Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1149

Login using LDAP fails internally if TOTP is used without automatic user creation

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.3.0
    • Component/s: guacamole-auth-jdbc
    • Labels:
      None
    • Environment:
      Ubuntu 18.04.4 LTS
      mariadb Ver 15.1 Distrib 10.1.44-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
      Tomcat 9 9.0.16-3ubuntu0.18.04.1
      openjdk-11-jre-headless 10.0.1+10-3ubuntu1

      Description

      After updating our Guacamole 1.1.0 installation to 1.2.0 (extensions included) we started experiencing the following error:

      Jul 30 14:16:54 pvlgua03 tomcat9[23757]:         at java.base/java.lang.Thread.run(Thread.java:834)
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: 14:16:54.560 [http-nio-8080-exec-7] INFO o.a.g.r.auth.AuthenticationService - User "someaduser" successfully authenticated from 10.0.10.38.
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: 14:16:54.574 [http-nio-8080-exec-7] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 5.5.5.
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: 14:16:54.585 [http-nio-8080-exec-7] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 5.5.5.
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: 14:16:54.586 [http-nio-8080-exec-7] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 5.5.5.
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: 14:16:54.596 [http-nio-8080-exec-7] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### Error updating database. Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### The error occurred while setting parameters
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### SQL: INSERT INTO guacamole_user_attribute ( user_id, attribute_name, attribute_value ) VALUES (?, ?, ?) , (?, ?, ?)
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: 14:16:54.596 [http-nio-8080-exec-7] DEBUG o.a.g.rest.RESTExceptionMapper - Unexpected error in REST endpoint.
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: org.apache.ibatis.exceptions.PersistenceException:
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### Error updating database. Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.insertAttributes-Inline
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### The error occurred while setting parameters
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### SQL: INSERT INTO guacamole_user_attribute ( user_id, attribute_name, attribute_value ) VALUES (?, ?, ?) , (?, ?, ?)
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]: ### Cause: java.sql.SQLIntegrityConstraintViolationException: Column 'user_id' cannot be null
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]:         at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]:         at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:200)
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]:         at org.apache.ibatis.session.defaults.DefaultSqlSession.insert(DefaultSqlSession.java:185)
      Jul 30 14:16:54 pvlgua03 tomcat9[23757]:         at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      

      This happens when we create a brand new AD user and attempt to log-in for the very first time. Intrestingly, logging-in with guacadmin and checking the "Change own password" for the user fixes the problem. it seems this might have something to do with this new feature introduced by GUACAMOLE-708.

      The extensions are: guacamole-auth-jdbc-mysql-1.2.0.jar guacamole-auth-ldap-1.2.0.jar guacamole-auth-totp-1.2.0.jar

      We're also using MariaDB as our DB backend and Tomcat 9 on Ubuntu 18.04.

       

      Could you please help?
      Thanks.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mjumper Mike Jumper
                Reporter:
                ptrbrzozowski Piotrek
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: