Project

General

Profile

Actions

Bug #9926

closed

LdapError: unsupported encryption method with LDAP auth source

Added by Alexandre Barth over 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

I've juste upgraded from 1.8.0 RC1 to 1.8.0 RC2, when i want to login using an ldap account, i get the following error :

Started POST "/users/login" for 192.168.0.1 at 2015-03-27 14:42:32 +0100
2015-03-27 14:42:32 [I] Processing by UsersController#login as HTML
2015-03-27 14:42:32 [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"ZOnsMh5ABcz6MEzjE4wRrcLEvnMeYm6hHk+1hnxsUg8=", "login"=>{"login"=>"alexandre.barth", "password"=>"[FILTERED]"}, "commit"=>"Login"}
2015-03-27 14:42:32 [W] Operation FAILED: LdapError: unsupported encryption method
2015-03-27 14:42:32 [I] Rendered common/500.html.erb within layouts/application (3.7ms)
2015-03-27 14:42:32 [I] Rendered layouts/base.html.erb (1.3ms)
2015-03-27 14:42:32 [I] Completed 500 Internal Server Error in 15ms (Views: 6.4ms | ActiveRecord: 1.7ms)

This was working in 1.8.0 RC1 and all previous versions.


Related issues 1 (0 open1 closed)

Related to Foreman - Bug #9885: CVE-2015-1816 - LDAP server SSL certificate not verifiedClosedMarek Hulán03/24/2015Actions
Actions #1

Updated by Dominic Cleal over 9 years ago

  • Subject changed from no more Ldap connection to LdapError: unsupported encryption method with LDAP auth source
  • Category set to Authentication

Is your LDAP auth source in Foreman configured with SSL?

Actions #2

Updated by Dominic Cleal over 9 years ago

  • Related to Bug #9885: CVE-2015-1816 - LDAP server SSL certificate not verified added
Actions #3

Updated by Alexandre Barth over 9 years ago

No, i'm not using ldaps.

Actions #4

Updated by Dominic Cleal over 9 years ago

Ah, I wonder if we're constructing this badly then and all of :encryption should be nil rather than just :method here: https://github.com/theforeman/foreman/blob/1.8.0-RC2/app/models/auth_sources/auth_source_ldap.rb#L83

Actions #5

Updated by Alex Derr over 9 years ago

Dominic Cleal wrote:

Ah, I wonder if we're constructing this badly then and all of :encryption should be nil rather than just :method here: https://github.com/theforeman/foreman/blob/1.8.0-RC2/app/models/auth_sources/auth_source_ldap.rb#L83

The work around that I am using is to just comment out the encryption_config for now:
  1. method = tls ? :simple_tls : nil
  2. { :method => method, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_PEER } }
    end
def encryption_config

My LDAP w/o SSL is working again.

Actions #6

Updated by Alex Derr over 9 years ago

  def encryption_config
#    method = tls ? :simple_tls : nil
#    { :method => method, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_PEER } }
  end

Actions #7

Updated by The Foreman Bot over 9 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2271 added
  • Pull request deleted ()
Actions #8

Updated by Marek Hulán over 9 years ago

Oh, the hash is used only for simple_tls and start_tls, otherwise encryption is set to nil, I missed this. Alex, could you please test the patch in https://github.com/theforeman/foreman/pull/2271? It should fix it for you but keep SSL working.

Actions #9

Updated by Alex Derr over 9 years ago

Marek Hulán wrote:

Oh, the hash is used only for simple_tls and start_tls, otherwise encryption is set to nil, I missed this. Alex, could you please test the patch in https://github.com/theforeman/foreman/pull/2271? It should fix it for you but keep SSL working.

That seems to be working. Also note, I use LDAP with out SSL. So I can't test if LDAPS is working still or not.

Actions #10

Updated by Dominic Cleal over 9 years ago

  • Assignee set to Marek Hulán
Actions #11

Updated by Marek Hulán over 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF