty threads: 4/50 (1 idle, 0 queued) (99 total active threads) Queries in flight: 0 (0 queued)
[4cdf3f7e-3837-4719-a7b7-67ba8e4582b3] 2023-02-10T09:35:23+04:00 DEBUG **metabase.server.middleware.log GET /api/user/current 401 120.1 µs (0 DB calls) **
"Unauthenticated"

[4cdf3f7e-3837-4719-a7b7-67ba8e4582b3] 2023-02-10T09:35:23+04:00 DEBUG metabase.server.middleware.log GET /api/session/properties 200 6.3 ms (1 DB calls) App DB connections: 0/15 Jetty threads: 4/50 (1 idle, 0 queued) (99 total active threads) Queries in flight: 0 (0 queued)
[4cdf3f7e-3837-4719-a7b7-67ba8e4582b3] 2023-02-10T09:35:23+04:00 INFO metabase.server.middleware.exceptions Request canceled before finishing.
[4cdf3f7e-3837-4719-a7b7-67ba8e4582b3] 2023-02-10T09:35:25+04:00 INFO metabase.server.middleware.exceptions Request canceled before finishing.
[4cdf3f7e-3837-4719-a7b7-67ba8e4582b3] 2023-02-10T09:35:31+04:00 ERROR metabase.api.session Authentication endpoint error
clojure.lang.ExceptionInfo: Password did not match stored password. {:status-code 401, :errors {:password "did not match stored password"}}
at metabase.api.session$do_http_401_on_error.invokeStatic(session.clj:156)
at metabase.api.session$do_http_401_on_error.invoke(session.clj:152)
at metabase.api.session$fn__81669.invokeStatic(session.clj:177)
at metabase.api.session$fn__81669.invoke(session.clj:164)
at compojure.core$wrap_response$fn__29313.invoke(core.clj:160)

Can someone plz assist me on above issue ??

Jbawa · February 13, 2023, 9:17am

anyone with any idea, how to deal with it ??

Jbawa · February 20, 2023, 10:42am

anyone suggestions/inputs/thoughts on above issue ??

Luiggi · February 20, 2023, 2:01pm

You haven’t posted troubleshooting info, so it’s difficult to help you as we don’t know if this might be a bug that was fixed already

Jbawa · February 21, 2023, 3:00pm

Thanks for reply @Luiggi

basically when I am passing user filter with " (&(objectClass=user)(|(sAMAccountName={login})(mail={login}))) " this value I am able to login into metabase with AD creds but when I try to replace this with actual values from my AD then it is not allowing me to login.
error says, incorrect stored credentials.

Am I using wrong filter in user schema ??

Luiggi · February 21, 2023, 3:15pm

Is there any reason why you're not sending us the troubleshooting information? (settings->admin->troubleshooting info) so we can have contextual information about your instance?

Jbawa · February 22, 2023, 5:48am

Hi @Luiggi ,

Here you go...

{
"browser-info": {
"language": "en-US",
"platform": "Win32",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
"vendor": "Google Inc."
},
"system-info": {
"file.encoding": "UTF-8",
"java.runtime.name": "OpenJDK Runtime Environment",
"java.runtime.version": "11.0.18+10",
"java.vendor": "Eclipse Adoptium",
"java.vendor.url": "https://adoptium.net/",
"java.version": "11.0.18",
"java.vm.name": "OpenJDK 64-Bit Server VM",
"java.vm.version": "11.0.18+10",
"os.name": "Linux",
"os.version": "5.4.117-58.216.amzn2.x86_64",
"user.language": "en",
"user.timezone": "UTC"
},
"metabase-info": {
"databases": [
"h2",
"postgres"
],
"hosting-env": "unknown",
"application-database": "postgres",
"application-database-details": {
"database": {
"name": "PostgreSQL",
"version": "12.11"
},
"jdbc-driver": {
"name": "PostgreSQL JDBC Driver",
"version": "42.5.0"
}
},
"run-mode": "prod",
"version": {
"date": "2023-01-27",
"tag": "v0.45.2.1",
"branch": "release-x.45.2.x",
"hash": "1a59de7"
},
"settings": {
"report-timezone": null
}
}
}

Jbawa · February 24, 2023, 10:37am

Hi @Luiggi

any update/suggestions ??

Jbawa · March 10, 2023, 8:10am

can anyone help me here ??

Luiggi · March 13, 2023, 2:32am

This issue is taking us more time than usual to tackle since building an LDAP environment and then reproducing takes time. Also please remember that we don't ensure ETA's on the forum, that's only for paid customers

Jbawa · March 13, 2023, 1:34pm

it would be really great, if you could expedite this, as we wanted to move same configuration to PROD once we tested on DEV.

Luiggi · April 11, 2023, 12:15am

I found time to see LDAP issues today, do you see any logs from the LDAP server? I made a demo stack here so you can take a look GitHub - paoliniluis/metabase-ldap: Metabase connected with an LDAP server for SSO