LDAP sync command line does nothing

[matutter]

Debug mode

• I have enabled debug mode
• I have read checked the Common Issues page

Describe the bug

In a fresh instance deployed via docker-compose the command-line LDAP sync does not have any effect or produce any output. Syncing via the web page works correctly and syncs / creates LDAP users as expected.

Here are variations of the commands tried:

# Run as "nginx" user
docker-compose exec -u 1000 -w /var/www/html/ snipeit php artisan snipeit:ldap-sync -vvv -n --summary

# Run as root
docker-compose exec -w /var/www/html/ snipeit php artisan snipeit:ldap-sync -vvv -n --summary

# Run as root
docker-compose exec -w /var/www/html/ snipeit php artisan snipeit:ldap-sync --summary

Reproduction steps

1. Deploy SnipeIT via docker-compose.
2. In a browser login and configure LDAP settings.
3. Run docker-compose exec to perform LDAP sync ( commands above ).
4. Observe no output in the terminal.
5. In a browser check the /users page.
6. Observe user's have not been synced or created.

Expected behavior

LDAP user's are synced or created when LDAP sync is run via command-line.

Screenshots

Video shows command-line having no output.

Video shows user refresh page after command-line sync. No changes are seen. Then user issues an LDAP sync from the browser and changes are observed.

Snipe-IT Version

vV5.4.1 - build 6746 (master)

Operating System

Ubuntu / docker

Web Server

NGINX

PHP Version

7.4.26

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

No response

Additional context

No response

[snipe]

Shouldn’t need to though - Snipe-IT v5.4.x works just fine on 7.4. (It’s what we use on the hosted platform, and we run cli crons for customers all the time, so it still feels like something else is weird.)

[matutter]

I've completely cannibalized the environment several times and this issue ( and others ) remain. The compose file I'm using is below. And there are no logs in /config/storage/logs/laravel.log either.

This probably a tangent but I'll mention this since it also involves the CLI, I'm also finding it strange that API tokens generated with Artisan aren't able to authenticate API requests.

php artisan passport:client --personal --name=ansible-token-1 --user_id=1
# Client ID: 20
# Client secret: hcwPhf9QyK6G7diKGQ3jhGYoQhpzPt0LICoDpOLW

curl -k -X GET -H 'Accept: application/json' -H 'Content-Type: application/json' -H 'Authorization: Bearer hcwPhf9QyK6G7diKGQ3jhGYoQhpzPt0LICoDpOLW' https://snipeit.test.lab/api/v1/users
# {"error":"Unauthorized or unauthenticated."}

I'm aware there's passwords in it - this is just a test environment.

version: '3.9'
networks:
  snipeit_private: {}
services:
  snipeit_db:
    image: mariadb:10.8
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: df3094ca3d962d0fcfde7405d565f7bb8d313bbec2e6178ae1bb40ae55a29531
      MYSQL_DATABASE: snipeit
      MYSQL_USER: snipeit
      MYSQL_PASSWORD: 94f624fc7245b93df04ba1a4d0eb38faa60cd2f5edbfa8b05708a3d4626b360c
      MYSQL_PORT_3306_TCP_ADDR: snipeit_db
      MYSQL_PORT_3306_TCP_PORT: '3306'
    networks:
      snipeit_private: {}
    volumes:
    - /home/ansi-5928db17/pod/test/snipeit/mariadb:/var/lib/mysql
    healthcheck:
      test:
      - CMD
      - mysqladmin
      - ping
      - --user=root
      - --password=df3094ca3d962d0fcfde7405d565f7bb8d313bbec2e6178ae1bb40ae55a29531
      interval: 10s
      timeout: 5s
      retries: 5
  snipeit:
    image: linuxserver/snipe-it:5.4.1
    depends_on:
      snipeit_db:
        condition: service_healthy
    networks:
      snipeit_private: {}
    volumes:
    - /home/ansi-5928db17/pod/test/snipeit/config:/config
    environment:
      PUID: '1000'
      PGID: '1000'
      APP_URL: https://snipeit.test.lab
      NGINX_APP_URL: snipeit.test.lab
      APP_LOCALE: en
      APP_TIMEZONE: US/Eastern
      APP_ENV: production
      APP_DEBUG: 'false'
      MYSQL_PORT_3306_TCP_ADDR: snipeit_db
      MYSQL_PORT_3306_TCP_PORT: '3306'
      MYSQL_DATABASE: snipeit
      MYSQL_USER: snipeit
      MYSQL_PASSWORD: 94f624fc7245b93df04ba1a4d0eb38faa60cd2f5edbfa8b05708a3d4626b360c
    labels:
    - traefik.enable=true
    - traefik.http.routers.snipeit.tls=true
    - traefik.http.routers.snipeit.entrypoints=websecure
    - traefik.http.routers.snipeit.rule=Host(`snipeit.test.lab`)
    - traefik.http.routers.snipeit.service=snipeit-svc
    - traefik.http.services.snipeit-svc.loadbalancer.server.port=80

[matutter]

I've noticed that the command line isn't even connecting to my LDAP server. So I ran strace -f php artisan snipeit:ldap-sync --summary in the container. Trace is attached.

trace.txt

This confirms there's nothing attempting to connect to LDAP; which is 172.18.0.2 in this network.

[matutter]

When I inlined several fputs to STDOUT I see the following error:

Exception: Your app key has changed! Could not decrypt LDAP password using your current app key, so LDAP authentication has been disabled. Login with a local account, update the LDAP password and re-enable it in Admin > Settings. in /var/www/html/app/Models/Ldap.php:153
Stack trace:
#0 /var/www/html/app/Console/Commands/LdapSync.php(64): App\Models\Ldap::bindAdminToLdap()
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(36): App\Console\Commands\LdapSync->handle()
#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Util.php(37): Illuminate\Container\BoundMethod::Illuminate\Container\{closure}()
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(93): Illuminate\Container\Util::unwrapIfClosure()
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(37): Illuminate\Container\BoundMethod::callBoundMethod()
#5 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(590): Illuminate\Container\BoundMethod::call()
#6 /var/www/html/vendor/laravel/framework/src/Illuminate/Console/Command.php(134): Illuminate\Container\Container->call()
#7 /var/www/html/vendor/symfony/console/Command/Command.php(255): Illuminate\Console\Command->execute()
#8 /var/www/html/vendor/laravel/framework/src/Illuminate/Console/Command.php(121): Symfony\Component\Console\Command\Command->run()
#9 /var/www/html/vendor/symfony/console/Application.php(1009): Illuminate\Console\Command->run()
#10 /var/www/html/vendor/symfony/console/Application.php(273): Symfony\Component\Console\Application->doRunCommand()
#11 /var/www/html/vendor/symfony/console/Application.php(149): Symfony\Component\Console\Application->doRun()
#12 /var/www/html/vendor/laravel/framework/src/Illuminate/Console/Application.php(93): Symfony\Component\Console\Application->run()
#13 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(131): Illuminate\Console\Application->run()
#14 /var/www/html/artisan(35): Illuminate\Foundation\Console\Kernel->handle()

This comes from app/Console/Commands/LdapSync.php#L68. Without my edits the LOG::info($e) doesn't display anything. This is a clean deployment of linuxserver/snipe-it:5.4.1 and the password works when I do or test the syn from the UI.

Where is this info supposed to be shown?

[EDIT] Seems that error message is suppressing the original error:

RuntimeException: No application encryption key has been specified. in /var/www/html/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php:80
Stack trace:
#0 /var/www/html/vendor/laravel/framework/src/Illuminate/Support/helpers.php(422): Illuminate\Encryption\EncryptionServiceProvider->Illuminate\Encryption\{closure}()
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(84): tap()
#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(61): Illuminate\Encryption\EncryptionServiceProvider->key()
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(33): Illuminate\Encryption\EncryptionServiceProvider->parseKey()
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(799): Illuminate\Encryption\EncryptionServiceProvider->Illuminate\Encryption\{closure}()
#5 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(681): Illuminate\Container\Container->build()
#6 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(785): Illuminate\Container\Container->resolve()
#7 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(629): Illuminate\Foundation\Application->resolve()
#8 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(770): Illuminate\Container\Container->make()
#9 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(1245): Illuminate\Foundation\Application->make()
#10 /var/www/html/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php(198): Illuminate\Container\Container->offsetGet()
#11 /var/www/html/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php(166): Illuminate\Support\Facades\Facade::resolveFacadeInstance()
#12 /var/www/html/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php(255): Illuminate\Support\Facades\Facade::getFacadeRoot()
#13 /var/www/html/app/Models/Ldap.php(150): Illuminate\Support\Facades\Facade::__callStatic()
#14 /var/www/html/app/Console/Commands/LdapSync.php(64): App\Models\Ldap::bindAdminToLdap()

[matutter]

I changed my distro to snipe/snipe-it:5.4.2 and ran php artisan passport:install and now everything works. Seems this is an issue with the linuxserver packaging. Closing this.