LDAP is working for staff/agent/admin logins, but it isn't working for client logins on my test site. I am seeing an "Invalid CSRF Token CSRFToken" error in the osTicket system logs. Details of the error are: Invalid CSRF token [2edbd1ad8e0561d7c2da9c5ba862700fb2d6ff5c] on https://itsupporttest.example.local/login.php
When the user attempts to logs in, this is what they see:
This page isn’t working
itsupporttest.example.local is currently unable to handle this request.
HTTP ERROR 500
I have also noticed that when trying to add a new user in the user directory, lookup of LDAP isn't working. In the production site, if I start typing a user's name that doesn't exist in the osTicket directory, it autocompletes it and fills in the fields. This doesn't work on the test site.
The production site and test site are both running LDAP plugin 0.6.2. The production site is v1.15.2 and the test site is 1.17.2. The production site is Ubuntu 20.04 with Apache/2.4.41 and PHP 7.4.3. The test site is Ubuntu 22.04 with Apache/2.4.52 and PHP 8.1.2-1ubuntu2.9. The databases are on a separate server, same version: MySQL 8.0.31. LDAP is Active Directory on Windows 2019.
In other threads, I found reference to a few patches that I have applied, but these didn't help with the problems: session: Regenerate Session Id #6379 and issue: LDAP Multi-Instance Fatal Error #6403. In one other thread it referenced trying to add a new user that didn't exist in the directory before, so I tried that but that user was unable to log in as well. But that issue seemed to be related to differing versions of the LDAP plugin when upgrading, which isn't relevant to my problem since both servers are running LDAP 0.6.2.