rancher: Failed to get attributes for some LDAP users

Rancher versions: rancher/server or rancher/rancher: v2.0.8

Infrastructure Stack versions: kubernetes: v1.11.2 freeipa: 4.5.4

**Docker version: 17.03.2-ce

Operating system and kernel: (cat /etc/os-release, uname -r preferred)

Type/provider of hosts: Bare-metal

Setup details: single node rancher

Environment Template: Kubernetes

Steps to Reproduce: I don’t know for sure, but maybe it is connected with large attributes number inside LDAP user. Some users can’t login via LDAP, but some of them can

Results:

GUI shows:

No response received

There is an error in logs:

[ERROR] Failed to get attributes for uid=kvaps,cn=users,cn=accounts,dc=example,dc=org
[INFO] 2018/09/21 10:15:37 http: panic serving 10.31.1.145:53468: runtime error: invalid memory address or nil pointer dereference
[INFO] goroutine 456233 [running]:
[INFO] net/http.(*conn).serve.func1(0xc43e684dc0)
[INFO]      /usr/local/go/src/net/http/server.go:1697 +0xd0
[INFO] panic(0x49742c0, 0xbfb7c50)
[INFO]      /usr/local/go/src/runtime/panic.go:491 +0x283
[INFO] github.com/rancher/rancher/pkg/auth/providers/ldap.(*ldapProvider).getPrincipalsFromSearchResult(0xc42bb58630, 0xc43e1deaf0, 0xc43db929b0, 0xc4210c3400, 0xc43d89a5a0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
[INFO]      /go/src/github.com/rancher/rancher/pkg/auth/providers/ldap/ldap_client.go:134 +0x532
[INFO] github.com/rancher/rancher/pkg/auth/providers/ldap.(*ldapProvider).loginUser(0xc42bb58630, 0xc42a8e9390, 0xc4210c3400, 0xc43ace5290, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
[INFO]      /go/src/github.com/rancher/rancher/pkg/auth/providers/ldap/ldap_client.go:79 +0x10ad
[INFO] github.com/rancher/rancher/pkg/auth/providers/ldap.(*ldapProvider).testAndApply(0xc42bb58630, 0xc4338e9d27, 0xc, 0xc43c916c20, 0xc427a0aea0, 0x7, 0xc058aa0)
[INFO]      /go/src/github.com/rancher/rancher/pkg/auth/providers/ldap/ldap_actions.go:76 +0x516
[INFO] github.com/rancher/rancher/pkg/auth/providers/ldap.(*ldapProvider).actionHandler(0xc42bb58630, 0xc4338e9d27, 0xc, 0xc43c916c20, 0xc427a0aea0, 0x0, 0x0)
[INFO]      /go/src/github.com/rancher/rancher/pkg/auth/providers/ldap/ldap_actions.go:33 +0x1eb
[INFO] github.com/rancher/rancher/pkg/auth/providers/ldap.(*ldapProvider).(github.com/rancher/rancher/pkg/auth/providers/ldap.actionHandler)-fm(0xc4338e9d27, 0xc, 0xc43c916c20, 0xc427a0aea0, 0xc431cc0cf3, 0x7)
[INFO]      /go/src/github.com/rancher/rancher/pkg/auth/providers/ldap/ldap_provider.go:66 +0x52
[INFO] github.com/rancher/rancher/vendor/github.com/rancher/norman/api.handleAction(0xc43c916c20, 0xc427a0aea0, 0x0, 0x0)
[INFO]      /go/src/github.com/rancher/rancher/vendor/github.com/rancher/norman/api/server.go:254 +0x62
[INFO] github.com/rancher/rancher/vendor/github.com/rancher/norman/api.(*Server).handle(0xc42ce6e840, 0xc0304c0, 0xc43d271960, 0xc432def600, 0xc4328a58c8, 0xc4328a58d0, 0xc432def600)
[INFO]      /go/src/github.com/rancher/rancher/vendor/github.com/rancher/norman/api/server.go:242 +0xdb
[INFO] github.com/rancher/rancher/vendor/github.com/rancher/norman/api.(*Server).ServeHTTP(0xc42ce6e840, 0xc0304c0, 0xc43d271960, 0xc432def600)
[INFO]      /go/src/github.com/rancher/rancher/vendor/github.com/rancher/norman/api/server.go:171 +0x49
[INFO] github.com/rancher/rancher/vendor/github.com/gorilla/mux.(*Router).ServeHTTP(0xc42c2eff10, 0xc0304c0, 0xc43d271960, 0xc432def600)
[INFO]      /go/src/github.com/rancher/rancher/vendor/github.com/gorilla/mux/mux.go:159 +0xed
[INFO] github.com/rancher/rancher/pkg/filter.authHandler.ServeHTTP(0xbffc880, 0xc42eb905a0, 0xbfe43c0, 0xc42c2eff10, 0x0, 0xc0304c0, 0xc43d271960, 0xc432def400)
[INFO]      /go/src/github.com/rancher/rancher/pkg/filter/filter.go:92 +0x2ed
[INFO] github.com/rancher/rancher/pkg/filter.(*authHandler).ServeHTTP(0xc42bc1b1d0, 0xc0304c0, 0xc43d271960, 0xc432def400)
[INFO]      <autogenerated>:1 +0x76
[INFO] github.com/rancher/rancher/vendor/github.com/gorilla/mux.(*Router).ServeHTTP(0xc42c2efea0, 0xc0304c0, 0xc43d271960, 0xc432def400)
[INFO]      /go/src/github.com/rancher/rancher/vendor/github.com/gorilla/mux/mux.go:159 +0xed
[INFO] github.com/rancher/rancher/pkg/dynamiclistener.(*Server).cacheIPHandler.func1(0xc0304c0, 0xc43d271960, 0xc432def200)
[INFO]      /go/src/github.com/rancher/rancher/pkg/dynamiclistener/server.go:376 +0x103
[INFO] net/http.HandlerFunc.ServeHTTP(0xc4252c99c0, 0xc0304c0, 0xc43d271960, 0xc432def200)
[INFO]      /usr/local/go/src/net/http/server.go:1918 +0x44
[INFO] net/http.serverHandler.ServeHTTP(0xc42ba58a90, 0xc0304c0, 0xc43d271960, 0xc432def200)
[INFO]      /usr/local/go/src/net/http/server.go:2619 +0xb4
[INFO] net/http.(*conn).serve(0xc43e684dc0, 0xc034180, 0xc43d928d00)
[INFO]      /usr/local/go/src/net/http/server.go:1801 +0x71d
[INFO] created by net/http.(*Server).Serve
[INFO]      /usr/local/go/src/net/http/server.go:2720 +0x288

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 23 (7 by maintainers)

Most upvoted comments

@mrajashree @dramich I am reopening this issue to see if we want to go with making case insensitive searches.

+1
sangeethah on Sep 26, 2018

Agree, problem is exactly here, after changing objectClass: inetorgperson to objectClass: inetOrgPerson in rancher config, my user started working, but old one isn’t working anymore.

You probably should correct the check for objectClasses to be case insensitive.

+1
kvaps on Sep 25, 2018
Read more comments on GitHub
← rancher: Failed to find system images for version : resource name may not be empty
rancher: Failed to get job complete status for job rke-network-plugin-deploy-job →