Implement LDAP SYNC button to update users by LDAP_Unique_Identifier_Field

[matlj]

We just upgraded our docker image to 0.18.0 and our users cannot login anymore (openldap binding). We tried to use the new default domain search instead of our custom query that was working in 0.17 but with the same result.
On the other hand, using a LDAP account that never logged in is successful. It seems it can't map the ldap user to the internal existing user (except for new users).

LDAPHandler ➔ info Init login joe
LDAP ➔ connection_info Init setup
LDAP ➔ connection_info Connecting ldap://ldap.xxx.xxx:389
LDAP ➔ connection_debug connectionOptions { url: 'ldap://ldap.xxx.xxx:389',
  timeout: 5000,
  connectTimeout: 10000,
  idleTimeout: 10000,
  reconnect: false }
LDAP ➔ connection_info LDAP connected
LDAP ➔ bind_info Binding admin user cn=rocketservice,ou=People,dc=xxx,dc=xxx
LDAP ➔ search_info Searching user joe
LDAP ➔ search_debug searchOptions { filter: '(&(objectclass=inetOrgPerson)(|(cn=joe)(mail=joe)))',
  scope: 'sub' }
LDAP ➔ search_debug domain_base ou=people,dc=xxx,dc=xxx
LDAP ➔ search_info Search result count 1
LDAP ➔ search_debug Search result [ { messageID: 2,
    protocolOp: 100,
    controls: [],
    log: 
     { domain: null,
       _events: {},
       _maxListeners: 10,
       _isSimpleChild: true,
       _level: 30,
       streams: [Object],
       serializers: [Object],
       src: false,
       fields: [Object] },
    id: [Getter],
    dn: [Getter],
    type: [Getter],
    json: [Getter],
    objectName: 'cn=joe,ou=People,dc=xxx,dc=xxx',
    attributes: 
     [ [Object],
       [Object],
       [Object],
       [Object],
       [Object],
       [Object],
       [Object],
       [Object] ],
    object: [Getter],
    raw: [Getter],
    _dn: [Getter],
    connection: 
     { _connecting: false,
       _handle: [Object],
       _readableState: [Object],
       readable: true,
       domain: null,
       _events: [Object],
       _maxListeners: 10,
       _writableState: [Object],
       writable: true,
       allowHalfOpen: false,
       onend: null,
       destroyed: false,
       bytesRead: 302,
       _bytesDispatched: 193,
       _pendingData: null,
       _pendingEncoding: '',
       pipe: [Function],
       addListener: [Function: addListener],
       on: [Function: addListener],
       pause: [Function],
       resume: [Function],
       read: [Function],
       _consuming: true } } ]
LDAP ➔ auth_info Authenticating cn=joe,ou=People,dc=xxx,dc=xxx
LDAP ➔ auth_info Authenticated cn=joe,ou=People,dc=xxx,dc=xxx
LDAP ➔ connection_info Disconecting
LDAPHandler ➔ info Querying user
LDAPHandler ➔ debug userQuery { 'services.ldap.id': '6d61747468696575' }
LDAPHandler ➔ info User does not exists, creating

[sampaiodiego]

can you please see in the database if there is any visible difference between the new and the old users?
I mean, in the rocketchat database.. users collection.. 😉

[matlj]

Problem is... I don't know how to access the mongo database directly. The DB is running in a docker container :
91c6f6e14e69 mongo "/entrypoint.sh mongo" 4 weeks ago Up 3 weeks 27017/tcp rocketchatdevelop_mongo_1

but I can't connect to TCP port 27017 and the mongodump command returns : couldn't connect to [127.0.0.1] couldn't connect to server 127.0.0.1

[matlj]

Nevermind, I found the data and managed to export it. Indeed, there is a db field on a new user that is missing in all our existing users (ldap ID) :
ldap^@^^@^@^@^Bid^@^O^@^@^@6c617572656e74

The only field with "ldap" on existing users is "ldap name", like this one : ldap^@^A^Bname^@^O^@^@^@joe

[sampaiodiego]

@rodrigok are we setting the services.ldap.id field now but not setting it before?

[engelgabriel]

@rodrigok was there a migration step for this?

[rodrigok]

Leaving the LDAP_Unique_Identifier_Field empty in settings will keep users loging via username.

[matlj]

That worked !! Thank you very much

[engelgabriel]

Ok, thanks @matlj leave this issue open as we will use it to track the implementation of the button that will sync LDAP_Unique_Identifier_Field, and add to the users that dont have it yet too.