Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth.ldap disappeared in vault logs #28205

Open
Slm0n87 opened this issue Aug 28, 2024 · 1 comment
Open

auth.ldap disappeared in vault logs #28205

Slm0n87 opened this issue Aug 28, 2024 · 1 comment
Assignees
@biazmoreira
Labels
auth/ldap bug Used to indicate a potential bug core/log

Comments

@Slm0n87
Copy link

Slm0n87 commented Aug 28, 2024
edited
Loading

Describe the bug
In May 2023 I debugged an issue for the login of an user with ldap authentication.
With the enabling of the vault debug log I got the following lines in the vault logs:

May 17 10:34:15 vault-server01 vault[402703]: 2023-05-17T10:34:15.331Z [DEBUG] auth.ldap.auth_ldap_0f21e7f8: user binddn fetched: username=xxxxxxxxx binddn="cn=xxxxxxxxx,ou=usr,o=employee"
May 17 10:34:18 vault-server01 vault[402703]: 2023-05-17T10:34:18.350Z [DEBUG] auth.ldap.auth_ldap_0f21e7f8: ldap bind failed: error="LDAP Result Code 49 \"Invalid Credentials\": NDS error: failed authentication (-669)"

Today I tried to repeat the same thing and I also see debug - log output, but even if I login via ldap by myself there is no logline regards auth.ldap anymore.

To Reproduce
Steps to reproduce the behavior:

  1. Have a setup with working ldap authentication
  2. Enable debug logging by adding log_level = "Debug" to /etc/vault.d/vault.hcl
  3. Restart & unseal vault
  4. Try to login via ldap - for example with a wrong password
  5. There are no debug loglines for auth.ldap anymore

Expected behavior
Debug logs should show logs for auth.ldap

Environment:

  • Vault Server Version (retrieve with vault status): 1.17.2
  • Vault CLI Version (retrieve with vault version): 1.17.2
  • Server Operating System/Architecture: Ubuntu 22.04 / x86_64

Vault server configuration file(s):

storage "raft" {
  path    = "/space/raft-storage/vault-server01"
  node_id = "vault-server01"
}

listener "tcp" {
  address = "[::]:8200"
  cluster_address = "[xxxxxxxxx]:8201"
  xxxxxxxxx
  xxxxxxxxx
  x_forwarded_for_authorized_addrs = "::1"
  x_forwarded_for_reject_not_present = "false"
}

cluster_addr = "http://[xxxxxxxx]:8201"
api_addr = "https://xxxxxxx:8200"
cluster_name = "vault"
telemetry {
  statsd_address = "127.0.0.1:8125"
  disable_hostname = true
  usage_gauge_period = "5m"
}
raw_storage_endpoint = "true"
ui = "true"

user_lockout "approle" {
 disable_lockout = "true"
}
log_level = "Debug"
@heatherezell heatherezell added bug Used to indicate a potential bug auth/ldap core/log labels Aug 28, 2024
@biazmoreira
Copy link
Contributor

@Slm0n87, what was the vault version you could see debug lines and the vault version you are running right now?

@biazmoreira biazmoreira self-assigned this Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@biazmoreira biazmoreira

Labels
auth/ldap bug Used to indicate a potential bug core/log
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Slm0n87 @biazmoreira @heatherezell