tickets #154984
closedbeans.opensuse.org login issues
0%
Description
I'm getting a Error: Wrong username and/or password. with login to beans.opensuse.org The https://freeipa.infra.opensuse.org/ advisement doesn't seem to change this. I don't think the systems are connected. I think the login is independent. Image attached. hellcp might be able to solve. lvogt set it up.
Files
Updated by crameleon about 2 months ago
- Status changed from New to In Progress
- Assignee set to crameleon
Updated by crameleon about 2 months ago ยท Edited
- Category changed from FreeIPA/Kanidm to Servers hosted in PRG
- Status changed from In Progress to Workable
- Assignee deleted (
crameleon)
After changing the port to reflect LDAPS and removing a bogus freeipa.infra.opensuse.org entry from /etc/hosts I was able to get https://beans.opensuse.org/matomo/ to no longer refuse my login, but instead to load forever upon pressing "Sign In" ("forever" = few minutes until it returns "504 Gateway Time-out").
This works (using the login configured in config.ini.php):
matomo (matomo):~ # ldapsearch -xH ldaps://freeipa.infra.opensuse.org -WD uid=widehat,cn=users,cn=accounts,dc=infra,dc=opensuse,dc=org uid=crameleon memberOf|grep matomo
Enter LDAP Password:
memberOf: cn=matomo-user,cn=groups,cn=accounts,dc=infra,dc=opensuse,dc=org
I tried to find application logs, but there doesn't seem to be anything printed anywhere, besides the HTTP requests in the Apache httdp access log.
These are my changes:
matomo (matomo):~ # diff config.ini.old /etc/matomo/config.ini.php
212,213c212,213
< hostname = "ldaps://freeipa.infra.opensuse.org/"
< port = 389
---
> hostname = "freeipa.infra.opensuse.org"
> port = 636
226a227,231
> [log]
> log_writeres[] = file
> logger_file_path = /var/log/matomo/matomo.log
> ; ERROR, WARN, INFO, DEBUG
> log_level = DEBUG
I also tried changing the log options directly in global.ini.php but with no luck. Neither the default nor the custom file are populated - even after going as far as touch-ing the file with 666 permissions. No entries in the audit log and no luck with "log_writeres[] = syslog" either.
Handing issue back to the queue.
Updated by ddemaio about 1 month ago
- Assignee set to mcaj
ddemaio wrote:
I'm getting a Error: Wrong username and/or password. with login to beans.opensuse.org The https://freeipa.infra.opensuse.org/ advisement doesn't seem to change this. I don't think the systems are connected. I think the login is independent. Image attached. hellcp might be able to solve. lvogt set it up.
UPDATE: Looks like Additional knowledge gained since this update. With openSUSE infra move, it is likely the network or system config might be causing access issues. Need someone with physical access to machine in Prague is needed to verify/fix problem. Seeing if mcaj can help.
Updated by crameleon about 1 month ago
A software problem cannot be investigated physically.
Updated by crameleon about 1 month ago
- Related to tickets #157798: Migrate FreeIPA consumers to Kanidm added
Updated by crameleon 11 days ago
- Status changed from In Progress to Resolved
- Assignee set to crameleon
I resolved the issue, it is now possible to log in again.
Note though that this is not permanent - we want to decommission FreeIPA soon, and I will have to migrate Matomo to use our Heroes OIDC instead of the Heroes LDAP.
Updated by ddemaio 7 days ago
- Status changed from Resolved to Closed
crameleon wrote in #note-10:
I resolved the issue, it is now possible to log in again.
Note though that this is not permanent - we want to decommission FreeIPA soon, and I will have to migrate Matomo to use our Heroes OIDC instead of the Heroes LDAP.
Thank you!!! It works.