Hmph Happening again I m using an env key seed now so I don LLDAP #troubleshooting

Hmph. Happening again. I'm using an env key seed n...

kevs1198

05/21/2023, 9:25 PM

Hmph. Happening again. I'm using an env key seed now so I don't know why none of my users can authenticate after a restart

Needle

05/21/2023, 9:25 PM

Here's a brand new thread for you! Please keep the discussion for this problem in this thread.

nitnelave

05/21/2023, 11:35 PM

That's very weird. Anything in the logs?

kevs1198

05/22/2023, 12:10 AM

https://pastebin.com/307UXR6Q

kevs1198

05/22/2023, 12:16 AM

And my environment variables

Copy code

- LLDAP_VERBOSE=true
      - LLDAP_LDAP_PORT=3890
      - LLDAP_HTTP_PORT=17170
      - LLDAP_HTTP_URL=https://lldap.domain.com
      - LLDAP_LDAP_BASE_DN="dc=domain,dc=com"
      - LLDAP_LDAP_USER_DN="admin"
      - LLDAP_JWT_SECRET_FILE=/run/secrets/lldap_jwt_secret
      - LLDAP_LDAP_USER_PASS_FILE=/run/secrets/lldap_admin_password
      - LLDAP_DATABASE_URL_FILE=/run/secrets/lldap_pgsql_connectionstring
      - LLDAP_SERVER_KEY_SEED_FILE=/run/secrets/lldap_key_seed
      - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=true
      - LLDAP_SMTP_OPTIONS__SERVER=smtp.mailbox.org
      - LLDAP_SMTP_OPTIONS__PORT=587
      - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION="STARTTLS"
      - LLDAP_SMTP_OPTIONS__FROM=lldap@domain.com
      - LLDAP_SMTP_OPTIONS__USER_FILE=/run/secrets/smtp_email
      - LLDAP_SMTP_OPTIONS__PASSWORD_FILE=/run/secrets/smtp_password

nitnelave

05/22/2023, 12:45 AM

Well, there really are only 3 variables: the password, the "hash" in the database, and the server key (the secret seed)

nitnelave

05/22/2023, 12:45 AM

If these three are the same, I don't see how it could fail :/

kevs1198

05/22/2023, 12:51 AM

Hmm what should I do now then?

nitnelave

05/22/2023, 1:06 AM

Well, it seems specific to your setup, so it'll be pretty much up to you to figure out what changes. Can you start by making sure that the server key is the same (byte for byte, maybe compute the hash of it)?

nitnelave

05/22/2023, 1:07 AM

Then I guess the passwords are not the issue because, well, you know your password, and it happens for more than one user

nitnelave

05/22/2023, 1:07 AM

So I guess then you can look at the hash of the password stored in the DB, see if it changes from one time to the other

nitnelave

05/22/2023, 1:09 AM

Something like

SELECT user_id, md5(password_hash) FROM users

in postgres

kevs1198

05/22/2023, 1:20 AM

Yeah i restarted the container and the sha512sum hash of /data/private_key is different

kevs1198

05/22/2023, 1:53 AM

Are my environment variables not correct for the seed file or something?

nitnelave

05/22/2023, 1:54 AM

Wait, I don't see the key_seed at all in your config... Are you using a recent enough version of lldap that actually supports that variable? 😄

nitnelave

05/22/2023, 1:55 AM

Ah yeah, just checked, it's unreleased yet, so you need to upgrade to 0.5.0-alpha

nitnelave

05/22/2023, 1:58 AM

Note that then the private key file should not get generated, if all works correctly

kevs1198

05/22/2023, 2:13 AM

Hmm I updated and now when I start up the logs report

Copy code

verbose: true,
    key_file: "/data/private_key",
    key_seed: None,

kevs1198

05/22/2023, 2:21 AM

Can I not set it using a secret?

nitnelave

05/22/2023, 5:11 AM

The variable is LLDAP_KEY_SEED_FILE

5 Views

Previous Next