This week, we’ve received several reports of people having problems with the email verification process. When they try to click the link in their verification email, they get the following error from ID Dashboard:
LDAP Error
Already exists
Error at Object.<anonymous> (/opt/id/node_modules/LDAP/LDAP.js:16:23) at Module._compile (module.js:449:26) at Object.Module._extensions..js (module.js:467:10) at Module.load (module.js:356:32) at Function.Module._load (module.js:312:12) at Module.require (module.js:362:17) at require (module.js:378:17) at Object.<anonymous> (/opt/id/app/ldap.js:16:18) at Module._compile (module.js:449:26) at Object.Module._extensions..js (module.js:467:10)
They can’t log in or reset their password after this, and the verification doesn’t work of course due to the above error.
A workaround that we’ve been using is:
Delete the “Locked” account in Formage
Recreate it via the normal ID Dashboard page, using the exact same names, email address, and a temporary password, and get an error message that the email address and username exists.
Check that the account now re-appears in Formage, but no longer “Locked”
Log in to Dashboard with the temporary password to verify
Instruct the user to use the password reset feature to reset their password and continue as normal.
This is stopping several people from successfully getting accounts, so we should try to figure out what’s wrong ASAP.
I can look into this but @plypy and @elliott know more and probably can solve it quicker than me – I’d have to look through the code…part of GSoC this year is fixing backend stuff – so this falls under GSoC – it will definitely be fixed but a short-term fix should be implemented ASAP…
From the error message ‘Already exists’, it seems that OpenLDAP has already stored that entry before we ldap_add it. So I think, we’d better check our OpenLDAP.
FYI, here is the flowchart of the normal process of creating a OpenMRS ID, and the error happened in the very last stage associated with OpenLDAP.
Hi, @michael. It seems the problems are getting more and more annoying. If you don’t mind, I want to get the SSH access to our production server, so I can dive deeper into this problem and maybe solve it. Or the only thing I can do now is to guess randomly based on the very limited error log…
And also, I am very sorry to those who are disturbed, I’ll try to figure out why… Some part of the Dashboard seems to get rusty
During my development… I noticed that we’ve lost the track of our production’s version… I think we’d better create a production branch or something else that could track it.
What’s more, @michael please tell me the commit hash of the current Dashboard on production. I’m trying to implement the auto-injection feature for TALK, so I need to know it.
The current master should NOT be deployed in its current state – even post GSoC – I have work I need to do to bring it to production quality. Currently there’s a few things we need to resolve.
Scrutinizing again to the backtrace, this error should be related with ldapadd procedure. It’s either the problem of OpenLDAP or somehow the code have sent more than one ldapadd request.
And based on your workaround and my guess to the current state of Dashboard in production, which should have no delete sync logic from Mongo to LDAP and could dynamic sync user from LDAP to Mongo. See, in your workaround,
User is deleted from Mongo, but remained still in LDAP
Sync is triggered from LDAP to Mongo
Sync in 2. doesn’t create locked flag
…
I’m examining the code as well. But really, the commit hash of current production server would be much helpful!!!
Thanks @elliott; I was tied up this weekend. @plypy in case you need access to production or have specific questions, probably best way to reliably get answers is through email to helpdesk@ or new case at https://help.openmrs.org/
From the error log I downloaded from production server and some tests I did, I can say,
This error happens frequently and earlier than we thought… from April or even earlier, 5 or more times a week.
This problem has created lots of orphan data that only exist in LDAP but not in mongo.
Personally I’d like to say, it should be other LDAP stuff that’s to blame not Dashboard. As they’ll report “Already Exists” though Dashboard only performed only one insert operation… This sucks
Besides… the log is very poor to provide useful information, this needs to changing.
I made a big mistake of rewriting git history – so the code in production was a bit behind…how diverged is your production branch? That’s my only concern.
Protip: rewriting git commit history which others have worked on is bad…if it’s only your work and others don’t have it…then it’s fine.
