[Solved] One user can't log in anymore

tharris6012 · 2022-08-25 14:36:20

Hello GLPI gurus,
I have a strange issue. My users authenticate against Microsoft AD. After a certain amount of time, they are forced to change their AD password. This has never been a problem but I have one user who changed her password recently and now she can't log into GLPI. She gets the "Incorrect username or password / you don't have right to connect" error.

What I have done to try to fix:
Verified that her new PW works elsewhere
manually synched her account with AD
I deleted her account within GLPI and then did a resync. That added her back but still got the login error.
GLPI version:10.0.1
Does anybody know what I should do next? Thanks in advance. -Tony Harris

Last edited by tharris6012 (2022-08-26 22:00:09)

Kaya84 · 2022-08-25 16:55:20

Trying force reset password on AD (with a new one, never used before)

cconard96 · 2022-08-25 23:33:33

The Incorrect username or password error can occur in these conditions when using an LDAP-synced account:
1. A user doesn't exist in the database at all by username or email
2. The user isn't linked with an existing LDAP user or the LDAP server rejected the password provided
3. A plugin that implements the "restrict_ldap_auth" hook blocked the authentication

GLPI doesn't store the passwords of LDAP users in the database, so there shouldn't even need to be a re-sync for the login to work with the new password. The only other thing I can think of, is if the password contained a character that wasn't handled properly (if there is some escaping needed, or if the password gets escaped when it should be passed as-is) when passing it to the LDAP PHP extension "ldap_bind" function so it didn't match properly. Although, I have not seen this issue happen before.

tharris6012 · 2022-08-26 00:52:35

**New update**
I now have more users that can't log in. When I check their user account in administration/users /authorizations, there's nothing under the "entities" or "profiles" section. When I try to add a root entity or a profile GLPI throws an error that "I don't have permission to perform this action". Which doesn't make sense because I am a superadmin. This is starting to become an issue now that multiple users are experiencing this. Does anyone have any insight on this issue with the new data I provided? Thanks for your reply cconard96.

cconard96 · 2022-08-26 02:50:31

That should not be happening unless the super-admin profile has permissions missing somehow. As far as I know, the only way you wouldn't be able to assign a profile is if your profile is missing a right that is present in the profile you are trying to assign. It could be something seemingly insignificant like an Unlock or Read Note right.

Last edited by cconard96 (2022-08-26 02:50:41)

tharris6012 · 2022-08-26 16:16:33

***Update and Solution***
I had to put a checkmark back into the "default" check box of the super-admin profile which then allowed me to add the self-service profile back to the affected user's accounts. Thanks cconard96, your replies guided me to this resolution.

Last edited by tharris6012 (2022-08-26 16:17:01)

Forum GLPI-Project

Announcement

#1 2022-08-25 14:36:20

[Solved] One user can't log in anymore

#2 2022-08-25 16:55:20

Re: [Solved] One user can't log in anymore

#3 2022-08-25 23:33:33

Re: [Solved] One user can't log in anymore

#4 2022-08-26 00:52:35

Re: [Solved] One user can't log in anymore

#5 2022-08-26 02:50:31

Re: [Solved] One user can't log in anymore

#6 2022-08-26 16:16:33

Re: [Solved] One user can't log in anymore

Board footer