Session Mismatch



  • Hello

    First -> Thank you for that ldap Plugin.
    I was able to configure ldap access. It worked. First thing was that i logged in with ldap user and i had no admin rights. Problem is that local users don't work anymore after activating ldap. So goodbey admin forever? Never ever.

    I deactivated and uninstalled plugin, restarted, logged in with local admin, watched under user and deleted ldap user for a clean start from scratch.

    Installed and actived plugin again, tried to login with same ldap user on other browser while logged in with local admin in second browser. Session Missmatch appearing in endless loop somehow:
    0_1518777570377_2c8b6549-9ba5-472d-8a92-e2707dcc6471-image.png image

    Logged in with diffrent ldap user works. I gave this user admin rights with local admin. So im fine now. But how can i solve this Session Mismatch with my first user i tried? It still appears after restarting everything! I also cleared cache of browsers, restart of nginx and nodebb did nothing. I think there is something in the database that must be deleted manually? Please help me!



  • Just for Information...deleted all cookies and cache on all browsers and deleted ALL mongodb sessions without any success 😤

    0_1518778930389_3911a6bc-4c27-4a09-9063-4ba5b71b2c55-image.png



  • Really no one got a clue? Thats not possible... 😞


  • Admin

    It works with one user but not another user? That suggests an issue with the remote server.



  • Hello @julian, login works with all ldap users, except mine... and this must be related to my migration from local to ldap users over ldap connector. somehow the deletion of my user after deactivating and reactivating ldap plugin has something to do with it but i don't find anything in database...all other users from ldap working without any problem



  • I am facing the same issue, I actually delete a record from the objects table. Now it is showing session mismatch. How do I reset?


  • Admin

    @maulikmmodi You probably want to clear your cookies so you can log in again.



  • @julian
    i don't understand where the problem is...
    i have this problem over a year now and everyone can use nodebb over ldap...
    but not my user over ldap, im sure, im uid:7......

    see what happens when i delete all sessions. so under objects i see:

    {
    "_id" : ObjectId("5af1938c0927a23eb5d87773"),
    "_key" : "uid:7:sessions",
    "value" : "Iy2SjVzdi3zUjDjF0At_Gs6BwY96MiZ1",
    "score" : 1525781388101.0
    }
    {
    "_id" : ObjectId("5af1923d0927a23eb5d87771"),
    "_key" : "uid:7:sessions",
    "value" : "v3QiHjqADJ5tyvsy9TpEpdUvh-KlXmUB",
    "score" : 1525781053765.0
    }

    under sessions:

    {
    "_id" : "v3QiHjqADJ5tyvsy9TpEpdUvh-KlXmUB",
    "session" : "{"cookie":{"originalMaxAge":1209600000,"expires":"2018-05-22T12:09:17.452Z","secure":true,"httpOnly":true,"domain":"xxx","path":"/"},"csrfSecret":"h5FTrzQrRex4kXU_y3F_0LjB","flash":{},"passport":{"user":7},"meta":{"ip":"x.x.x.x","uuid":"09008e73-2f23-4c47-a4e3-58351a793abb","datetime":1525781053765,"platform":"Microsoft Windows","browser":"Firefox","version":"59.0"}}",
    "expires" : ISODate("2018-05-22T12:09:17.452+0000")
    }
    {
    "_id" : "Iy2SjVzdi3zUjDjF0At_Gs6BwY96MiZ1",
    "session" : "{"cookie":{"originalMaxAge":false,"expires":false,"secure":true,"httpOnly":true,"domain":"xxx","path":"/"},"csrfSecret":"tMUwaiPII6wvmfPMajOaNQTE","flash":{},"passport":{"user":7},"meta":{"ip":"x.x.x.x","uuid":"f8fec706-0e86-4383-9ff9-cb2ba2d06a76","datetime":1525781388101,"platform":"Microsoft Windows","browser":"Firefox","version":"59.0"}}",
    "expires" : ISODate("2018-05-22T12:09:50.204+0000")
    }

    PLEASE HELP i don't understand the logic how nodebb stores that data in database and why this is happening


  • Admin

    Hi! Thanks for following up. Since you posted before and today, I think I might know what is going on.

    Can you let me know the uid? It looks like when the LDAP plugin registers a new user it doesn't handle user deletion at all, so that is why it is trying to log you into an account that no longer exists (hence session mismatch).

    Do you know your ldap ID? If so, please delete the incorrect reference from the ldapid:uid hash.

    hdel ldapid:uid {yourLDAPid} or in mongo:

    db.objects.update({ _key: "ldapid:uid" }, { $unset: "{yourLDAPid}": "" });



  • Hello julian

    Thank you for reply! I will search for ldapid, im not sure but i think i didn't see ldapid. Is this stored under objects? must be there, cause session is only tmp...Will look asap when im back in office.



  • @julian said in Session Mismatch:

    Hi! Thanks for following up. Since you posted before and today, I think I might know what is going on.

    Can you let me know the uid? It looks like when the LDAP plugin registers a new user it doesn't handle user deletion at all, so that is why it is trying to log you into an account that no longer exists (hence session mismatch).

    Do you know your ldap ID? If so, please delete the incorrect reference from the ldapid:uid hash.

    hdel ldapid:uid {yourLDAPid} or in mongo:

    db.objects.update({ _key: "ldapid:uid" }, { $unset: "{yourLDAPid}": "" });

    @julian, i think i found it with your help. but im not sure, how can i know what ldap id i have? I think my UID is 7... So, it is possible that i have 1483239134, but how can i doublecheck this!? look screenshot

    0_1526551251257_3f266fee-4217-40d0-81fc-83710fffb4f6-image.png


  • Admin

    The "key" is the LDAP id on your end (the "remote" side), the "value" is the NodeBB uid. You'll need one of those to figure out the leftover entry and then you can delete it.

    I'm not sure if it'll work, but when you're in the midst of the login loop, maybe you can type app.user in the web inspector console to see what it is set to...



  • @julian said in Session Mismatch:

    The "key" is the LDAP id on your end (the "remote" side), the "value" is the NodeBB uid. You'll need one of those to figure out the leftover entry and then you can delete it.

    I'm not sure if it'll work, but when you're in the midst of the login loop, maybe you can type app.user in the web inspector console to see what it is set to...

    It works now, thank you very much!

    I did a backup of mongo db and whole vm ... To figure out what UID i have, i deleted all sessions under mongodb and logged in with the ldap user that don't work ... under session it shows UID7 for that session. Searching under object for ldap and deleted entry with value UID7.

    It would be awesome if local users would work too, but i think this depends on the ldap plugin...
    Other way would be that nodebb can handle ldap integration out of the box...That would be damn awesome!


  • Admin

    @isag said in Session Mismatch:

    Other way would be that nodebb can handle ldap integration out of the box...That would be damn awesome!

    Heheh... unfortunately for you that won't happen because not everybody wants or needs LDAP integration, so we encourage the use of plugins so that a NodeBB can be customised to the exact needs of the admin.



  • @julian said in Session Mismatch:

    @isag said in Session Mismatch:

    Other way would be that nodebb can handle ldap integration out of the box...That would be damn awesome!

    Heheh... unfortunately for you that won't happen because not everybody wants or needs LDAP integration, so we encourage the use of plugins so that a NodeBB can be customised to the exact needs of the admin.

    Thats great but ldap plugin seems to be outdated, no one answers for issue on github, so development somehow has been stopped and local users can't be used at the moment.


 

| |