Skip to content
This repository has been archived by the owner on Jun 2, 2023. It is now read-only.

Linux Docker AD (working conf?) #665

Open
demogorgonz opened this issue Apr 27, 2022 · 2 comments
Open

Linux Docker AD (working conf?) #665

demogorgonz opened this issue Apr 27, 2022 · 2 comments

Comments

@demogorgonz
Copy link

demogorgonz commented Apr 27, 2022
edited
Loading

PassCore Server

  • OS: [Linux]
  • Provider: [Active Directory]
  • Docker

Can anyone share working config for AD setup ? Is port 636 required for password change to work ?

I have been fiddling and got various errors from :

  • unable to connect to host
  • unable to find user
  • etc...

Have tried even windows powershell install, but got requests spamming without password change.

Current run command is (doesn't work) :


docker run \
-e WebSettings__EnableHttpsRedirect='false' \
-e AppSettings__UseAutomaticContext='false' \
-e AppSettings__LdapHostnames__0='dc-01.example.com' \
-e AppSettings__LdapSecureSocketLayer='false' \
-e AppSettings__LdapStartTls='false' \
-e AppSettings__LdapPort='389' \
-e AppSettings__LdapUsername='passcore' \
-e AppSettings__LdapPassword='PW-HERE' \
-e AppSettings__LdapIgnoreTlsValidation='true' \
-e AppSettings__LdapIgnoreTlsErrors='true' \
-e AppSettings__LdapSecureSocketLayer='true' \
-e AppSettings__IdTypeForUser='SAM' \
-e AppSettings__DefaultDomain='example.com' \
-e ClientSettings__UseEmail='false' \
-it \
-p 80:80 \
passcore:latest
@demogorgonz
Copy link
Author

demogorgonz commented Apr 28, 2022
edited
Loading

Ok so i made new AD, enabled CA/SSL.. tripple checked new password against password policy and still get random errors:

{"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request starting HTTP/1.1 POST http://localhost/api/password application/json 164","State":{"Message":"Request starting HTTP/1.1 POST http://localhost/api/password application/json 164","Protocol":"HTTP/1.1","Method":"POST","ContentType":"application/json","Co
ntentLength":164,"Scheme":"http","Host":"localhost","PathBase":"","Path":"/api/password","QueryString":""}}
{"EventId":0,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executing endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","State":{"Message":"Executing endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","
EndpointName":"Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)","{OriginalFormat}":"Executing endpoint \u0027{EndpointName}\u0027"}}
{"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Route matched with {action = \u0022Post\u0022, controller = \u0022Password\u0022}. Executing controller action with signature System.Threading.Tasks.Task\u00601[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web.Models.C
hangePasswordModel) on controller Unosquare.PassCore.Web.Controllers.PasswordController (Unosquare.PassCore.Web).","State":{"Message":"Route matched with {action = \u0022Post\u0022, controller = \u0022Password\u0022}. Executing controller action with signature System.Threading.Tasks.Task\u00601[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web
.Models.ChangePasswordModel) on controller Unosquare.PassCore.Web.Controllers.PasswordController (Unosquare.PassCore.Web).","RouteData":"{action = \u0022Post\u0022, controller = \u0022Password\u0022}","MethodInfo":"System.Threading.Tasks.Task\u00601[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web.Models.ChangePasswordModel)","Controller":"Un
osquare.PassCore.Web.Controllers.PasswordController","AssemblyName":"Unosquare.PassCore.Web","{OriginalFormat}":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName})."}}
{"EventId":0,"LogLevel":"Warning","Category":"PassCoreLDAPProvider","Message":"LDAP query: (sAMAccountName=123)","State":{"Message":"LDAP query: (sAMAccountName=123)","0":"(sAMAccountName=123)","{OriginalFormat}":"LDAP query: {0}"}}
{"EventId":0,"LogLevel":"Warning","Category":"PassCoreLDAPProvider","Message":"Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain. - LdapException: Constraint Violation (19) Constraint Violation
\nLdapException: Server Message: 0000052D: AtrErr: DSID-031910C9, #1:\n\t0: 0000052D: DSID-031910C9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n\u0000\nLdapException: Matched DN: ","State":{"Message":"Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new pa
ssword does not meet the length, complexity, or history requirements of the domain. - LdapException: Constraint Violation (19) Constraint Violation\nLdapException: Server Message: 0000052D: AtrErr: DSID-031910C9, #1:\n\t0: 0000052D: DSID-031910C9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n\u0000\nLdapException: Matched DN: ","0":"LdapE
xception: Constraint Violation (19) Constraint Violation\nLdapException: Server Message: 0000052D: AtrErr: DSID-031910C9, #1:\n\t0: 0000052D: DSID-031910C9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n\u0000\nLdapException: Matched DN: ","{OriginalFormat}":"Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable t
o update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain. - {0}"}}
{"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor","Message":"Executing BadRequestObjectResult, writing value of type \u0027Unosquare.PassCore.Web.Models.ApiResult\u0027.","State":{"Message":"Executing BadRequestObjectResult, writing value of type \u0027Unosquare.PassCore.Web.Models.ApiResult\u0027.",
"ObjectResultType":"BadRequestObjectResult","Type":"Unosquare.PassCore.Web.Models.ApiResult","{OriginalFormat}":"Executing {ObjectResultType}, writing value of type \u0027{Type}\u0027."}}
{"EventId":2,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 60.8681ms","State":{"Message":"Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in
60.8681ms","ActionName":"Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)","ElapsedMilliseconds":60.8681,"{OriginalFormat}":"Executed action {ActionName} in {ElapsedMilliseconds}ms"}}
{"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executed endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","State":{"Message":"Executed endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","En
dpointName":"Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)","{OriginalFormat}":"Executed endpoint \u0027{EndpointName}\u0027"}}
{"EventId":2,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request finished HTTP/1.1 POST http://localhost/api/password application/json 164 - 400 - application/json;\u002Bcharset=utf-8 61.2996ms","State":{"Message":"Request finished HTTP/1.1 POST http://localhost/api/password application/json 164 - 400 - application/
json;\u002Bcharset=utf-8 61.2996ms","ElapsedMilliseconds":61.2996,"StatusCode":400,"ContentType":"application/json; charset=utf-8","ContentLength":null,"Protocol":"HTTP/1.1","Method":"POST","Scheme":"http","Host":"localhost","PathBase":"","Path":"/api/password","QueryString":""}}

With the focus on :
name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.

Run command:

docker run \
-e WebSettings__EnableHttpsRedirect='false' \
-e AppSettings__UseAutomaticContext='false' \
-e AppSettings__LdapHostnames__0='192.168.1.60' \
-e AppSettings__LdapPort='636' \
-e AppSettings__LdapUsername='passcore' \
-e AppSettings__LdapPassword='P@ssw0rd' \
-e ClientSettings__UseEmail='false' \
-e AppSettings__IdTypeForUser='SAM' \
-e AppSettings__DefaultDomain='corp.localdev' \
-e AppSettings__LdapSearchBase='CN=Users,DC=corp,DC=localdev' \
-e AppSettings__LdapSecureSocketLayer='true' \
-e AppSettings__LdapStartTls='false' \
-e AppSettings__LdapIgnoreTlsValidation='true' \
-e AppSettings__LdapIgnoreTlsErrors='true' \
-e AppSettings__RestrictedADGroups='' \
-it \
-p 80:80 \
passcore:latest

passcore user is in Domain Admins group too.

@demogorgonz
Copy link
Author

Managed to get single password reset to work, which can't be repeated across other users or same user (used different and strong password). Seems like project is not stable/working.

@demogorgonz demogorgonz changed the title Linux Docker (working conf?) Linux Docker AD (working conf?) Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@demogorgonz