SuiteCRM - Can't Login

suitecrm

#1

Hi everyone.
I am testing the SuiteCRM app and have entered a fair bit of data now.
All of a sudden users can’t login. everyone just gets “You have been logged out because your session has expired.

I can checked the most common things. I removed access to the users and re added it. I have even tried the default user, “ucsadmin” but everyone gets the same message.

in the suitecrm.log file i just get.
Thu Feb 15 13:53:45 2018 [2542][-none-][FATAL] FAILED LOGIN:attempts[1] - jason.king
Thu Feb 15 14:08:47 2018 [1730][-none-][FATAL] FAILED LOGIN:attempts[1] - ucsadmin

Any help would be amazing,
thanks.


#2

Hello @jason.king,

good to hear that you are testing SuiteCRM. Some questions.

  • How do you operate SuiteCRM? Did you download the pre-installed virtual machine from the SuiteCRM website or the app catalog on the Univention website?
  • Is it the only system in your UCS environment?
  • How is the UCS host system configured to obtain his ip address? Does it have a static address configured or is it using a dynamic IP address via DHCP and did this address change recently?

Best regards,
Nico


#3

Thanks for replying.

I have a second server that is part of the Univention Domain.
This second server has SuiteCRM installed from the app center.

The Main UCS server is a static address. The second UCS server gets its address by DHCP, but has a reservation for this host. The address has not changed as the static DNS entry to get to the server still resolves to the ip.

A note maybe of worth. I just tried the password reset on the suitcrm login page.
When i finish this, it will let me in. But if i logout i can not log back in. Goes through the reboot loop saying “You have been logged out because your session has expired.”

I have tested on systems that have never been to the CRM before. so it is not a local cache problem.


#4

maybe this thread could help:
https://help.univention.com/t/keine-anmeldung-an-suitecrm-moglich/4349/13
But i can’t translate to english.

Dirk


#5

@dmauz i had a good read though that thread, learned a few commands. but i do not think that is my problem.

I have no ldap errors. I still checked and everything seem to line up.
However in case i am missing something here is the data from the 2 commands.

mysql -u root --password=$(< /etc/mysql.secret) -e "select * from config where category='ldap'" suitecrm
+----------+-------------------------+---------------------------------------------------------------+
| category | name                    | value                                                         |
+----------+-------------------------+---------------------------------------------------------------+
| ldap     | hostname                | BAR-DOM02.ozone.bb                                            |
| ldap     | port                    | 7389                                                          |
| ldap     | base_dn                 | dc=ozone,dc=bb                                                |
| ldap     | login_filter            | (&(objectClass=digitecSuiteCRM)(SuiteCRMActive=OK))           |
| ldap     | bind_attr               | dn                                                            |
| ldap     | login_attr              | uid                                                           |
| ldap     | group_dn                |                                                               |
| ldap     | group_name              |                                                               |
| ldap     | group_user_attr         |                                                               |
| ldap     | group_attr              |                                                               |
| ldap     | admin_user              | cn=digit-40295314,cn=memberserver,cn=computers,dc=ozone,dc=bb |
| ldap     | admin_password          | LXogTjn/mbkFXE9TEDotB9CjRfHK90LL                              |
| ldap     | auto_create_users       | 1                                                             |
| ldap     | enc_key                 |                                                               |
| ldap     | group                   | 0                                                             |
| ldap     | authentication          | 1                                                             |
| ldap     | authentication_checkbox | on                                                            |
| ldap     | group_attr_req_dn       | 0                                                             |
+----------+-------------------------+---------------------------------------------------------------+
univention-ldapsearch "cn=bar-dom02" dn
# extended LDIF
#
# LDAPv3
# base <dc=ozone,dc=bb> (default) with scope subtree
# filter: cn=bar-dom02
# requesting: dn
#

# BAR-DOM02, dc, computers, ozone.bb
dn: cn=BAR-DOM02,cn=dc,cn=computers,dc=ozone,dc=bb

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

And the Admin user from ldap
CN=digit-40295314,CN=memberserver,CN=Computers,DC=ozone,DC=bb


#6

this seems to be a Docker instance. Please post output from some commands:
univention-app info

for safety still check ldap/hostdn
change to Docker context with
univention-app shell digitec-suitecrm

ucr get ldap/hostdn

ldap/hostdn must be identical to admin_user in MySQL DB


#7

It is the same.
Also should not using the built in username ucsadmin bypass all this.
That user gets the same problem when logging in.

univention-app info
UCS: 4.2-3 errata305
App Center compatibility: 4
Installed: adconnector=11.0 samba4=4.6 4.1/digitec-suitecrm=7.9.7
Upgradable:
univention-app shell digitec-suitecrm
root@digit-40295314:/# ucr get ldap/hostdn
cn=digit-40295314,cn=memberserver,cn=computers,dc=ozone,dc=bb
root@digit-40295314:/#

#8

When I try to log in with the ucsadmin user, with password from /var/lib/suitecrm_etc/suitecrm/ucsadmin.secret, i cant login and there are 4 entries in suitecrm.log.

Fri Feb 16 09:43:42 2018 [15151][-none-][FATAL] SECURITY: ldapauth: failed LDAP bind (login) by ucsadmin, could not construct bind_user
Fri Feb 16 09:43:42 2018 [15151][-none-][FATAL] SECURITY: User authentication for ucsadmin failed
Fri Feb 16 09:43:42 2018 [15151][-none-][FATAL] SECURITY: User authentication for ucsadmin failed
Fri Feb 16 09:43:42 2018 [15151][-none-][FATAL] FAILED LOGIN:attempts[1] - ucsadmin

Apparently all interactive logon attempts are sent to the Domain controller. but there is no domain user “ucsadmin”.
With domain user works the login.


#9

When i try the ucsadmin user or a doamin user i get the same result.

Fri Feb 16 12:07:10 2018 [6435][-none-][FATAL] FAILED LOGIN:attempts[1] - ucsadmin
Fri Feb 16 12:07:10 2018 [6435][-none-][FATAL] FAILED LOGIN:attempts[1] - jason.king

There is a user in the DB called ucsadmin

 mysql -u root --password=$(< /etc/mysql.secret) -e "select * from users where user_name='ucsadmin'" suitecrm
+----+-----------+------------------------------------+---------------------------+---------------------+-----------------+-------------+------------+---------------+----------+--------------------+-----------------------+-------------+---------------------+---------------------+--------------------------------------+------------+---------------+-------+------------+------------+--------------+------------+-------------+-----------+--------+----------------+--------------+---------------+-----------------+--------------------+---------+-------------+-------------------+-----------------+--------------+----------------+---------------+----------+
| id | user_name | user_hash                          | system_generated_password | pwd_last_changed    | authenticate_id | sugar_login | first_name | last_name     | is_admin | external_auth_only | receive_notifications | description | date_entered        | date_modified       | modified_user_id                     | created_by | title         | photo | department | phone_home | phone_mobile | phone_work | phone_other | phone_fax | status | address_street | address_city | address_state | address_country | address_postalcode | deleted | portal_only | show_on_employees | employee_status | messenger_id | messenger_type | reports_to_id | is_group |
+----+-----------+------------------------------------+---------------------------+---------------------+-----------------+-------------+------------+---------------+----------+--------------------+-----------------------+-------------+---------------------+---------------------+--------------------------------------+------------+---------------+-------+------------+------------+--------------+------------+-------------+-----------+--------+----------------+--------------+---------------+-----------------+--------------------+---------+-------------+-------------------+-----------------+--------------+----------------+---------------+----------+
| 1  | ucsadmin  | $1$nfXcBSPq$bzOp.w1MBj9Hvt44dX0DB/ |                         0 | 2018-02-15 16:33:06 | NULL            |           1 | Ozone      | Administrator |        1 |                  0 |                     1 | NULL        | 2018-01-24 14:37:57 | 2018-02-15 16:33:06 | da59eedd-c5f3-c184-6086-5a68d6e1963d |            | Administrator | NULL  | NULL       | NULL       | NULL         | NULL       | NULL        | NULL      | Active | NULL           | NULL         | NULL          | NULL            | NULL               |       0 |           0 |                 1 | Active          | NULL         | NULL           |               |        0 |
+----+-----------+------------------------------------+---------------------------+---------------------+-----------------+-------------+------------+---------------+----------+--------------------+-----------------------+-------------+---------------------+---------------------+--------------------------------------+------------+---------------+-------+------------+------------+--------------+------------+-------------+-----------+--------+----------------+--------------+---------------+-----------------+--------------------+---------+-------------+-------------------+-----------------+--------------+----------------+---------------+----------+

#10

After hours of playing i found the problem.

It was the theme that i had selected. Disabled the theme and it is working again.
Will do more testing


#11

I’m having the same LDAP issue logging into SuiteCRM. How did you disable the theme if you can’t login anymore?