Skip to content

Problem: No LDAP logs #2932

Open
Open
@rob518183

Description

@rob518183

Issue

I have configured to use LDAP as a login method, but it does not work, and there is not much logged either.

- sudo service semaphore status
Redirecting to /bin/systemctl status semaphore.service
● semaphore.service - Ansible Semaphore
     Loaded: loaded (/etc/systemd/system/semaphore.service; enabled; preset: disabled)
     Active: active (running) since Fri 2025-04-18 15:30:08 CEST; 1min 46s ago
       Docs: https://docs.ansible-semaphore.com/
   Main PID: 15500 (semaphore)
      Tasks: 6 (limit: 48906)
     Memory: 6.9M
        CPU: 45ms
     CGroup: /system.slice/semaphore.service
             └─15500 /usr/bin/semaphore server --config /etc/semaphore/config.json

Apr 18 15:30:08 server.net semaphore[15500]: Loading config
Apr 18 15:30:08 server.net semaphore[15500]: Validating config
Apr 18 15:30:08 server.net semaphore[15500]: Postgres semaphore_user@127.0.0.1:5432 semaphore_db
Apr 18 15:30:08 server.net semaphore[15500]: Tmp Path (projects home) /tmp/semaphore
Apr 18 15:30:08 server.net semaphore[15500]: Semaphore 2.12.17-5767d93-1741607578
Apr 18 15:30:08 server.net semaphore[15500]: Interface
Apr 18 15:30:08 server.net semaphore[15500]: Port :3000
Apr 18 15:30:08 server.net semaphore[15500]: Server is running
Apr 18 15:45:53 server.net semaphore[15500]: time="2025-04-18T15:45:53+02:00" level=error msg="websocket: close 1006 (abnormal closure): unexpected EOF" fields.level=Error
Apr 18 15:45:53 server.net semaphore[15500]: time="2025-04-18T15:45:53+02:00" level=error msg="write tcp 127.0.0.1:3000->127.0.0.1:40792: use of closed network connection" error="Cannot send close message"

These are all different destination ports.

config.json

{
        "postgres": {
                "host": "127.0.0.1:5432",
                "user": "semaphore_user",
                "pass": "pass",
                "name": "semaphore_db",
                "options": {
                        "sslmode": "disable"
                }
        },
        "dialect": "postgres",
        "tmp_path": "/tmp/semaphore",
        "cookie_hash": "t6Yg=",
        "cookie_encryption": "/Shr/n54tmEvN/yKGtZh4=",
        "access_key_encryption": "/eeup46L/mSSPYafPY="
        },
        "force_pull": true,
        "web_host": "http://semaphore.net",
        "ldap_binddn": "CN=SA_Semaphore,OU=Service Accounts,OU=Accounts,DC=DC,DC=net",
        "ldap_bindpassword": "password",
        "ldap_server": "ldaps://DC.net:636/",
        "ldap_searchdn": "OU=Admin Accounts,OU=Accounts,DC=DC,DC=net",
        "ldap_searchfilter": "(&(uid=%s)(memberOf=cn=ROLADM-Satellite,cn=AdminRoles,cn=groups,DC=DC,DC=net",
        "ldap_mappings": {
                "dn": "dn",
                "mail": "mail",
                "uid": "uid",
                "cn": "cn"
        },
        "ldap_enable": true,
        "ldap_needtls": true,
 }

The browser does give me this:

WebSocket connection to 'wss://semaphore.net/api/ws' failed: HTTP Authentication failed; no valid credentials available

Impact

Web-Frontend (what users interact with)

Installation method

Package

Database

Postgres

Browser

Microsoft Edge

Semaphore Version

semaphore version
2.12.17-5767d93-1741607578

Ansible Version

Logs & errors

No response

Manual installation - system information

Linux 5.14.0-503.31.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Mar 6 09:41:44 EST 2025 x86_64 x86_64 x86_64 GNU/Linux

nginx reverse proxy

Configuration

No response

Additional information

Do I need to do something like this? https://serverfault.com/questions/1144501/nginx-as-forward-proxy-for-secure-ldap

Activity

self-assigned this
on Apr 19, 2025
added this to the 2.14 milestone on Apr 19, 2025
kris9854

kris9854 commented on Apr 23, 2025

@kris9854

Just a notice for you that if the user isn't having an email (from what i see you AD join). The claim fails. Try with an account that has an email in your AD.
also you are using ldaps://DC.net:636/
Please test with dc.net:636 instead

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Relationships

None yet

    Participants

    @fiftin@kris9854@rob518183

    Issue actions

      Problem: No LDAP logs · Issue #2932 · semaphoreui/semaphore