We're Hiring!

Mattermost Discussion Forums

Error when logging in as AD/LDAP Users

Summary
Receiving error “createSessionForUserAccessToken: Invalid or missing token” when attempting to logon as AD/LDAP user

Steps to reproduce
Version 6.0.2
LDAP Congfig:

"LdapSettings": {
        "Enable": true,
        "EnableSync": true,
        "LdapServer": "192.168.1.15",
        "LdapPort": 389,
        "ConnectionSecurity": "",
        "BaseDN": "OU=RefugeUsers,DC=refuge,DC=fx",
        "BindUsername": "schaefferp@refuge.fx",
        "BindPassword": "*********************",
        "UserFilter": "",
        "GroupFilter": "",
        "GuestFilter": "",
        "EnableAdminFilter": false,
        "AdminFilter": "",
        "GroupDisplayNameAttribute": "cn",
        "GroupIdAttribute": "objectGUID",
        "FirstNameAttribute": "userPrincipalName",
        "LastNameAttribute": "sn",
        "EmailAttribute": "email",
        "UsernameAttribute": "userPrincipalName",
        "NicknameAttribute": "nickname",
        "IdAttribute": "userPrincipalName",
        "PositionAttribute": "title",
        "LoginIdAttribute": "userPrincipalName",
        "PictureAttribute": "thumbnailPhoto",
        "SyncIntervalMinutes": 60,
        "SkipCertificateVerification": true,
        "PublicCertificateFile": "",
        "PrivateKeyFile": "",
        "QueryTimeout": 60,
        "MaxPageSize": 0,
        "LoginFieldName": "refuge.fx Username",
        "LoginButtonColor": "#0000",
        "LoginButtonBorderColor": "#2389D7",
        "LoginButtonTextColor": "#2389D7",
	"Trace": false
    },

Expected behavior
AD/LSAP Users should be able to logon to mattermost with their userPrincipalName.

Observed behavior
Logon fails with “invailid email address username/password” and error log reads:

{"timestamp":"2021-11-16 10:42:01.645 -08:00","level":"warn","msg":"Error while creating session for user access token","caller":"app/session.go:89","error":"createSessionForUserAccessToken: Invalid or missing token., resource: UserAccessToken id: token=1fdbcmaegtdmpxt95crbor4oey"}