Skip to content
This repository has been archived by the owner on Jun 2, 2023. It is now read-only.

The server is not operational, using LDAPS at 636 #669

Open
RPDJF opened this issue Jun 24, 2022 · 1 comment
Open

The server is not operational, using LDAPS at 636 #669

RPDJF opened this issue Jun 24, 2022 · 1 comment

Comments

@RPDJF
Copy link

RPDJF commented Jun 24, 2022

PassCore Server

  • OS: Windws

  • Provider: LDAP

  • Settings file (without sensitive information):
    {
    "Logging": {
    "IncludeScopes": false,
    "LogLevel": {
    "Default": "Debug",
    "System": "Information",
    "Microsoft": "Information"
    }
    },
    "WebSettings": {
    "EnableHttpsRedirect": true
    },
    "AppSettings": {
    // The following options for AD Provider (remove if you don't use this Provider)
    "UseAutomaticContext": false, // Set true to allow PassCore to reset password using the same credentials, or false if you will fill the credentials below
    "RestrictedADGroups": [], // Set the AD groups to restrict the use of PassCore
    "AllowedADGroups": [], // Set the AD Groups to allow PassCore, if the array is empty all the groups no-restricted above are allowed
    "IdTypeForUser": "UPN", // Possible values are "DN", "GUID", "Name", "SAM", "SID" and "UPN" (Default UPN)
    "UpdateLastPassword": false, // Set true to allow PassCore to update the last password timestamp
    // The following options are for LDAP Provider (remove if you don't use this Provider)
    "LdapSearchBase": "OU=Users,OU=Home,DC=internal,DC=society,DC=ch",
    "LdapSecureSocketLayer": true, // Default for AD is true when using LDAPS 636
    "LdapStartTls": false, // Default for AD is true when using LDAP 389
    "LdapChangePasswordWithDelAdd": true,
    "LdapSearchFilter": "(sAMAccountName={Username})", // Another value: "(&(objectClass=person)(cn={Username}))"
    // General options (valid for both providers)
    "LdapHostnames": ["dc01.internal.society.ch"], // Set your hostname(s)
    "LdapPort": 636, // Default for AD is 389, for LDAPS 636
    "LdapUsername": "user", // Set the username or distinguish name (DN) to bind the LDAP server
    "LdapPassword": "pass", // Set the password for the username
    "DefaultDomain": "" // Set your default AD domain here, or non "@" logins will not work! Use empty value to allow user to set the domain. This option is ONLY available with UPN.
    },
    "ClientSettings": {
    "ValidationRegex": {
    "EmailRegex": "^[a-zA-Z0-9.!#$%&’+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)$",
    "UsernameRegex": "^[a-zA-Z0-9._-]{3,20}$"
    },
    "UsePasswordGeneration": false, //Set true to let PassCore create a new password for the current account. If true the user can not customize its new password.
    "MinimumDistance": 0, //The minimum distance beetween the old and the new password, this is used to enforce the edit distance using the levenshtein distance algorithm.
    "PasswordEntropy": 16, // the number of bytes of entropy to use for generated passwords
    "ShowPasswordMeter": true,
    "MinimumScore": 0, //The minimum acceptable score that the user's new password needs to get at being evaluated by ZXCVBN to be established as the new password.
    "Recaptcha": {
    "SiteKey": "", // ReCAPTCHA public key: replace this! or leave empty if you don't need ReCAPTCHA
    "PrivateKey": "", // ReCAPTCHA private key: replace this! or leave empty if you don't need ReCAPTCHA
    "LanguageCode": ""
    },
    "UseEmail": "true",
    "ApplicationTitle": "society",
    "ChangePasswordTitle": "society",
    "ChangePasswordForm": {
    "HelpText": "Pour obtenir de l'aide contacter le Service IT",
    "UsernameLabel": "Adresse e-mail",
    "UsernameHelpblock": "Renseigner votre adresse e-mail d'entreprise",
    "UsernameDefaultDomainHelperBlock": "Votre adresse e-mail d'entreprise",
    "CurrentPasswordLabel": "Mot de passe actuel",
    "CurrentPasswordHelpblock": "Renseigner votre mot de passe actuel",
    "NewPasswordLabel": "Nouveau mot de passe",
    "NewPasswordHelpblock": "Vous pouvez générer un mot de passe sécurisé en cliquant ici.",
    "NewPasswordVerifyLabel": "Confirmer votre nouveau mot de passe",
    "NewPasswordVerifyHelpblock": "Confirmer votre nouveau mot de passe",
    "ChangePasswordButtonLabel": "Modifier le mot de passe"
    },
    "ErrorsPasswordForm": {
    "FieldRequired": "Ce champ est requis",
    "UsernamePattern": "Veuillez entrer une adresse email valide",
    "UsernameEmailPattern": "Veuillez entrer une adresse email valide",
    "PasswordMatch": "Les mots de passe ne correspondent pas"
    },
    "Alerts": {
    "SuccessAlertTitle": "Mot de passe modifié avec succès.",
    "SuccessAlertBody": "ATTENTION : Vous avez changé votre mot de passe, mais votre ordinateur portable a encore l’ancien. Pour confirmer le changement sur votre laptop, verrouillez votre ordinateur (CTR+ALT+DEL, choisir “Verrouiller”) et déverrouillez-le. Depuis l’extérieur du réseau informatique Society, connectez le VPN avant de faire cette opération. Service IT.",
    "ErrorPasswordChangeNotAllowed": "Vous n'êtes pas autorisé à modifier votre mot de passe. Veuillez contacter votre administrateur.",
    "ErrorInvalidCredentials": "Le mot de passe actuel est incorrecte.",
    "ErrorInvalidDomain": "Le domaine est inconnu.",
    "ErrorInvalidUser": "Adresse e-mail inconnue.",
    "ErrorCaptcha": "Impossible de vérifier que vous n'êtes pas un robots. Actualisez la page.",
    "ErrorFieldRequired": "Merci de remplir tous les champs.",
    "ErrorFieldMismatch": "Les mots de passe ne correspondent pas.",
    "ErrorComplexPassword": "Le nouveau mot de passe ne respecte pas les critères de complexité minimale.",
    "ErrorConnectionLdap": "Impossible d'atteindre le serveur LDAP.",
    "ErrorScorePassword": "Le nouveau mot de passe n'est pas suffisament complexe.",
    "ErrorDistancePassword": "Le nouveau mot de passe est trop similaire au précédent.",
    "ErrorPwnedPassword": "Le mot de passe que vous tentez d'utiliser est connu publiquement et peut être utilisé lors d'attaques malveillantes!"
    }
    }
    }

  • Log file (without sensitive information):
    Hosting environment: Production

Content root path: C:\passcore

Now listening on: http://cptest.society.ch:80/

Now listening on: https://cptest.society.ch:443/

Application started. Press Ctrl+C to shut down.

info: Microsoft.AspNetCore.Hosting.Diagnostics[1]

  Request starting HTTP/2.0 POST https://cptest.society.ch/api/password application/json 129

info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]

  Executing endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'

info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]

  Route matched with {action = "Post", controller = "Password"}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web.Models.ChangePasswordModel) on controller Unosquare.PassCore.Web.Controllers.PasswordController (Unosquare.PassCore.Web).

info: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]

  PerformPasswordChange for user [email protected]

warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]

  Not using AutomaticContext  dc01.internal.society.ch:636

warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]

  The server is not operational.

info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]

  Executing ObjectResult, writing value of type 'Unosquare.PassCore.Web.Models.ApiResult'.

info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]

  Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 175.3988ms

info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]

  Executed endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'

info: Microsoft.AspNetCore.Hosting.Diagnostics[2]

  Request finished in 263.4488ms 400 application/json; charset=utf-8

Describe the bug
Displays "The server is not operational." when using LDAPs at 636.
Works fine when using LDAP at 389.
We tried biding the server by using ldp.exe in 636 SSL, it works perfectly fine.

Note: If you want to report an issue of passcorepro, please use the proper bug report form at https://store.unosquare.com/passcorepro

To Reproduce
Steps to reproduce the behavior:

  1. Define "636" as port in use
  2. LdapSecureSocketLayer to true
  3. LdapStartTls to false
  4. Restart the IIS application
  5. Try to change the password of an user
  6. The webpage displays message "The server is not operational"

Expected behavior
We expect that users would be able to change password using LDAPs at 636
Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.
We're using the release 4.2.0 because of the last one spamming LDAP requests.

@dontcareaboutmyusername

Hi @RPDJF ,

I am facing the same issue. Have you been able to solve this?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants