Problems with login in to ODK 2.0 Server web-ui. Incorrect username or password


(Ariel) #1

What is the problem? Please be detailed.

Hi all,
i have some problems with log into the ODK web UI
I access to phpLDAPadmin console (with https://:40000 and login Ok with username "cn=admin,dc=example,dc=org" and the password "admin".
Add user "webadmin" into ou=people and assign him to group "default_prefix site_admins" (gidNumber=500)
But then, i can't login in Web-UI, the error message appears (Incorrect username or password.)
Thanks,
Ariel

What ODK tool and version are you using? And on what device and operating system version?
ODK 2 on ubuntu 16.04. and I try to connect to the web-ui from a terminal with windows 7

What you have you tried to fix the problem?
Add user "webadmin" into ou=people and assign him to group "default_prefix site_admins"

Anything else we should know or have? If you have a test form or screenshots or logs, attach here.


(Yaw Anokwa) #4

@ariel I'm combining your posts into a single topic. Perhaps @Jeff_Beorse can help when he gets a chance.


(Li Lin) #5

Hi Ariel,

Looks like your users/groups might not be correctly assigned. In your screenshot, there isn't a webadmin user but there is an aprincipal. The username to login to Sync Endpoint is the text in the uid field, make sure you have the correct value in that field.

Another possibility is that your Web UI is not configured properly. Could you try visiting /odktables/default/privilegesInfo at the same address as the Web UI and see if you could gain access?

Best,
Li


(Fei Manheche) #6

I am experiencing the exact same issue. What I have tried:

  1. created a user (called it test) as per https://docs.opendatakit.org/odk2/sync-endpoint/#creating-users

  2. Added the user to group gidNumber=500 as described in https://docs.opendatakit.org/odk2/sync-endpoint/#assigning-users-to-groups

  3. Tested that I can find the user via CLI with
    docker exec $(docker ps -f "label=com.docker.swarm.service.name=syncldap_ldap-service" --format '{{.ID}}') ldapsearch -xLLL -D "cn=readonly,dc=example,dc=org" -w readonly -H ldap://ldap-service:389 -b "ou=people,dc=example,dc=org" -s sub 'uid=test' * +

  4. Went to the web-ui url and entered the created user, and get prompted that the login credentials are incorrect.

Tried @linl33 suggestion and get a 404:

Blockquote

Any help would be appreciated.
Best,
Fei


(Fei Manheche) #7

Quick update, upon inspecting the logs for sync-web-ui I see the issue seems to with:

2018-07-14 10:10:30.462 INFO 5 --- [nio-8080-exec-8] bServiceDelegatingAuthenticationProvider : Logging in with http://sync:8080/odktables/{appId}/privilegesInfo
2018-07-14 10:10:30.506 INFO 5 --- [nio-8080-exec-8] bServiceDelegatingAuthenticationProvider : Received an exception when getting granted roles
2018-07-14 10:10:30.506 INFO 5 --- [nio-8080-exec-8] bServiceDelegatingAuthenticationProvider : Received 404
2018-07-14 10:10:30.507 INFO 5 --- [nio-8080-exec-8] bServiceDelegatingAuthenticationProvider : Received


(Fei Manheche) #8

I think the issue was related to having some other container with nginx configuration, which was conflicting with the settings required by odk/sync-web-ui and the logs seems to have pointed me to the right direction.
So, here's how I managed to get logged in:

  1. Stopped all containers with the command docker stop $(docker ps -aq)
  2. Re-run steps 2 - 10 as described in https://docs.opendatakit.org/odk2/sync-endpoint/#odk-sync-endpoint-setup
  3. Accessed /web-ui/
  4. entered credentials
  5. Login success.

Hope it helps anyone else having the same issue.


(Simeon Taskaris) #9

Hi, I have the same problem....

I have installed ODK 2.0 Server on a VirtualBox running Ubuntu Server 18.04. I have access in php LDAP admin from host machine. I have created a user as decripted at https://docs.opendatakit.org/odk2/sync-endpoint/#ldap

But, I cannot login in web-ui ...

Is there any specific configuration that I miss?
(I have test all the above.)

Thanks!


(Li Lin) #10

Try to visit /odktables/default/tables under the same hostname as the web-ui, and using the same credential. If you're able to get a valid response back, then the web-ui wasn't configured properly.


(George Hare) #11

@feisung, where did you find the sync-web-ui logs. I am having exactly the same problem as you but still can't login.

All good, found them in the Docker container. I get exactly the same error message and have tried the steps you suggested but I still can't login to the Web-UI


(Li Lin) #12

Try to visit odktables/default/tables. See if you can login from there.

The logs are stored in Docker. Use docker logs to get the logs, see link for detail.


Default user account of Open Data Kit 2.0 Server
(George Hare) #13

@linl33 I get 'Access Denied' You do not have permission for this operation.


(George Hare) #14

Simeon,
Did you solve this? I am having exactly the same problem with a clean installation of ODK2 on a clean Ubuntu 18.04 machine.

Thanks


(George Hare) #15

Solved it! I needed to go into the 500 group and add my username to it by adding the attribute which wasn't displayed.

Thanks.

I still can't get logged on to the web-ui. I have tried re-installing everything. This is a clean install of ODK2 on a clean ubuntu 18.04 machine.

I really need to get this up and running for a demonstration.

web-ui logs:

2019-02-06 03:48:11.049 INFO 6 --- [nio-8080-exec-3] bServiceDelegatingAuthenticationProvider : Logging in with http://sync:8080/odktables/{appId}/privilegesInfo
2019-02-06 03:48:11.099 INFO 6 --- [nio-8080-exec-3] bServiceDelegatingAuthenticationProvider : Received an exception when getting granted roles

openldap logs:

5c5a58fb conn=1033 fd=12 ACCEPT from IP=10.0.2.4:47468 (IP=0.0.0.0:389)
5c5a58fb conn=1033 op=0 BIND dn="uid=ghare,ou=people,dc=example,dc=org" method=128
5c5a58fb conn=1033 op=0 BIND dn="uid=ghare,ou=people,dc=example,dc=org" mech=SIMPLE ssf=0
5c5a58fb conn=1033 op=0 RESULT tag=97 err=0 text=
5c5a58fb conn=1033 op=1 SRCH base="uid=ghare,ou=people,dc=example,dc=org" scope=0 deref=3 filter="(objectClass=*)"
5c5a58fb conn=1033 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
5c5a58fb conn=1033 op=2 UNBIND
5c5a58fb conn=1033 fd=12 closed
5c5a58fb conn=1034 fd=12 ACCEPT from IP=10.0.2.4:47470 (IP=0.0.0.0:389)
5c5a58fb conn=1034 op=0 BIND dn="cn=readonly,dc=example,dc=org" method=128
5c5a58fb conn=1034 op=0 BIND dn="cn=readonly,dc=example,dc=org" mech=SIMPLE ssf=0
5c5a58fb conn=1034 op=0 RESULT tag=97 err=0 text=
5c5a58fb conn=1034 op=1 SRCH base="ou=default_prefix,ou=groups,dc=example,dc=org" scope=2 deref=3 filter="(memberUid=ghare)"
5c5a58fb conn=1034 op=1 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation
5c5a58fb <= mdb_equality_candidates: (memberUid) not indexed
5c5a58fb conn=1034 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
5c5a58fb conn=1034 op=2 UNBIND
5c5a58fb conn=1034 fd=12 closed
5c5a58fb connection_read(12): no connection!

The web-ui seems to connect to openldap and searches for the uid. openldap doesn't appear to return any errors and only a single entry, which I would expect?

Thanks