The access token in the ldap connection used by the module doesn't seem to get updated. How to reproduce: - Open the users module (to open an ldap connection) - wait 8 minutes (5 minute access token lifetime, can be configured in keycloak for the umc client + 3 minutes oauthbearer_grace, see /etc/ldap/sasl2/slapd.conf) - restart slapd (to force close the ldap connection, you could also wait for the ldap server to close it) - try to open a user (you should now see 401 errors on the web console) This should already work for saml, please test that :) I suspect the missing implementation of the `this.backChannelOIDC` function: https://git.knut.univention.de/univention/ucs/-/blob/5.2-0/management/univention-management-console/www/login/main.js?ref_type=heads#L372
Relevant error messages: - UMC 23.08.24 07:07:13.944 MAIN ( ERROR ) : Failed to open LDAP connection: An error during LDAP authentication happened. Auth type: OIDC; SAML message length: 1454; DN length: 41; Original Error: {'desc': 'Invalid credentials', 'info': 'SASL(-13): authentication failure: claim expired or not yet valid: now=1724389633 exp=1724389302 nbf=0 iat=1724389242'} 23.08.24 07:07:13.945 MODULE ( PROCESS ) : Unauthorized - slapd Aug 23 07:06:09 master slapd[2358]: SASL [conn=1003] Failure: claim expired or not yet valid: now=1724389569 exp=1724389540 nbf=0 iat=17243
univention-management-console-module-udm.yaml 2623c8d907f4 | fix(umc, Bug #57533): update global bind function in UMC UDM module univention-management-console-module-udm (10.0.12-2) 2623c8d907f4 | fix(umc, Bug #57533): update global bind function in UMC UDM module ucs-test (10.0.23-14) 2623c8d907f4 | fix(umc, Bug #57533): update global bind function in UMC UDM module
Verified: * Code review * Functional test * Test case works * Package update * Advisory * No doc update required
<https://errata.software-univention.de/#/?erratum=5.0x1145>