LDAP auth works, but creates a panic
ogmueller opened this issue · 5 comments
ogmueller commented
The authentication with LDAP works, but it will create these panics as seen in first block. It is possible to use the app behind it, but after a while (i guess the session is dropped) it goes into more panics and it dies with "Internal Server Error" (500) as seen in the second block. After that I could only restart traefic to recover and the whole things starts over again.
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[] 0xc002c84fc0 true {0xc0026aca00 {0xc002934e80 0xc002c8c388 406}} ldapAuth_session_token}
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:52: No session found! Trying to authenticate in LDAP
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Host: ldap.host.com
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Connect Address: ldap.host.com:636
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Running in Bind Mode
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Authenticating User: uid=user,ou=people,dc=host,dc=com
traefik | INFO: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Authentication succeeded
traefik | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/conn.go:264:2: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:49:03Z"}
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[authenticated:true username:user] 0xc00077b1c0 false {0xc0026aca00 {0xc002934e80 0xc00198e800 406}} ldapAuth_session_token}
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:52: [no valid 'Authorization: Basic xxxx' header found in request]
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[authenticated:true username: user] 0xc001f10c40 false {0xc0026aca00 {0xc002934e80 0xc001950700 406}} ldapAuth_session_token}
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session token Valid! Passing request...
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[authenticated:true username: user] 0xc002c85840 false {0xc0026aca00 {0xc002934e80 0xc002c8cbc0 406}} ldapAuth_session_token}
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session token Valid! Passing request...
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:51: Session details: &{ map[authenticated:true username: user] 0xc000a96bc0 false {0xc0026aca00 {0xc002934e80 0xc002d18898 406}} ldapAuth_session_token}
traefik | DEBUG: ldapAuth: 2023/02/21 18:49:03 restricted.go:52: [no valid 'Authorization: Basic xxxx' header found in request]
2nd block:
traefik | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Session details: &{ map[] 0xc001f75100 true {0xc0026aca00 {0xc002934e80 0xc0019d2de0 406}} ldapAuth_session_token}
traefik | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:52: No session found! Trying to authenticate in LDAP
traefik | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Host: ldap.host.com
traefik | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Connect Address: ldap.host.com:636
traefik | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Running in Bind Mode
traefik | DEBUG: ldapAuth: 2023/02/21 18:56:34 restricted.go:51: Authenticating User: uid=user,ou=people,dc=host,dc=com
traefik | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/request.go:50:2: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
traefik | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/bind.go:61:5: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
traefik | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/bind.go:100:3: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
traefik | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/ldapauth.go:232:5: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
traefik | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/ldapauth.go:125:6: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
wiltonsr commented
Which Traefik version are you using?
traefik | {"level":"error","module":"github.com/wiltonsr/ldapAuth","msg":"plugins-storage/sources/gop-3099684647/src/github.com/wiltonsr/ldapAuth/vendor/github.com/go-ldap/ldap/v3/request.go:50:2: panic","plugin":"plugin-ldapAuth","time":"2023-02-21T18:56:34Z"}
Looks like the problem is with go-ldap.
ogmueller commented
traefik:v2.9
wiltonsr commented
Hello, @ogmueller
I have tested with v2.9.8 and can't reproduce your error.
Can you test with another server/machine and provide more details?
ogmueller commented
These are our traefik plugin settings for LDAP
http:
middlewares:
teqneers-ldapAuth:
plugin:
ldapAuth:
Attribute: uid
BaseDn: ou=people,dc=host,dc=com
Enabled: "true"
Url: ldaps://ldap.host.com
LogLevel: DEBUG
useTLS: "true"
Port: "636"
We are using a "standard" slapd server:
Package: slapd
Version: 2.4.49+dfsg-2ubuntu1.9
Docker version 23.0.1, build a5ee5b1 on latest Ubuntu 22.04.