LDAP: cannot update information in database due to encoding

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
theseus
Posts: 2
Joined: 16 Dec 2019, 08:11

LDAP: cannot update information in database due to encoding

Post by theseus »

Hello all,

I installed Mantis BT through a docker container which I modified to use LDAP.
I configured my install using these settings:

Code: Select all

#LDAP
$g_login_method			= LDAP;
$g_reauthentication_expiry	= 3600;
$g_ldap_server			        = '<DC_IP>:389';
$g_ldap_root_dn			= '<OUR_OU>';
$g_ldap_bind_dn			= '<DC_BIND_USER>';
$g_ldap_bind_passwd		= '<DC_BIND_PWD>';
$g_ldap_uid_field		        = 'sAMAccountName';
$g_ldap_realname_field		= 'CN';
$g_use_ldap_realname		= ON;
$g_use_ldap_email		        = ON;
$g_log_level			        = LOG_LDAP;
$g_log_destination		        = 'file:/var/www/html/config/debug.log';
I cannot log in because I receive the following error:

Code: Select all


APPLICATION ERROR #401

Database query failed. Error received from database was #-1: ERROR: invalid byte sequence for encoding "UTF8": 0xe9 0x67 0x6f for the query: UPDATE mantis_user_mantis SET password=$1 , realname=$2 , email=$3 WHERE id=$4.
Please use the "Back" button in your web browser to return to the previous page. There you can correct whatever problems were identified in this error or select another action. You can also click an option from the menu bar to go directly to a new section.
The user real name I try to connect with has non-ascii characters: "Grégory"

In the debug file, I see that the LDAP has been working correctly and I believe it's really the last part (updating the login and password in the DB that causes the issue):

Code: Select all

2019-12-16 08:52 CET LDAP ldap_api.php:327 ldap_authenticate_by_username() Binding to LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:63 ldap_connect_bind() Attempting connection to LDAP server/URI '<DC_IP>:389'.
2019-12-16 08:52 CET LDAP ldap_api.php:66 ldap_connect_bind() Connection accepted by LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:101 ldap_connect_bind() Attempting bind to ldap server with username and password
2019-12-16 08:52 CET LDAP ldap_api.php:114 ldap_connect_bind() Bind to ldap server successful
2019-12-16 08:52 CET LDAP ldap_api.php:335 ldap_authenticate_by_username() Searching for (&(sAMAccountName=administrator))
2019-12-16 08:52 CET LDAP ldap_api.php:367 ldap_authenticate_by_username() No matching entries found
2019-12-16 08:52 CET LDAP ldap_api.php:370 ldap_authenticate_by_username() Unbinding from LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:397 ldap_authenticate_by_username() Authentication failed
2019-12-16 08:52 CET LDAP ldap_api.php:227 ldap_get_field_from_username() Retrieving field 'mail' for 'gsa'
2019-12-16 08:52 CET LDAP ldap_api.php:230 ldap_get_field_from_username() Binding to LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:63 ldap_connect_bind() Attempting connection to LDAP server/URI '<DC_IP>:389'.
2019-12-16 08:52 CET LDAP ldap_api.php:66 ldap_connect_bind() Connection accepted by LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:101 ldap_connect_bind() Attempting bind to ldap server with username and password
2019-12-16 08:52 CET LDAP ldap_api.php:114 ldap_connect_bind() Bind to ldap server successful
2019-12-16 08:52 CET LDAP ldap_api.php:241 ldap_get_field_from_username() Searching for (&(sAMAccountName=gsa))
2019-12-16 08:52 CET LDAP ldap_api.php:259 ldap_get_field_from_username() Unbinding from LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:273 ldap_get_field_from_username() Found value 'gregory.<name>@<name>.com' for field 'mail'.
2019-12-16 08:52 CET LDAP ldap_api.php:227 ldap_get_field_from_username() Retrieving field 'mail' for 'gsa'
2019-12-16 08:52 CET LDAP ldap_api.php:230 ldap_get_field_from_username() Binding to LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:63 ldap_connect_bind() Attempting connection to LDAP server/URI '<DC_IP>:389'.
2019-12-16 08:52 CET LDAP ldap_api.php:66 ldap_connect_bind() Connection accepted by LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:101 ldap_connect_bind() Attempting bind to ldap server with username and password
2019-12-16 08:52 CET LDAP ldap_api.php:114 ldap_connect_bind() Bind to ldap server successful
2019-12-16 08:52 CET LDAP ldap_api.php:241 ldap_get_field_from_username() Searching for (&(sAMAccountName=gsa))
2019-12-16 08:52 CET LDAP ldap_api.php:259 ldap_get_field_from_username() Unbinding from LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:273 ldap_get_field_from_username() Found value 'gregory.<name>@<name>.com' for field 'mail'.
2019-12-16 08:52 CET LDAP ldap_api.php:327 ldap_authenticate_by_username() Binding to LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:63 ldap_connect_bind() Attempting connection to LDAP server/URI '<DC_IP>:389'.
2019-12-16 08:52 CET LDAP ldap_api.php:66 ldap_connect_bind() Connection accepted by LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:101 ldap_connect_bind() Attempting bind to ldap server with username and password
2019-12-16 08:52 CET LDAP ldap_api.php:114 ldap_connect_bind() Bind to ldap server successful
2019-12-16 08:52 CET LDAP ldap_api.php:335 ldap_authenticate_by_username() Searching for (&(sAMAccountName=gsa))
2019-12-16 08:52 CET LDAP ldap_api.php:358 ldap_authenticate_by_username() Checking CN=Grgory <name>,<rest_of_the_OU>
2019-12-16 08:52 CET LDAP ldap_api.php:370 ldap_authenticate_by_username() Unbinding from LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:227 ldap_get_field_from_username() Retrieving field 'CN' for 'gsa'
2019-12-16 08:52 CET LDAP ldap_api.php:230 ldap_get_field_from_username() Binding to LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:63 ldap_connect_bind() Attempting connection to LDAP server/URI '<DC_IP>:389'.
2019-12-16 08:52 CET LDAP ldap_api.php:66 ldap_connect_bind() Connection accepted by LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:101 ldap_connect_bind() Attempting bind to ldap server with username and password
2019-12-16 08:52 CET LDAP ldap_api.php:114 ldap_connect_bind() Bind to ldap server successful
2019-12-16 08:52 CET LDAP ldap_api.php:241 ldap_get_field_from_username() Searching for (&(sAMAccountName=gsa))
2019-12-16 08:52 CET LDAP ldap_api.php:259 ldap_get_field_from_username() Unbinding from LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:273 ldap_get_field_from_username() Found value 'Grgory <name>' for field 'CN'.
2019-12-16 08:52 CET LDAP ldap_api.php:227 ldap_get_field_from_username() Retrieving field 'mail' for 'gsa'
2019-12-16 08:52 CET LDAP ldap_api.php:230 ldap_get_field_from_username() Binding to LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:63 ldap_connect_bind() Attempting connection to LDAP server/URI '<DC_IP>:389'.
2019-12-16 08:52 CET LDAP ldap_api.php:66 ldap_connect_bind() Connection accepted by LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:101 ldap_connect_bind() Attempting bind to ldap server with username and password
2019-12-16 08:52 CET LDAP ldap_api.php:114 ldap_connect_bind() Bind to ldap server successful
2019-12-16 08:52 CET LDAP ldap_api.php:241 ldap_get_field_from_username() Searching for (&(sAMAccountName=gsa))
2019-12-16 08:52 CET LDAP ldap_api.php:259 ldap_get_field_from_username() Unbinding from LDAP server
2019-12-16 08:52 CET LDAP ldap_api.php:273 ldap_get_field_from_username() Found value 'gregory.<name>@<name>.com' for field 'mail'.
As you can see in the above log, the data used by PHP seems already to be dodgy as I already lost my "é" :( :

Code: Select all

[...]
2019-12-16 08:52 CET LDAP ldap_api.php:358 ldap_authenticate_by_username() Checking CN=Grgory <name>,<rest_of_the_OU>
[...]
I tried to run the query directly in my DB with the non-ascii characters and it's working fine.
I have checked the encoding in my database and it seems to be all OK:

Code: Select all

postgres=# show server_encoding ;
 server_encoding 
-----------------
 UTF8
(1 row)

postgres=# show client_encoding ;
 client_encoding 
-----------------
 UTF8
(1 row)
I have mbstring installed as part of the container, so it should be able to support UTF-8.

As mentioned in my signature, the info about the components are:

Mantis: 2.23.0
PHP: 5.6
SQL: PostgreSQL 11
Web: Apache
Deployment: Docker (xlrl/mantisbt image modified to include ldap)
OS: Ubuntu server 18.04

Any help would be greatly appreciated!
Mantis: 2.23.0
PHP: 5.6
SQL: PostgreSQL 11
Web: Apache
Deployment: Docker (xlrl/mantisbt image modified to include ldap)
OS: Ubuntu server 18.04
dregad
Developer
Posts: 75
Joined: 26 Jul 2010, 14:24

Re: LDAP: cannot update information in database due to encoding

Post by dregad »

Possibly the same issue, with MantisBT 2.24.3 - https://mantisbt.org/bugs/view.php?id=27420

@theseus did you ever find a solution to your problem ?
dregad
Developer
Posts: 75
Joined: 26 Jul 2010, 14:24

Re: LDAP: cannot update information in database due to encoding

Post by dregad »

Just a thought, the reference to samAccountName in $g_ldap_uid_field configuration parameter indicates that you are using LDAP to access an Active Directory server, but you did not set

Code: Select all

$g_ldap_protocol_version = 3;
which is required for such connections, as documented in the Admin Guide.

Microsoft documentation states (emphasis mine):
When processing an LDAP v2 request, Active Directory exhibits the following behavioral differences from processing an LDAP v3 request:
  • Instead of using the UTF-8 character encoding for LDAPString [RFC2251], the system's configured code page is used.
  • Referrals and continuation references are generated using the format for LDAP v2 referrals as specified in section 3.1.1.3.4.
Which possibly explains the reported behavior.
theseus
Posts: 2
Joined: 16 Dec 2019, 08:11

Re: LDAP: cannot update information in database due to encoding

Post by theseus »

You are right, that did the trick !

Thank you very much!
Mantis: 2.23.0
PHP: 5.6
SQL: PostgreSQL 11
Web: Apache
Deployment: Docker (xlrl/mantisbt image modified to include ldap)
OS: Ubuntu server 18.04
Post Reply