Problems with login in to ODK 2.0 Server web-ui. Incorrect username or password

What is the problem? Please be detailed.

Hi all,
i have some problems with log into the ODK web UI
I access to phpLDAPadmin console (with https://:40000 and login Ok with username “cn=admin,dc=example,dc=org” and the password “admin”.
Add user “webadmin” into ou=people and assign him to group “default_prefix site_admins” (gidNumber=500)
But then, i can’t login in Web-UI, the error message appears (Incorrect username or password.)
Thanks,
Ariel

What ODK tool and version are you using? And on what device and operating system version?
ODK 2 on ubuntu 16.04. and I try to connect to the web-ui from a terminal with windows 7

What you have you tried to fix the problem?
Add user “webadmin” into ou=people and assign him to group “default_prefix site_admins”

Anything else we should know or have? If you have a test form or screenshots or logs, attach here.

@ariel I’m combining your posts into a single topic. Perhaps @Jeff_Beorse can help when he gets a chance.

Hi Ariel,

Looks like your users/groups might not be correctly assigned. In your screenshot, there isn’t a webadmin user but there is an aprincipal. The username to login to Sync Endpoint is the text in the uid field, make sure you have the correct value in that field.

Another possibility is that your Web UI is not configured properly. Could you try visiting /odktables/default/privilegesInfo at the same address as the Web UI and see if you could gain access?

Best,
Li

I am experiencing the exact same issue. What I have tried:

  1. created a user (called it test) as per https://docs.opendatakit.org/odk2/sync-endpoint/#creating-users

  2. Added the user to group gidNumber=500 as described in https://docs.opendatakit.org/odk2/sync-endpoint/#assigning-users-to-groups

  3. Tested that I can find the user via CLI with
    docker exec $(docker ps -f “label=com.docker.swarm.service.name=syncldap_ldap-service” --format ‘{{.ID}}’) ldapsearch -xLLL -D “cn=readonly,dc=example,dc=org” -w readonly -H ldap://ldap-service:389 -b “ou=people,dc=example,dc=org” -s sub ‘uid=test’ * +

  4. Went to the web-ui url and entered the created user, and get prompted that the login credentials are incorrect.

Tried @linl33 suggestion and get a 404:

Blockquote

Any help would be appreciated.
Best,
Fei

Quick update, upon inspecting the logs for sync-web-ui I see the issue seems to with:

2018-07-14 10:10:30.462 INFO 5 — [nio-8080-exec-8] bServiceDelegatingAuthenticationProvider : Logging in with http://sync:8080/odktables/{appId}/privilegesInfo
2018-07-14 10:10:30.506 INFO 5 — [nio-8080-exec-8] bServiceDelegatingAuthenticationProvider : Received an exception when getting granted roles
2018-07-14 10:10:30.506 INFO 5 — [nio-8080-exec-8] bServiceDelegatingAuthenticationProvider : Received 404
2018-07-14 10:10:30.507 INFO 5 — [nio-8080-exec-8] bServiceDelegatingAuthenticationProvider : Received

I think the issue was related to having some other container with nginx configuration, which was conflicting with the settings required by odk/sync-web-ui and the logs seems to have pointed me to the right direction.
So, here’s how I managed to get logged in:

  1. Stopped all containers with the command docker stop $(docker ps -aq)
  2. Re-run steps 2 - 10 as described in https://docs.opendatakit.org/odk2/sync-endpoint/#odk-sync-endpoint-setup
  3. Accessed /web-ui/
  4. entered credentials
  5. Login success.

Hope it helps anyone else having the same issue.

Hi, I have the same problem…

I have installed ODK 2.0 Server on a VirtualBox running Ubuntu Server 18.04. I have access in php LDAP admin from host machine. I have created a user as decripted at https://docs.opendatakit.org/odk2/sync-endpoint/#ldap

But, I cannot login in web-ui …

Is there any specific configuration that I miss?
(I have test all the above.)

Thanks!

Try to visit /odktables/default/tables under the same hostname as the web-ui, and using the same credential. If you’re able to get a valid response back, then the web-ui wasn’t configured properly.

@feisung, where did you find the sync-web-ui logs. I am having exactly the same problem as you but still can’t login.

All good, found them in the Docker container. I get exactly the same error message and have tried the steps you suggested but I still can’t login to the Web-UI

Try to visit odktables/default/tables. See if you can login from there.

The logs are stored in Docker. Use docker logs to get the logs, see link for detail.

@linl33 I get ‘Access Denied’ You do not have permission for this operation.

Simeon,
Did you solve this? I am having exactly the same problem with a clean installation of ODK2 on a clean Ubuntu 18.04 machine.

Thanks

Solved it! I needed to go into the 500 group and add my username to it by adding the attribute which wasn’t displayed.

Thanks.

I still can’t get logged on to the web-ui. I have tried re-installing everything. This is a clean install of ODK2 on a clean ubuntu 18.04 machine.

I really need to get this up and running for a demonstration.

web-ui logs:

2019-02-06 03:48:11.049 INFO 6 — [nio-8080-exec-3] bServiceDelegatingAuthenticationProvider : Logging in with http://sync:8080/odktables/{appId}/privilegesInfo
2019-02-06 03:48:11.099 INFO 6 — [nio-8080-exec-3] bServiceDelegatingAuthenticationProvider : Received an exception when getting granted roles

openldap logs:

5c5a58fb conn=1033 fd=12 ACCEPT from IP=10.0.2.4:47468 (IP=0.0.0.0:389)
5c5a58fb conn=1033 op=0 BIND dn=“uid=ghare,ou=people,dc=example,dc=org” method=128
5c5a58fb conn=1033 op=0 BIND dn=“uid=ghare,ou=people,dc=example,dc=org” mech=SIMPLE ssf=0
5c5a58fb conn=1033 op=0 RESULT tag=97 err=0 text=
5c5a58fb conn=1033 op=1 SRCH base=“uid=ghare,ou=people,dc=example,dc=org” scope=0 deref=3 filter="(objectClass=*)"
5c5a58fb conn=1033 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
5c5a58fb conn=1033 op=2 UNBIND
5c5a58fb conn=1033 fd=12 closed
5c5a58fb conn=1034 fd=12 ACCEPT from IP=10.0.2.4:47470 (IP=0.0.0.0:389)
5c5a58fb conn=1034 op=0 BIND dn=“cn=readonly,dc=example,dc=org” method=128
5c5a58fb conn=1034 op=0 BIND dn=“cn=readonly,dc=example,dc=org” mech=SIMPLE ssf=0
5c5a58fb conn=1034 op=0 RESULT tag=97 err=0 text=
5c5a58fb conn=1034 op=1 SRCH base=“ou=default_prefix,ou=groups,dc=example,dc=org” scope=2 deref=3 filter="(memberUid=ghare)"
5c5a58fb conn=1034 op=1 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation
5c5a58fb <= mdb_equality_candidates: (memberUid) not indexed
5c5a58fb conn=1034 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
5c5a58fb conn=1034 op=2 UNBIND
5c5a58fb conn=1034 fd=12 closed
5c5a58fb connection_read(12): no connection!

The web-ui seems to connect to openldap and searches for the uid. openldap doesn’t appear to return any errors and only a single entry, which I would expect?

Thanks

OK, I’m having the same problem still. I go to https://l2odk2.vmhost.psu.edu/web-ui/login, and enter my newly created admin username and password. I immediately get this:
August 29, 2019 6:03:16 PM UTC
There was an unexpected error (type=Internal Server Error, status=500).
500
Please contact the operator with the above information.

I tried getting the docker logs for the nginx container: The last lines are:
10.255.0.2 - - [29/Aug/2019:18:03:05 +0000] “GET /web-ui/login HTTP/2.0” 200 2641 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0” “-”
10.255.0.2 - - [29/Aug/2019:18:03:05 +0000] “GET /web-ui/css/sitewide.css HTTP/2.0” 200 62 “https://l2odk2.vmhost.psu.edu/web-ui/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0” “-”
10.255.0.2 - - [29/Aug/2019:18:03:16 +0000] “POST /web-ui/login HTTP/2.0” 500 389 “https://l2odk2.vmhost.psu.edu/web-ui/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0” “-”

This really doesn’t give me any more info than that there is a 500 error, which I knew already.

I tried linl33’s suggestion to go to odktables/default/tables, and am prompted by a webserver generated username challenge (in a popup window) and when I authenticate there I just get:

falsefalse

I am not authenticated because if I go back to the root of the site I get the /web-ui/login screen again.

I believe web-ui isn’t configured correctly, but have no clue as to what the actual problem is!
Thanks for any help from anyone.

PS: I have verified that my username, odk2_admin is in ldap and is a member of default_prefix site_admins (gid 500)

Hi,

I’m stuck at this step and trying to follow your instructions but they are sort of unclear, can you please help with this?

Hi @Talha_Qasim i @! As you are new to the community, when you get a chance, please introduce yourself here.

Could you please explain a bit more about what you are trying to do and what problems/questions you are having?

Hi, I’m having the same issue as the OP, as I’m also unable to login to the webui after creating the user in OpenLDAP, I’ve also added the user to the correct group (500), but somehow no luck.

I’m also seeing this in the webui logs.

2019-02-06 03:48:11.049 INFO 6 — [nio-8080-exec-3] bServiceDelegatingAuthenticationProvider : Logging in with http://sync:8080/odktables/{appId}/privilegesInfo

ODK2.0 is running on Ubuntu 18.04 and using certbot.

Any help in this regard would be deeply appreciated.

A fresh setup with only http works fine, but this no login issue arises as soon as i apply the https.

Hi,
I’m recently trying manual server installation on my local system. i’m using windows 10 where Docker is installed and Swarm Mode is enabled. All required docker images has been pulled after running “mvn clean install” in the appropriate directory. But, Incorrect username and password is coming at http://127.0.0.1.

Although, i’m able to create user along with group assignment at https://127.0.0.1:40000.

Any help will be appreciated.

Three possible issues:

  1. I am not sure the cn can have spaces, you can see the uid it removes the space.
  2. You need to add the user to a group. Make sure you do step 5 Setup ODK-X Sync Endpoint with Cloud Services — ODK-X Docs
  3. There needs to be at least one user in group 503.