LDAP user, administrator change to user and lost permission


#1

Hello everyone,
That’s my first topic on this forum. Please forgive me my bad english language.
I have virtual machine with :
Distributor ID: Ubuntu
Description: Ubuntu 18.04.2 LTS
Release: 18.04
Codename: bionic
MySQL 5.7.25-0ubuntu0.18.04.2
and PHP 7.2.15-0ubuntu0.18.04.1

I have the problem with only one user accout. Every users loging with LDAP authentication. Some users have administration roles, but one of them lost permission after login. When I setting admin role again, and user login again the role automaticly changed to user.

This is my debug.log

[2019-03-12 11:30:31] [debug] ###############################################
[2019-03-12 10:30:39] [debug] Kanboard\Core\Controller\Runner::executeMiddleware
[2019-03-12 10:30:39] [debug] Subscriber executed: Kanboard\Subscriber\BootstrapSubscriber::execute
[2019-03-12 11:30:39] [debug] Kanboard\Core\Controller\BaseMiddleware::next => Kanboard\Middleware\AuthenticationMiddleware
[2019-03-12 11:30:39] [debug] Kanboard\Core\Controller\BaseMiddleware::next => Kanboard\Middleware\PostAuthenticationMiddleware
[2019-03-12 11:30:39] [debug] Kanboard\Core\Controller\BaseMiddleware::next => Kanboard\Middleware\ApplicationAuthorizationMiddleware
[2019-03-12 11:30:39] [debug] Kanboard\Core\Controller\BaseMiddleware::next => Kanboard\Middleware\ProjectAuthorizationMiddleware
[2019-03-12 11:30:39] [debug] Kanboard\Core\Controller\Runner::executeController => \Kanboard\Controller\UserViewController::show
[2019-03-12 11:30:39] [debug] SQL: SELECT `data` FROM `sessions`   WHERE `id` = ?    LIMIT 1
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.00019693374633789
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.00019693374633789
[2019-03-12 11:30:39] [debug] SQL: SELECT `option`, `value` FROM `settings`
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.0001518726348877
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.00034880638122559
[2019-03-12 11:30:39] [debug] SQL: SELECT projects.id, projects.name FROM `projects` LEFT JOIN `project_has_users` ON `project_has_users`.`project_id`=`projects`.`id`  WHERE project_has_users.user_id = ? AND pro$
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.00022602081298828
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.00057482719421387
[2019-03-12 11:30:39] [debug] SQL: SELECT projects.id, projects.name FROM `projects` LEFT JOIN `project_has_groups` ON `project_has_groups`.`project_id`=`projects`.`id` LEFT JOIN `group_has_users` ON `group_has_$
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.00021195411682129
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.00078678131103516
[2019-03-12 11:30:39] [debug] SQL: SELECT 1 FROM `users`  WHERE `id` = ? AND `is_active` = ? AND `role` = ?
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.00014400482177734
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.0009307861328125
[2019-03-12 11:30:39] [debug] SQL: SELECT * FROM `users`   WHERE `id` = ?    LIMIT 1
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.00014615058898926
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.0010769367218018
[2019-03-12 11:30:39] [debug] SQL: SELECT projects.id, projects.name FROM `projects` LEFT JOIN `project_has_users` ON `project_has_users`.`project_id`=`projects`.`id`  WHERE project_has_users.user_id = ? AND pro$
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.00018310546875
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.0012600421905518
[2019-03-12 11:30:39] [debug] SQL: SELECT projects.id, projects.name FROM `projects` LEFT JOIN `project_has_groups` ON `project_has_groups`.`project_id`=`projects`.`id` LEFT JOIN `group_has_users` ON `group_has_$
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.00017809867858887
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.0014381408691406

[2019-03-12 11:30:39] [debug] SQL: query_duration=0.00017809867858887
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.0014381408691406
[2019-03-12 11:30:39] [debug] SQL: SELECT 1 FROM `user_has_unread_notifications`  WHERE `user_id` = ?
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.00013613700866699
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.0015742778778076
[2019-03-12 11:30:39] [debug] SQL: SELECT 1 FROM `sessions`  WHERE `id` = ?
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.0001068115234375
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.0016810894012451
[2019-03-12 11:30:39] [debug] SQL: UPDATE `sessions` SET `expire_at`=?, `data`=?  WHERE `id` = ?
[2019-03-12 11:30:39] [debug] SQL: query_duration=0.0001988410949707
[2019-03-12 11:30:39] [debug] SQL: total_execution_time=0.0018799304962158
[2019-03-12 11:30:39] [debug] APP: nb_queries=11
[2019-03-12 11:30:39] [debug] APP: rendering_time=0.027752876281738
[2019-03-12 11:30:39] [debug] APP: memory_usage=2.02M
[2019-03-12 11:30:39] [debug] APP: uri=/user/show/7
[2019-03-12 11:30:39] [debug] ###############################################

I would be very grateful for your help


#2

I’ve checked again and all of users who having administrator privileges after logged downgraded to user role. :confused:


#3

I found the solution. It was role synchronization.

// This example will not synchronize the fields "username" and "role" from LDAP to Kanboard.
define('EXTERNAL_AUTH_EXCLUDE_FIELDS', 'username,role');

https://docs.kanboard.org/en/latest/admin_guide/ldap_authentication.html#synchronization