[Bug] LDAP authentication - user xyz not found

[WingerHusar]

Request Type

Bug

Work Environment

Software	Version
CentOS	8
TheHive	4.1.3-1
Keycloak	14.0.0

Problem

Hi,
I have problem with LDAP authentication. I have a ldap server with accounts. I configured TheHive LDAP authentication but there is a problem with authentication.
I know that the user is available because I can log in as the user on another Linux server using sssd.
When I use this command on the Hive server side:

• ldapsearch -x -b "dc=ldap,dc=something,dc=org" -h ldap.something.org -D "cn=readonly,ou=people,dc=ldap,dc=something,dc=org" -W "(objectClass=posixAccount)"

The command works, I get all accounts and I can see xyz user.

Any idea ?

Configuration

...
{
name: ldap
hosts: ["ldap.something.org"]
bindDN: "cn=readonly,ou=people,dc=ldap,dc=something,dc=org"
bindPW: "my_password"
baseDN: "dc=ldap,dc=something,dc=org"
filter: "(objectClass=posixAccount)"
useSSL: no
}
...

Logs

2021-08-11 11:37:48,315 [WARN] from org.thp.thehive.services.TOTPAuthSrv in application-akka.actor.default-dispatcher-12 - ldap fails: org.thp.scalligraph.NotFoundError: User xyz not found

[nadouani]

Does the user exist in TheHive?

[Fedora7830]

@nadouani I actually have this issue as well. I attempted to migrated my previous 3.x TheHive to RockyLinux 8 from a Red Hat 7 Server and was having issues. I instead cloned my Red Hat 7 Server and performed the migration on the Red Hat 7 Host. The Migration worked on the Red Hat 7 clone, and I am able to access TheHive and view any preexisting LDAP users. I then performed a backup of Cassandra and Elasticsearch and Restored the backup files to the RockyLinux 8 Server. I also copied the /etc/thehive/application.conf from the RHEL7 Host (running TheHive 4.1.9-1), to the RockyLinux Host. On the RockyLinux8 Host, I get the same error that @WingerHusar is getting.

2021-08-18 07:48:55,727 [WARN] from org.thp.thehive.services.TOTPAuthSrv in application-akka.actor.default-dispatcher-10 [00000003|] local fails: org.thp.scalligraph.AuthenticationError: Authentication failure
2021-08-18 07:48:55,727 [WARN] from org.thp.thehive.services.TOTPAuthSrv in application-akka.actor.default-dispatcher-10 [00000003|] ldap fails: org.thp.scalligraph.NotFoundError: User xyz not found

Environment where TheHive is not working:

Software	Version
RockyLinux	8
TheHive	4.1.9-1

Environment where TheHive is working:

Software	Version
Red Hat Enterprise Linux	7
TheHive	4.1.9-1

I still have both the Red Hat 7 VM and RockyLinux 8 Server available if there are additional logs that I could provide to assist.

[WingerHusar]

@nadouani The user doesn't exist in TheHive. But there shouldn't be autocreation or something like that ?

For example. I have a user in LDAP server and I have configured linking with LDAP server and I can log into TheHive by a user from LDAP server.

Something like sssd.

[Jay-125]

I am facing the same issue. I am not able to auto-create user in thehive. As mentioned in the doc -
https://docs.thehive-project.org/thehive/installation-and-configuration/configuration/authentication/#user-autocreation
I followed the steps mentioned in the doc and trying to login into the hive using openldap credentials but still not able to login.
(The user is not created in thehive)

@nadouani @WingerHusar can you guys help me with this

[Jay-125]

Or is it like if you are trying to login to thehive using openldap credentials then it's a rule that you have to make a user in thehive ( without giving password ) as in openldap ?