View Issue Details

IDProjectCategoryView StatusLast Update
0027420mantisbtauthenticationpublic2020-11-11 16:32
Reportergsac Assigned Todregad  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionno change required 
PlatformdockerOSLinuxOS VersionUbuntu 18.04
Product Version2.24.3 
Summary0027420: Cannot login due to UTF8 character using LDAP
Description

Hello,

I have been using MantisBT using local authentication successfully.
Today, I have enabled LDAP and when I try to log in using my user, it gives me the following error:

APPLICATION ERROR 0000401

Database query failed. Error received from database was #-1: ERROR: invalid byte sequence for encoding "UTF8": 0xe9 0x67 0x6f for the query: UPDATE mantis_user_mantis SET password=$1 , realname=$2 , email=$3 WHERE id=$4.

Please use the "Back" button in your web browser to return to the previous page. There you can correct whatever problems were identified in this error or select another action. You can also click an option from the menu bar to go directly to a new section.

My user contains accented characters in the real name (CN contains "é"), not in the login identifier.
The log shows that LDAP retrieves the user based on the login provided. The user was previously a local user before I started using LDAP with a manager profile.
My expectation was that it would simply update the DB entry with the LDAP information.

MantisBT can handle accented characters just fine because another local user has one in their real name field.

I can log in fine with another user who has no accented character (previously not existing in the database).

TagsNo tags attached.

Relationships

related to 0023390 closedatrol Unable to auth user through SOAP API if special char in LDAP realname 
related to 0020809 closedatrol Auth with AD KO when UTF-8 chars in password 
related to 0022655 closedatrol Login via LDAP is not working, error with special characters [APPLICATION ERROR 0000401

Activities

gsac

gsac

2020-10-22 03:23

reporter   ~0064578

I've set priority to "High" by mistake, please lower it.

dregad

dregad

2020-10-26 08:05

developer   ~0064590

Last edited: 2020-10-26 09:11

You did not provide detailed info about the error so I can't be sure, but someone reported what seems to be the exact same issue in our forums. Unfortunately, there was never any update to that post, so I don't know if they managed to fix the problem and how. Maybe you can ask them ?

Note that LDAP API has changed in 2.23.1 so the information in the forum post (especially the log format) may be outdated.

It would be helpful if you could trace what is happening in the ldap_cache_user_data() function, particularly what data is retrieved from LDAP by ldap_get_value() call at line 255; maybe you can add the following

log_event( LOG_LDAP, var_export( $t_data, true ) );

after the foreach loop (line 262) and post your log file here.

Details about your LDAP settings ($g_ldap* in config_in.php) may also be helpful.

gsac

gsac

2020-10-26 10:15

reporter   ~0064591

Last edited: 2020-10-26 11:39

Well, I'll be damned, that's actually my post!
I forgot about it (as no reply) and when I searched the forum and Google, it didn't pop up (I searched for UTF8 and my post didn't contain that word...).

I read your forum post reply after I wrote the following anser. Just to report that using protocol v3 did the trcik.

Thank you very much fort your help!

(Original post)
Anyway, I've added the log as you proposed and then I remembered a post where someone changed that file to cope with Windows-1252 encoding (apparently that's what LDAP answers in).

Here's the change and that is working for me:

--- ldap_api.php.orig   2020-10-26 15:07:13.747582465 +0100
+++ ldap_api.php        2020-10-26 15:09:10.890986627 +0100
@@ -170,7 +170,7 @@
                $t_realname = ldap_simulatiom_realname_from_username( $p_username );
        } else {
                $t_ldap_realname_field = config_get( 'ldap_realname_field' );
-               $t_realname = (string)ldap_get_field_from_username( $p_username, $t_ldap_realname_field );
+               $t_realname = iconv("Windows-1252", "UTF-8", (string)ldap_get_field_from_username( $p_username, $t_ldap_realname_field ));
        }
        return $t_realname;
 }

I have no idea if this could be useful for more people than myself...

Thanks for your help in pointing me to the right place!

P.S.: I'll update my original post in the forum.

dregad

dregad

2020-10-26 12:20

developer   ~0064592

Well, I'll be damned, that's actually my post!

:-D

Just to report that using protocol v3 did the trcik.

Good to hear, thanks for the feedback.