SuiteCRM - Can't Login

jason.king · February 15, 2018, 1:16pm

Hi everyone.
I am testing the SuiteCRM app and have entered a fair bit of data now.
All of a sudden users can’t login. everyone just gets “You have been logged out because your session has expired.”

I can checked the most common things. I removed access to the users and re added it. I have even tried the default user, “ucsadmin” but everyone gets the same message.

in the suitecrm.log file i just get.
Thu Feb 15 13:53:45 2018 [2542][-none-][FATAL] FAILED LOGIN:attempts[1] - jason.king
Thu Feb 15 14:08:47 2018 [1730][-none-][FATAL] FAILED LOGIN:attempts[1] - ucsadmin

Any help would be amazing,
thanks.

gulden · February 15, 2018, 2:15pm

Hello @jason.king,

good to hear that you are testing SuiteCRM. Some questions.

How do you operate SuiteCRM? Did you download the pre-installed virtual machine from the SuiteCRM website or the app catalog on the Univention website?
Is it the only system in your UCS environment?
How is the UCS host system configured to obtain his ip address? Does it have a static address configured or is it using a dynamic IP address via DHCP and did this address change recently?

Best regards,
Nico

jason.king · February 15, 2018, 2:31pm

Thanks for replying.

I have a second server that is part of the Univention Domain.
This second server has SuiteCRM installed from the app center.

The Main UCS server is a static address. The second UCS server gets its address by DHCP, but has a reservation for this host. The address has not changed as the static DNS entry to get to the server still resolves to the ip.

A note maybe of worth. I just tried the password reset on the suitcrm login page.
When i finish this, it will let me in. But if i logout i can not log back in. Goes through the reboot loop saying “You have been logged out because your session has expired.”

I have tested on systems that have never been to the CRM before. so it is not a local cache problem.

dmauz · February 15, 2018, 3:17pm

maybe this thread could help:
https://help.univention.com/t/keine-anmeldung-an-suitecrm-moglich/4349/13
But i can’t translate to english.

Dirk

jason.king · February 15, 2018, 4:22pm

@dmauz i had a good read though that thread, learned a few commands. but i do not think that is my problem.

I have no ldap errors. I still checked and everything seem to line up.
However in case i am missing something here is the data from the 2 commands.

mysql -u root --password=$(< /etc/mysql.secret) -e "select * from config where category='ldap'" suitecrm
+----------+-------------------------+---------------------------------------------------------------+
| category | name                    | value                                                         |
+----------+-------------------------+---------------------------------------------------------------+
| ldap     | hostname                | BAR-DOM02.ozone.bb                                            |
| ldap     | port                    | 7389                                                          |
| ldap     | base_dn                 | dc=ozone,dc=bb                                                |
| ldap     | login_filter            | (&(objectClass=digitecSuiteCRM)(SuiteCRMActive=OK))           |
| ldap     | bind_attr               | dn                                                            |
| ldap     | login_attr              | uid                                                           |
| ldap     | group_dn                |                                                               |
| ldap     | group_name              |                                                               |
| ldap     | group_user_attr         |                                                               |
| ldap     | group_attr              |                                                               |
| ldap     | admin_user              | cn=digit-40295314,cn=memberserver,cn=computers,dc=ozone,dc=bb |
| ldap     | admin_password          | LXogTjn/mbkFXE9TEDotB9CjRfHK90LL                              |
| ldap     | auto_create_users       | 1                                                             |
| ldap     | enc_key                 |                                                               |
| ldap     | group                   | 0                                                             |
| ldap     | authentication          | 1                                                             |
| ldap     | authentication_checkbox | on                                                            |
| ldap     | group_attr_req_dn       | 0                                                             |
+----------+-------------------------+---------------------------------------------------------------+

univention-ldapsearch "cn=bar-dom02" dn
# extended LDIF
#
# LDAPv3
# base <dc=ozone,dc=bb> (default) with scope subtree
# filter: cn=bar-dom02
# requesting: dn
#

# BAR-DOM02, dc, computers, ozone.bb
dn: cn=BAR-DOM02,cn=dc,cn=computers,dc=ozone,dc=bb

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

And the Admin user from ldap
CN=digit-40295314,CN=memberserver,CN=Computers,DC=ozone,DC=bb

dmauz · February 15, 2018, 5:30pm

this seems to be a Docker instance. Please post output from some commands:
univention-app info

for safety still check ldap/hostdn
change to Docker context with
univention-app shell digitec-suitecrm

ucr get ldap/hostdn

ldap/hostdn must be identical to admin_user in MySQL DB

jason.king · February 15, 2018, 6:10pm

It is the same.
Also should not using the built in username ucsadmin bypass all this.
That user gets the same problem when logging in.

univention-app info
UCS: 4.2-3 errata305
App Center compatibility: 4
Installed: adconnector=11.0 samba4=4.6 4.1/digitec-suitecrm=7.9.7
Upgradable:

univention-app shell digitec-suitecrm
root@digit-40295314:/# ucr get ldap/hostdn
cn=digit-40295314,cn=memberserver,cn=computers,dc=ozone,dc=bb
root@digit-40295314:/#

dmauz · February 16, 2018, 8:55am

When I try to log in with the ucsadmin user, with password from /var/lib/suitecrm_etc/suitecrm/ucsadmin.secret, i cant login and there are 4 entries in suitecrm.log.

Fri Feb 16 09:43:42 2018 [15151][-none-][FATAL] SECURITY: ldapauth: failed LDAP bind (login) by ucsadmin, could not construct bind_user
Fri Feb 16 09:43:42 2018 [15151][-none-][FATAL] SECURITY: User authentication for ucsadmin failed
Fri Feb 16 09:43:42 2018 [15151][-none-][FATAL] SECURITY: User authentication for ucsadmin failed
Fri Feb 16 09:43:42 2018 [15151][-none-][FATAL] FAILED LOGIN:attempts[1] - ucsadmin

Apparently all interactive logon attempts are sent to the Domain controller. but there is no domain user “ucsadmin”.
With domain user works the login.

jason.king · February 16, 2018, 11:09am

When i try the ucsadmin user or a doamin user i get the same result.

Fri Feb 16 12:07:10 2018 [6435][-none-][FATAL] FAILED LOGIN:attempts[1] - ucsadmin
Fri Feb 16 12:07:10 2018 [6435][-none-][FATAL] FAILED LOGIN:attempts[1] - jason.king

There is a user in the DB called ucsadmin

 mysql -u root --password=$(< /etc/mysql.secret) -e "select * from users where user_name='ucsadmin'" suitecrm
+----+-----------+------------------------------------+---------------------------+---------------------+-----------------+-------------+------------+---------------+----------+--------------------+-----------------------+-------------+---------------------+---------------------+--------------------------------------+------------+---------------+-------+------------+------------+--------------+------------+-------------+-----------+--------+----------------+--------------+---------------+-----------------+--------------------+---------+-------------+-------------------+-----------------+--------------+----------------+---------------+----------+
| id | user_name | user_hash                          | system_generated_password | pwd_last_changed    | authenticate_id | sugar_login | first_name | last_name     | is_admin | external_auth_only | receive_notifications | description | date_entered        | date_modified       | modified_user_id                     | created_by | title         | photo | department | phone_home | phone_mobile | phone_work | phone_other | phone_fax | status | address_street | address_city | address_state | address_country | address_postalcode | deleted | portal_only | show_on_employees | employee_status | messenger_id | messenger_type | reports_to_id | is_group |
+----+-----------+------------------------------------+---------------------------+---------------------+-----------------+-------------+------------+---------------+----------+--------------------+-----------------------+-------------+---------------------+---------------------+--------------------------------------+------------+---------------+-------+------------+------------+--------------+------------+-------------+-----------+--------+----------------+--------------+---------------+-----------------+--------------------+---------+-------------+-------------------+-----------------+--------------+----------------+---------------+----------+
| 1  | ucsadmin  | $1$nfXcBSPq$bzOp.w1MBj9Hvt44dX0DB/ |                         0 | 2018-02-15 16:33:06 | NULL            |           1 | Ozone      | Administrator |        1 |                  0 |                     1 | NULL        | 2018-01-24 14:37:57 | 2018-02-15 16:33:06 | da59eedd-c5f3-c184-6086-5a68d6e1963d |            | Administrator | NULL  | NULL       | NULL       | NULL         | NULL       | NULL        | NULL      | Active | NULL           | NULL         | NULL          | NULL            | NULL               |       0 |           0 |                 1 | Active          | NULL         | NULL           |               |        0 |
+----+-----------+------------------------------------+---------------------------+---------------------+-----------------+-------------+------------+---------------+----------+--------------------+-----------------------+-------------+---------------------+---------------------+--------------------------------------+------------+---------------+-------+------------+------------+--------------+------------+-------------+-----------+--------+----------------+--------------+---------------+-----------------+--------------------+---------+-------------+-------------------+-----------------+--------------+----------------+---------------+----------+

jason.king · February 16, 2018, 7:31pm

After hours of playing i found the problem.

It was the theme that i had selected. Disabled the theme and it is working again.
Will do more testing

mhougaard · June 26, 2018, 8:36pm

I’m having the same LDAP issue logging into SuiteCRM. How did you disable the theme if you can’t login anymore?