phpLDAPadmin and my SLAPD (SAMBA4 DC Ldap, Windows Server 2019 ) not working - no data instead of ldap data tree

[guega2GitHub]

I have a Debian Host (as XEN Dom0) running
Windows Server 2019
SAMBA 4.20
Slapd 2.5.18 (Openldap)
ldapsearch works fine on all of them, including Administrator bind

--- Issue 1 docker pull

https://hub.docker.com/r/leenooks/phpldapadmin:
docker pull leenooks/phpldapadmin --> gives error no manifest
Under Tags: docker pull leenooks/phpldapadmin:2.0.0-dev --> works
run docker run -it --rm leenooks/phpldapadmin:2.0.0-dev ./artisan key:generate --show --> works except
APP_KEY was created but obviously not used --> I permanently got a missing APP_KEY exception
Eventually I put an -e APP_KEY ins the docker run string like this
docker run ... -e APP_KEY='base64:tcQT5EwBa/e0Q5XhvAcn7P1m2vSsb5WuelEJ0tNGqG0=' ...
Then it worked.

--- Issue 2 no BASE_DN

In the running image I first tried to edit the .env file
APP_URL='http://pla1.intern.example.com:8000' (works in a browser)
APP_TIMEZONE='Europe/Berlin'
LDAP_NAME='PLA1SLAPD'
LDAP_HOST='pla1.intern.example.com'
LDAP_PORT=1389
LDAP_USERNAME='cn=admin,dc=intern,dc=example,dc=com' <-- I guess this is the binddn?
LDAP_PASSWORD='xxxxxx' <-- I guess this is the bindpass?
LDAP_LOGIN_ATTR='mail' (or uid or samaccountname etc)
LDAP_LOGIN_OBJECTCLASS='user,person,posixAccount,organizationalPerson'
LDAP_BASE_DN='o=mail,dc=intern,dc=example,dc=com' <-- gets ignored?

These values took me to a login-page, where every combination of userid/pass yielded a non instructive whoops messages or a php exception

Then I added all these ENV variables to the docker run statement via -e which brought me at least to the expected PLA-startpage

But my SLAPD server (as well as SAMBA4 WindowsServer2019) showed up with "do-data" there.
Clicking the no-data entry yields a php-exception:

THE PAYLOAD IS INVALID
public function dn_frame(Request $request) {
$dn = Crypt::decryptString($request->post('key')); <-- This is highlighted
$page_actions = collect(['edit'=>TRUE,'copy'=>TRUE]);
return view('frames.dn')
->with('o',config('server')->fetch($dn))

Digging deeper I found out that there is no BASE_DN value available.
The function Server::baseDNs() calls rootDSE()
The latter throws en exception (invalid credentials)
Helas, ldapsearch doesn't think so, At least the credentials in the ENV are correct.

The link "Server-Info" on the PLA-startpage works but entryDN is empty
If I try to use the login-link in the top level menu I get the Whoops message: my (otherwise working) credentials are not working

--- Issue 3 More trouble: The "connection" variable seems to be null.

What is the difference between the values in the ldap.php file: connections end the ENV? Precedence?

It tried the (old) phpLDAPadmin configuration method via config.php.
Using the (old) phpLDAPadmin config.php leads to a sudden death of this app.
These files should be removed alltogether if this is no longer the expected way to configure this app.

Then I put this in the ldap.php file:
'default' => env('LDAP_CONNECTION','PLA1SLAPD'),
'connections' => [
'PLA1SLAPD' => [
'hosts' => [env('LDAP_HOST', 'pla1.example.com')],
'username' => env('LDAP_USERNAME','cn=admin,dc=intern,dc=example,dc=com'),
'password' => env('LDAP_PASSWORD','xxxxxxxx),
'port' => env('LDAP_PORT', 1389),
'base_dn' => env('LDAP_BASE_DN', 'o=mail,dc=intern,dc=example,dc=com'),
'timeout' => env('LDAP_TIMEOUT',10),
'use_ssl' => env('LDAP_SSL', false),
'use_tls' => env('LDAP_TLS', false),
'name' => env('LDAP_NAME','SLAPD LDAP Server'),
],
],
I made this file reboot-survivable by creating a docker -v link
Are these values used? My PLA-startpage does not bother.

--- issue 4 php.ini

Is the php.ini in /usr/local/php used? I randomly get
PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 1310720 bytes) in /var/www/html/vendor/laravel/framework/src/Illuminate/Cache/FileStore.php on line 310
memory size is currently 1024m

-- issue 5 https und nginxs ports

No nginx https config in the image available, I will use my own.
I use a port redirect in docker run like -p 8000:80 since the port 80 is already used on the host.
Could this lead to any problems (I guess not).

--- Help needed.

I would try to help but this php laravel framework is beyond decipherable.
I wasn't able to find the code, where $connection, $user, LDAP account validation are populated or executed.
At least it would be helpful if the docker log verbosity could be increased.

[sdousley]

I'm also getting the issue with memory limits - when using master, or the 2.0.0-dev docker container.

For now, I have reverted to using v1.2.6.7, which doesn't appear to have the memory limit issue.

[leenooks]

When submitting issues, please ONE issue per submission. That said:

1. The APP_KEY is now created automatically, but you should still manually use it for persistence between container refreshes, and folks in the middle of a session.

2. I dont understand this issue, please open a new github issue with screenshots and a copy of your log file.

3. PLA configuration from v1.x will not work with v2. The old version files will be removed when PLA v2 is ready for release.

4. Excess memory usage has been fixed in the latest 2.0.0-DEV container

5. There is no https inside the container, it's expected that you do your SSL termination outside the container. That said, with the change to frankenphp it should be possible to have https inside the container now.