After upgrading osTicket 1.16.5 ->1.17.4, users with tickets can't access

pcamps34

PHP 8.0.30.
I do not use Oauth2 plugin, but auth-ldap.
I do the upgrade, everthing is OK, and the database is upgraded successfully.

After that, users try to connect with their LDAP credential and they obtain an "access denied". It is not a LDAP issue, because for a user who has never created a ticket, the access works.
But when an user who had already created tickets tries to authenticate, he gets this "access denied".
If i connect with a local administrator account, and that I delete this user who has (closed) tickets, I get a warning indicating that osTicket will no longer be able to find the user's tickets. I confirm the deletion of the user and after that, the LDAP user can connect and a new account is created.

If a user who has already an account in osTicket 1.16.5, but not again tickets, tries to connect to osTicket 1.17.4, it is a success.
What should I do to fix this issue ? because i don't want lose existing tickets
Thanks

KevinTheJedi

pcamps34

You need to look at older threads on this Forum. This has been asked and answered a few times before with exact instructions on what to do.

Cheers.

pcamps34

Thanks @KevinTheJedi
I've found this thread : https://forum.osticket.com/d/101553-ldap-not-enter-whit-user/10
I was able to fix the issue, but not by replacing the ldap.client backend by, in my case, ldap.client.p3i2 but by deleting this record.
I had to put nothing in the backend, and even after the successful authentication, the backend stays empty.

Why do you not remove the backend in the update process of the database ?

KevinTheJedi

pcamps34

We transform the backend values on upgrade but the caveat is you have to upload the new plugin first before upgrading. Then it should properly convert the backend values. In your case you didn’t have the new plugin in place before upgrading so it failed to do anything to the backend values.

Cheers.

pcamps34

However, I downloaded the zip with osTicket and the plugins from the site https://osticket.com/download/.
You do not provide the new plugin in your download procedure. That is the problem.

What version of the plugin should I have ?
After downloading, I have this :

KevinTheJedi

pcamps34

Just the latest build from our website that is for the respective core version; in this case v1.18.

Cheers.

pcamps34

Sorry @KevinTheJedi , I don't understand your answer.
I started with osTicket 1.12.3 and it was always the same auth-ldap plugin that was provided in the build.

Where can I download the last plugin for osTicket 1.17.4 ?

Regards

KevinTheJedi

pcamps34

On our website. Go to the downloads page, select Plugins tab, select core version (in your case v1.17.4), select the LDAP plugin, and download.

Cheers.

pcamps34

That’s what I did, but we don’t download as expected the latest plugin version

KevinTheJedi

pcamps34

What do you mean exactly? Whatever plugin is downloaded is the latest plugin.

Cheers.

pcamps34

When I update osTicket, I download the ZIP package that contains osTicket.zip and plugins, like auth-ldap.phar.
I copy the files from the upload directory and the plugins to a new folder. So I have the latest versions retrieved from the site. You told me that I didn't have the latest plugin, so I have it by doing this.
We can have a doubt seeing the version of auth-ldap 07/11/2019, we could expect to have something in 2023...
It remains complicated to go from 1.16 to 1.17 with LDAP as your database update procedure is, in my opinion, incomplete and many users have encountered these problems

KevinTheJedi

pcamps34

Well not really sure what happened then as it just seems like you didn’t have latest plugin. 🤷🏼‍♂️

Cheers.

pcamps34

Thanks @KevinTheJedi for all your advice
A last test I've done that could be useful for all.
I deleted an user with their tickets that was already saved in the database.
When the user tried again to connect, osTicket created the user with the backend ldap.client.p2i3.

Regards

KevinTheJedi

pcamps34

Yes, you can update any user with ldap.client backend to ldap.client.p2i3. You described this above and I thought you understood that but it appears you used ldap.client.p3i2 instead of ldap.client.p2i3 so that's most likely why it didn't work.

Cheers.

pcamps34

Exactly that's ldap.client.p2i3 which works (ldap.client.p<plugin_id>i<id>)

Sorry for the confusion

Cheers