Solved

Authentication failed after upgrade to 24.10.18

Forum|Forum|2 days ago
January 30, 2026
12 replies
47 views

OlivierV
Steward *

Hello All.

I just upgraded the server to 24.10.18 from 24.10.13. No error at all.

After that I was no longer able to log on the console either with my LDAP account or the local admin : I always get a authentication failed error.

I restarted the server, same issue.

In the login.log file there was a message : Authentication failed for 'admin' : invalid credentials

After a few trials I got : [INFO] User is blocked: maximum number of authentication attempts was reached {"contact_alias":"admin"}

I checked the password in the mariadb databse and found i was not correct compared to the hash version. Ok I changed it using that post :

Then the connexion asked me to change the password and now I can log in using the admin password. Ouf !!

But the ldap connexion is still failing. In the centreon-web log file I read that :

[2026-01-30T09:50:20+0100] [ERROR] An error occurred during authentication {"custom":{"trace":"TypeError: ldap_get_entries(): Argument #2 ($result) must be of type LDAP\\Result, bool given in /usr/share/centreon/www/class/centreonLDAP.class.php:370\nStack trace:\n#0 /usr/share/centreon/www/class/centreonLDAP.class.php(370): ldap_get_entries()\n#1 /usr/share/centreon/www/class/centreonContactgroup.class.php(442): CentreonLDAP->findGroupDn()\n#2 /usr/share/centreon/www/class/centreonAuth.LDAP.class.php(301): CentreonContactgroup->syncWithLdap()\n#3 /usr/share/centreon/www/class/centreonAuth.LDAP.class.php(181): CentreonAuthLDAP->updateUserDn()\n#4 /usr/share/centreon/www/class/centreonAuth.class.php(283): CentreonAuthLDAP->checkPassword()\n#5 /usr/share/centreon/www/class/centreonAuth.class.php(202): CentreonAuth->checkLdapPassword()\n#6 /usr/share/centreon/www/class/centreonAuth.class.php(414): CentreonAuth->checkPassword()\n#7 /usr/share/centreon/www/class/centreonAuth.class.php(163): CentreonAuth->checkUser()\n#8 /usr/share/centreon/src/Security/Domain/Authentication/Model/LocalProvider.php(99): CentreonAuth->__construct()\n#9 /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Provider/Local.php(71): Security\\Domain\\Authentication\\Model\\LocalProvider->authenticateOrFail()\n#10 /usr/share/centreon/src/Core/Security/Authentication/Application/UseCase/Login/Login.php(99): Core\\Security\\Authentication\\Infrastructure\\Provider\\Local->authenticateOrFail()\n#11 /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Api/Login/Local/LoginController.php(71): Core\\Security\\Authentication\\Application\\UseCase\\Login\\Login->__invoke()\n#12 /usr/share/centreon/vendor/symfony/http-kernel/HttpKernel.php(181): Core\\Security\\Authentication\\Infrastructure\\Api\\Login\\Local\\LoginController->__invoke()\n#13 /usr/share/centreon/vendor/symfony/http-kernel/HttpKernel.php(76): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw()\n#14 /usr/share/centreon/vendor/symfony/http-kernel/Kernel.php(197): Symfony\\Component\\HttpKernel\\HttpKernel->handle()\n#15 /usr/share/centreon/api/index.php(47): Symfony\\Component\\HttpKernel\\Kernel->handle()\n#16 {main}"},"exception":null,"default":{"request_infos":{"uri":"/centreon/api/latest/authentication/providers/configurations/local","http_method":"POST","server":"centreon.my.domain"}}}

I’m still investigating the Ldap issue but I will appreciate any suggestion.

Have a nice day.

Best answer by Sébastien

Perhaps you could compare a user who can log in with one who can’t ?

mysql centreon -e “select * from contact where contact_name = ‘<username>’ \G”

Sébastien
Centreonian
Forum|Forum|2 days ago
January 30, 2026

Hello,

This documentation should help you:

OlivierV
Author
Steward *
Forum|Forum|2 days ago
January 30, 2026

Hello Sebastien.

Thank you for the reply.

I can log on with the admin password now, only the ldap authentication is failing.

Have a nice day.

+21

lpinsivy
Centreonian
Forum|Forum|2 days ago
January 30, 2026

HI @OlivierV can you enable LDAP authentication debug through Administration > Parameters > Debug menu.

Try to authenticate using a LDAP account.
Then check LDAP log files in /var/log/centreon/ directory.

OlivierV
Author
Steward *
Forum|Forum|2 days ago
January 30, 2026

Hello @lpinsivy

All the debugging options are enabled. In ldap.log I read :

2026-01-30 11:44:44|0|0|0|LDAP AUTH : CN=xxx,OU=Priviledged Accounts,DC=my,DC=domain :: Authentication in progress
2026-01-30 11:44:44|0|0|0|LDAP AUTH : Success
2026-01-30 11:44:44|0|0|0|LDAP AUTH : Updating user DN of xxx
2026-01-30 11:44:44|0|0|0|LDAP AUTH : Updating user DN of xxx

But the interface still displays the following message (twice) : an error occured during authentication.

+21

lpinsivy
Centreonian
Forum|Forum|2 days ago
January 30, 2026

Hi @OlivierV which LDAP directory and which version are you using?

OlivierV
Author
Steward *
Forum|Forum|2 days ago
January 30, 2026

Hi @lpinsivy

Windows AD, w2012 forest and domain level.

Note that importing a new ldap user works fine.

OlivierV
Author
Steward *
Forum|Forum|2 days ago
January 30, 2026

How strange : with my ldap admin account the connection fails, but with my ‘normal’ ldap user account it works.

I imported a new ldap account : it doesn’t work.

Sébastien
Centreonian
Forum|Forum|2 days ago
January 30, 2026

@OlivierV Could you please share the latest error from the log file, along with the LDAP configuration?

/var/log/centreon/centAcl.log
mysql centreon -e 'select * from auth_ressource_info' > /tmp/auth_ressource_info.sql

Don't forget to anonymise your information!

OlivierV
Author
Steward *
Forum|Forum|2 days ago
January 30, 2026

@Sébastien : the last centAcl.log entries :

[2026-01-30 13:16:01] According to DB another instance of centAcl.php is already running and I found 0 process...
Correcting the state in the DB, by setting the `running` value to 0 for id = 1
PHP Warning: ldap_search(): Search: Bad search filter in /usr/share/centreon/www/class/centreonLDAP.class.php on line 369
PHP Fatal error: Uncaught TypeError: ldap_get_entries(): Argument #2 ($result) must be of type LDAP\Result, bool given in /usr/share/centreon/www/class/centreonLDAP.class.php:370
Stack trace:
#0 /usr/share/centreon/www/class/centreonLDAP.class.php(370): ldap_get_entries()
#1 /usr/share/centreon/www/class/centreonContactgroup.class.php(442): CentreonLDAP->findGroupDn()
#2 /usr/share/centreon/cron/centAcl.php(137): CentreonContactgroup->syncWithLdap()
#3 {main}
thrown in /usr/share/centreon/www/class/centreonLDAP.class.php on line 370
[2026-01-30 13:18:01] According to DB another instance of centAcl.php is already running and I found 0 process...
Correcting the state in the DB, by setting the `running` value to 0 for id = 1
PHP Warning: ldap_search(): Search: Bad search filter in /usr/share/centreon/www/class/centreonLDAP.class.php on line 369
PHP Fatal error: Uncaught TypeError: ldap_get_entries(): Argument #2 ($result) must be of type LDAP\Result, bool given in /usr/share/centreon/www/class/centreonLDAP.class.php:370
Stack trace:
#0 /usr/share/centreon/www/class/centreonLDAP.class.php(370): ldap_get_entries()
#1 /usr/share/centreon/www/class/centreonContactgroup.class.php(442): CentreonLDAP->findGroupDn()
#2 /usr/share/centreon/cron/centAcl.php(137): CentreonContactgroup->syncWithLdap()
#3 {main}
thrown in /usr/share/centreon/www/class/centreonLDAP.class.php on line 370
[2026-01-30 13:20:01] According to DB another instance of centAcl.php is already running and I found 0 process...
Correcting the state in the DB, by setting the `running` value to 0 for id = 1
PHP Warning: ldap_search(): Search: Bad search filter in /usr/share/centreon/www/class/centreonLDAP.class.php on line 369
PHP Fatal error: Uncaught TypeError: ldap_get_entries(): Argument #2 ($result) must be of type LDAP\Result, bool given in /usr/share/centreon/www/class/centreonLDAP.class.php:370
Stack trace:
#0 /usr/share/centreon/www/class/centreonLDAP.class.php(370): ldap_get_entries()
#1 /usr/share/centreon/www/class/centreonContactgroup.class.php(442): CentreonLDAP->findGroupDn()
#2 /usr/share/centreon/cron/centAcl.php(137): CentreonContactgroup->syncWithLdap()
#3 {main}
thrown in /usr/share/centreon/www/class/centreonLDAP.class.php on line 370
[2026-01-30 13:22:01] According to DB another instance of centAcl.php is already running and I found 0 process...
Correcting the state in the DB, by setting the `running` value to 0 for id = 1

This seem to be a known error message, not sure it’s related to the case. The events are not time related to the logon.

Now the SQL result :

+-------+-------------------------+---------------------------------------------------------------------+
| ar_id | ari_name | ari_value |
+-------+-------------------------+---------------------------------------------------------------------+
| 1 | alias | samaccountname |
| 1 | bind_dn | |
| 1 | bind_pass | |
| 1 | group_base_search | dc=my,dc=domain |
| 1 | group_filter | (&(samAccountName=%s)(objectClass=group)(samAccountType=268435456)) |
| 1 | group_member | member |
| 1 | group_name | samaccountname |
| 1 | ldap_auto_import | 0 |
| 1 | ldap_auto_sync | 0 |
| 1 | ldap_connection_timeout | |
| 1 | ldap_contact_tmpl | 43 |
| 1 | ldap_default_cg | |
| 1 | ldap_dns_use_domain | |
| 1 | ldap_dns_use_ssl | 0 |
| 1 | ldap_dns_use_tls | 0 |
| 1 | ldap_search_limit | 60 |
| 1 | ldap_search_timeout | 60 |
| 1 | ldap_srv_dns | 0 |
| 1 | ldap_store_password | 0 |
| 1 | ldap_sync_interval | 1 |
| 1 | ldap_template | Active Directory |
| 1 | protocol_version | 3 |
| 1 | user_base_search | dc=my,dc=domain |
| 1 | user_email | mail |
| 1 | user_filter | (&(samAccountName=%s)(objectClass=user)(samAccountType=805306368)) |
| 1 | user_firstname | givenname |
| 1 | user_group | memberOf |
| 1 | user_lastname | sn |
| 1 | user_name | name |
| 1 | user_pager | mobile |
+-------+-------------------------+--------------------------------------------------------------------∓

As said before, some Ldap accounts can log on Centreon, some don’t. But at this time I don’t know where to look at. There is no evident setting difference between the users in Centreon, and there was no change in the AD. I’m going to digg in the database.

Regards.

Sébastien
Centreonian
Answer
Forum|Forum|1 day ago
January 30, 2026

Perhaps you could compare a user who can log in with one who can’t ?

mysql centreon -e “select * from contact where contact_name = ‘<username>’ \G”

Jérémy Jaouen
Centreonian
Forum|Forum|1 day ago
January 30, 2026

Hello, could you try to modify two lines in usr/share/centreon/www/class/centreonLDAP.class.php.

l 367.368

    public function findGroupDn($group): string|false
    {
        if (trim($this->groupSearchInfo['filter']) == '') {
            return false;
        }
        $this->setErrorHandler();
        $escapedGroup = ldap_escape($group, '', LDAP_ESCAPE_FILTER);
        $filter = preg_replace('/%s/', $escapedGroup, $this->groupSearchInfo['filter']);
        $result = ldap_search($this->ds, $this->groupSearchInfo['base_search'], $filter);
        $entries = ldap_get_entries($this->ds, $result);
        restore_error_handler();
        if ($entries['count'] === 0) {
            return false;
        }

        return $entries[0]['dn'];
    }

here, i put you the function with the modification, the filter should be correctly escaped with this. Could you try this modification and keep us on touch if it works for you ?

OlivierV
Author
Steward *
Forum|Forum|1 day ago
January 30, 2026

@Sébastien the point for you ! I was looking at this table but not the correct field. The culprit was in the field contact_ldap_required_sync. All were 0 but mine was 1.

I changed with update contact set contact_ldap_required_sync='0' where contact_id=xx; and it’s ok.

I can’t tell where this value comes from nor what it means, I don’t see an equivalent parameter in parameters/contact-users in Centreon.

Anyway, it’s fixed.

Thank you all who took some time to answer me and helped me fix the issue.

Regards.

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded