Cannot login with LDAP using lldap #158
Assignees
Labels
question
A question about Davis and how it works
Comments
|
Hi @Elbullazul I have unfortunately little experience on LDAP in general to help diagnose. Could you try to set the application in dev mode (APP_ENV=dev) and see the logs you have? |
|
I get a seemingly unrelated HTTP 500 when accessing davis when in dev mode:
the container prints a similar warning: |
|
Ah, yes, indeed, as you need the dev dependencies installed to be able to run in dev mode. You can install them with |
|
composer isn't in the path: how do I run it? sorry, I haven't used PHP before and I'm a little lost |
|
Yes if you're not used to the composer / PHP ecosystem it's not that easy I admit. Run a shell in the container, go to the |
|
Had some trouble with composer, apparently it wasn't installed in the container. Ran There was a lot of stuff in [2024-05-14T19:13:48.488117-04:00] doctrine.INFO: Disconnecting [] []
[2024-05-14T19:13:48.674031-04:00] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\NotFoundHttpException: "No route found for "GET http://davis.localhost/favicon.ico" (from "https://davis.localhost/dav/")" at /var/www/davis/vendor/symfony/http-kernel/EventListener/RouterListener.php line 135 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\NotFoundHttpException(code: 0): No route found for \"GET http://davis.localhost/favicon.ico\" (from \"https://davis.localhost/dav/\") at /var/www/davis/vendor/symfony/http-kernel/EventListener/RouterListener.php:135)\n[previous exception] [object] (Symfony\\Component\\Routing\\Exception\\ResourceNotFoundException(code: 0): No routes found for \"/favicon.ico/\". at /var/www/davis/vendor/symfony/routing/Matcher/Dumper/CompiledUrlMatcherTrait.php:74)"} []
[2024-05-14T19:13:48.716686-04:00] php.INFO: User Deprecated: Since symfony/security-guard 5.3: The "Symfony\Component\Security\Guard\Authenticator\GuardBridgeAuthenticator" class is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-guard 5.3: The \"Symfony\\Component\\Security\\Guard\\Authenticator\\GuardBridgeAuthenticator\" class is deprecated, use the new authenticator system instead. at /var/www/davis/vendor/symfony/security-guard/Authenticator/GuardBridgeAuthenticator.php:35)"} []
Here is my lldap compose project: version: "3"
# ENV variables are $BINDS, $TZ, $TOKEN, $PASSWORD, $DB_USER, $DB_PASS and $DB_NAME
services:
lldap:
image: lldap/lldap:stable
container_name: lldap
volumes:
- ${BINDS}/lldap/data:/data
environment:
- UID=1000
- GID=1000
- TZ=$TZ
- LLDAP_JWT_SECRET=$TOKEN
- LLDAP_LDAP_USER_PASS=$PASSWORD
- LLDAP_LDAP_BASE_DN=dc=example,dc=com
- LLDAP_DATABASE_URL=postgres://${DB_USER}:${DB_PASS}@lldap-db:5432/${DB_NAME}?sslmode=disable&connect_timeout=10
# - LLDAP_VERBOSE=true # for debugging
restart: unless-stopped
depends_on:
- lldap-db
# ports:
# - "3890:3890" # For LDAP
# - "17170:17170" # web front-end
lldap-db:
image: postgres:15 #latest
container_name: lldap-db
environment:
- POSTGRES_USER=${DB_USER}
- POSTGRES_PASSWORD=${DB_PASS}
- POSTGRES_DB=${DB_NAME}
volumes:
- ${BINDS}/lldap/pgdb:/var/lib/postgresql/data
healthcheck:
test: ["CMD", "pg_isready", "-U", "${DB_USER}", "-d", "${DB_NAME}"]
interval: 10s
start_period: 30s
restart: unless-stopped
|
Hum, no errors at all in there. If you still have the full log, can you send it to me? In case I see something interesting |
|
Had a closer look and this might be the cause? Full log here (with sensitive info replaced) |
|
Thank you! Will look over the weekend, thanks for your patience 🙏🏼 |
|
hi, I just pulled |
|
No more relevant errors in there (and no more 500), and no LDAP specifics. Anything in the container logs by any chance? |
NOTICE: PHP message: LDAP Error (ldap_connect with "ldap://lldap:3890"): Warning: ldap_connect(): Could not create session handle: Bad parameter to an ldap routine
172.20.255.4 - elbullazul 19/May/2024:20:19:13 +0000 "GET /index.php" 401
NOTICE: PHP message: LDAP Error (ldap_connect with "ldap://lldap:3890"): Warning: ldap_connect(): Could not create session handle: Bad parameter to an ldap routine
172.20.255.4 - elbullazul 19/May/2024:20:19:20 +0000 "GET /index.php" 401
127.0.0.1 - 19/May/2024:20:19:22 +0000 "GET /status" 200
NOTICE: PHP message: LDAP Error (ldap_connect with "ldap://lldap:3890"): Warning: ldap_connect(): Could not create session handle: Bad parameter to an ldap routine
172.20.255.4 - elbullazul 19/May/2024:20:19:24 +0000 "GET /index.php" 401
NOTICE: PHP message: LDAP Error (ldap_connect with "ldap://lldap:3890"): Warning: ldap_connect(): Could not create session handle: Bad parameter to an ldap routine |
|
Here we go! I'm no expert in LDAP so I'm not sure what it does mean, but my first hunch would be that the uri is actually quoted while it should not. ie: try with |
|
I can remember (some context) that Docker is a pain to work with when quoting stuff, but it's maybe just that your Docker version is a bit old? |
|
Oh my goodness, I can't believe it's something so dumb. I had some other issues with quoted strings in environment variables, but I didn't think to check that. Thanks a lot for your help, it is much appreciated! |
|
No pb, glad you got it working :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
LLDAP is a lightweight LDAP server.
I can't get davis to authenticate with it. No errors are shown on the davis side, besides
Username or password was incorrect. Login was needed for privilege: {DAV:}read onon the browser after failing to authenticate. Nothing in/var/www/davis/var/logor the container logs.On the LLDAP side, I have no connection attempts made by davis, even though they are on the same docker network and I can ping the lldap container from davis.
I tried following the advice given here, but no luck.
Here are the relevant environment variables, maybe I'm missing something?
The text was updated successfully, but these errors were encountered: