starred/lldap-lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-04-25 08:15:52 +03:00
Code Issues 101 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #282] migration-tool does not create valid JWT token for user migration (docker: :latest) #104

New issue
Closed
opened 2026-02-27 08:15:15 +03:00 by kerem · 1 comment
kerem commented 2026-02-27 08:15:15 +03:00
Owner
Copy link

Originally created by @aroberts on GitHub (Aug 2, 2022).
Original GitHub issue: https://github.com/lldap/lldap/issues/282

I'm running the migration tool from the running lldap image (:latest), and things seem to go alright until I actually try to run operations on lldap. The tool seems to connect to ldap and lldap ok, but then the user import fails:

The migration tool requires access to both the original LDAP server and the HTTP API of the target LLDAP server.
✔ Are you ready to start? · Yes
✔ LDAP_URL (ldap://...) · ldap://openldap
Server found
✔ LDAP_BIND_DN (cn=...) · cn=admin,dc=example,dc=com
✔ LDAP_BIND_PASSWORD · [hidden]
Connection established
✔ LLDAP_URL (http://...) · http://localhost
✔ LLDAP_USERNAME (default=admin) · admin
✔ LLDAP_PASSWORD · [hidden]
Successfully connected to LLDAP
✔ Do you want to import users? · Yes
Error: error from an LLDAP response

Caused by:
    HTTP status client error (401 Unauthorized) for url (http://localhost:17170/api/graphql)
/app #

LLDAP logs

today at 12:01:54 AM2022-08-02T04:01:54.353064608+00:00 INFO     HTTP request [ 816µs | 7.86% / 100.00% ]
today at 12:01:54 AM2022-08-02T04:01:54.353070671+00:00 INFO     ┝━ i [info]:  | uri: /auth/opaque/login/start
today at 12:01:54 AM2022-08-02T04:01:54.353120665+00:00 DEBUG    ┝━ opaque_login_start [ 752µs | 0.72% / 92.14% ]
today at 12:01:54 AM2022-08-02T04:01:54.353122627+00:00 DEBUG    │  ┕━ login_start [ 746µs | 80.28% / 91.42% ]
today at 12:01:54 AM2022-08-02T04:01:54.353124235+00:00 DEBUG    │     ┕━ get_password_file_for_user [ 90.8µs | 11.13% ]
today at 12:01:54 AM2022-08-02T04:01:54.353933121+00:00 INFO     ┕━ i [info]:  | status_code: 200
today at 12:01:54 AM2022-08-02T04:01:54.470710443+00:00 INFO     HTTP request [ 371µs | 7.58% / 100.00% ]
today at 12:01:54 AM2022-08-02T04:01:54.470716283+00:00 INFO     ┝━ i [info]:  | uri: /auth/opaque/login/finish
today at 12:01:54 AM2022-08-02T04:01:54.470743062+00:00 DEBUG    ┝━ opaque_login_finish [ 343µs | 6.75% / 92.42% ]
today at 12:01:54 AM2022-08-02T04:01:54.470744959+00:00 DEBUG    │  ┝━ login_finish [ 21.1µs | 5.68% ]
today at 12:01:54 AM2022-08-02T04:01:54.470783299+00:00 DEBUG    │  ┕━ get_login_successful_response [ 297µs | 11.75% / 79.98% ]
today at 12:01:54 AM2022-08-02T04:01:54.470785472+00:00 DEBUG    │     ┝━ get_user_groups [ 196µs | 52.90% ]
today at 12:01:54 AM2022-08-02T04:01:54.470790744+00:00 DEBUG    │     │  ┝━ 🐛 [debug]:  | user_id: UserId("admin")
today at 12:01:54 AM2022-08-02T04:01:54.470897551+00:00 DEBUG    │     │  ┝━ 🐛 [debug]:  | query: SELECT "groups"."group_id", "display_name", "creation_date", "uuid" FROM "groups" INNER JOIN "memberships" ON "groups"."group_id" = "memberships"."group_id" WHERE "user_id" = ?
today at 12:01:54 AM2022-08-02T04:01:54.471075755+00:00 DEBUG    │     │  ┕━ 🐛 [debug]:  | return: {GroupDetails { group_id: GroupId(1), display_name: "lldap_admin", creation_date: 2022-08-01T17:50:29.677689041Z, uuid: Uuid("eb609bdd-c329-3caf-b14a-56af7e605679") }}
today at 12:01:54 AM2022-08-02T04:01:54.471081440+00:00 DEBUG    │     ┕━ create_refresh_token [ 57.0µs | 15.34% ]
today at 12:01:54 AM2022-08-02T04:01:54.471083659+00:00 DEBUG    │        ┝━ 🐛 [debug]:  | user: UserId("admin")
today at 12:01:54 AM2022-08-02T04:01:54.471103610+00:00 DEBUG    │        ┕━ 🐛 [debug]:  | query: INSERT INTO "jwt_refresh_storage" ("refresh_token_hash", "user_id", "expiry_date") VALUES (?, ?, ?)
today at 12:01:54 AM2022-08-02T04:01:54.473701834+00:00 INFO     ┕━ i [info]:  | status_code: 200
today at 12:01:56 AM2022-08-02T04:01:56.535300829+00:00 INFO     HTTP request [ 35.3µs | 83.94% / 100.00% ]
today at 12:01:56 AM2022-08-02T04:01:56.535307202+00:00 INFO     ┝━ i [info]:  | uri: /api/graphql
today at 12:01:56 AM2022-08-02T04:01:56.535325285+00:00 DEBUG    ┝━ check_if_token_is_valid [ 5.67µs | 16.06% ]
today at 12:01:56 AM2022-08-02T04:01:56.535330742+00:00 ERROR    │  ┕━ 🚨 [error]:  | error: Invalid JWT
today at 12:01:56 AM2022-08-02T04:01:56.535345006+00:00 ERROR    ┝━ 🚨 [error]:  | error: "Invalid JWT"
today at 12:01:56 AM2022-08-02T04:01:56.535347611+00:00 WARN     ┕━ 🚧 [warn]: Error encountered while processing the incoming HTTP request: "Invalid JWT"```
Originally created by @aroberts on GitHub (Aug 2, 2022). Original GitHub issue: https://github.com/lldap/lldap/issues/282 I'm running the migration tool from the running lldap image (`:latest`), and things seem to go alright until I actually try to run operations on lldap. The tool seems to connect to ldap and lldap ok, but then the user import fails: ```/app # ./migration-tool The migration tool requires access to both the original LDAP server and the HTTP API of the target LLDAP server. ✔ Are you ready to start? · Yes ✔ LDAP_URL (ldap://...) · ldap://openldap Server found ✔ LDAP_BIND_DN (cn=...) · cn=admin,dc=example,dc=com ✔ LDAP_BIND_PASSWORD · [hidden] Connection established ✔ LLDAP_URL (http://...) · http://localhost ✔ LLDAP_USERNAME (default=admin) · admin ✔ LLDAP_PASSWORD · [hidden] Successfully connected to LLDAP ✔ Do you want to import users? · Yes Error: error from an LLDAP response Caused by: HTTP status client error (401 Unauthorized) for url (http://localhost:17170/api/graphql) /app # ``` LLDAP logs ``` today at 12:01:54 AM2022-08-02T04:01:54.353064608+00:00 INFO HTTP request [ 816µs | 7.86% / 100.00% ] today at 12:01:54 AM2022-08-02T04:01:54.353070671+00:00 INFO ┝━ i [info]: | uri: /auth/opaque/login/start today at 12:01:54 AM2022-08-02T04:01:54.353120665+00:00 DEBUG ┝━ opaque_login_start [ 752µs | 0.72% / 92.14% ] today at 12:01:54 AM2022-08-02T04:01:54.353122627+00:00 DEBUG │ ┕━ login_start [ 746µs | 80.28% / 91.42% ] today at 12:01:54 AM2022-08-02T04:01:54.353124235+00:00 DEBUG │ ┕━ get_password_file_for_user [ 90.8µs | 11.13% ] today at 12:01:54 AM2022-08-02T04:01:54.353933121+00:00 INFO ┕━ i [info]: | status_code: 200 today at 12:01:54 AM2022-08-02T04:01:54.470710443+00:00 INFO HTTP request [ 371µs | 7.58% / 100.00% ] today at 12:01:54 AM2022-08-02T04:01:54.470716283+00:00 INFO ┝━ i [info]: | uri: /auth/opaque/login/finish today at 12:01:54 AM2022-08-02T04:01:54.470743062+00:00 DEBUG ┝━ opaque_login_finish [ 343µs | 6.75% / 92.42% ] today at 12:01:54 AM2022-08-02T04:01:54.470744959+00:00 DEBUG │ ┝━ login_finish [ 21.1µs | 5.68% ] today at 12:01:54 AM2022-08-02T04:01:54.470783299+00:00 DEBUG │ ┕━ get_login_successful_response [ 297µs | 11.75% / 79.98% ] today at 12:01:54 AM2022-08-02T04:01:54.470785472+00:00 DEBUG │ ┝━ get_user_groups [ 196µs | 52.90% ] today at 12:01:54 AM2022-08-02T04:01:54.470790744+00:00 DEBUG │ │ ┝━ 🐛 [debug]: | user_id: UserId("admin") today at 12:01:54 AM2022-08-02T04:01:54.470897551+00:00 DEBUG │ │ ┝━ 🐛 [debug]: | query: SELECT "groups"."group_id", "display_name", "creation_date", "uuid" FROM "groups" INNER JOIN "memberships" ON "groups"."group_id" = "memberships"."group_id" WHERE "user_id" = ? today at 12:01:54 AM2022-08-02T04:01:54.471075755+00:00 DEBUG │ │ ┕━ 🐛 [debug]: | return: {GroupDetails { group_id: GroupId(1), display_name: "lldap_admin", creation_date: 2022-08-01T17:50:29.677689041Z, uuid: Uuid("eb609bdd-c329-3caf-b14a-56af7e605679") }} today at 12:01:54 AM2022-08-02T04:01:54.471081440+00:00 DEBUG │ ┕━ create_refresh_token [ 57.0µs | 15.34% ] today at 12:01:54 AM2022-08-02T04:01:54.471083659+00:00 DEBUG │ ┝━ 🐛 [debug]: | user: UserId("admin") today at 12:01:54 AM2022-08-02T04:01:54.471103610+00:00 DEBUG │ ┕━ 🐛 [debug]: | query: INSERT INTO "jwt_refresh_storage" ("refresh_token_hash", "user_id", "expiry_date") VALUES (?, ?, ?) today at 12:01:54 AM2022-08-02T04:01:54.473701834+00:00 INFO ┕━ i [info]: | status_code: 200 today at 12:01:56 AM2022-08-02T04:01:56.535300829+00:00 INFO HTTP request [ 35.3µs | 83.94% / 100.00% ] today at 12:01:56 AM2022-08-02T04:01:56.535307202+00:00 INFO ┝━ i [info]: | uri: /api/graphql today at 12:01:56 AM2022-08-02T04:01:56.535325285+00:00 DEBUG ┝━ check_if_token_is_valid [ 5.67µs | 16.06% ] today at 12:01:56 AM2022-08-02T04:01:56.535330742+00:00 ERROR │ ┕━ 🚨 [error]: | error: Invalid JWT today at 12:01:56 AM2022-08-02T04:01:56.535345006+00:00 ERROR ┝━ 🚨 [error]: | error: "Invalid JWT" today at 12:01:56 AM2022-08-02T04:01:56.535347611+00:00 WARN ┕━ 🚧 [warn]: Error encountered while processing the incoming HTTP request: "Invalid JWT"```
kerem closed this issue 2026-02-27 08:15:15 +03:00
kerem commented 2026-02-27 08:15:16 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Aug 3, 2022):

It seems we didn't migrate the migration tool when we changed the login response to JSON.

<!-- gh-comment-id:1203647678 --> @nitnelave commented on GitHub (Aug 3, 2022): It seems we didn't migrate the migration tool when we changed the login response to JSON.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/github_actions/codecov/codecov-action-6
copilot/fix-equality-filters-list-attributes
dependabot/github_actions/docker/build-push-action-7
dependabot/github_actions/docker/metadata-action-6
dependabot/github_actions/docker/setup-buildx-action-4
dependabot/github_actions/docker/login-action-4
copilot/update-download-artifact-action
copilot/fix-opensuse-warnings
copilot/fix-1268
copilot/fix-727
copilot/fix-898
copilot/fix-1256
copilot/fix-1251
copilot/fix-1249
copilot/fix-1206
user-attribute-form
user-ui
group-ui
server-user-attribute-schema
crates
haveibeenpwned
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.0.1
Labels
Clear labels   
backend

   
blocked

   
bug

   
cleanup

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
frontend

   
github_actions

   
good first issue

   
help wanted

   
help wanted

   
integration

   
invalid

   
ldap

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
rust

   
rust

   
tests

   
wontfix
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/lldap-lldap#104
No description provided.