https://github.com/lldap/lldap logo
Join Discord
Powered by
hey guys i tried to deploy lldap on kubernetes ...
# troubleshooting
d
hey guys i tried to deploy lldap on kubernetes and created a custom image with the lldap_config.toml at /data but if i deploy it, it creates the default config why?
n
Here's a brand new thread for you! Please keep the discussion for this problem in this thread.
j
I have deployed it k8s but with Postgres database. If you use SQLite then you would need data folder. In my case I don’t need any persistent volume
d
but what about the key?
j
Those can be passed as environment variables
d
okay ill try
have you generated a key by hand or what?
j
Yeah using urandom
d
whats that?
j
Just a way to generate random string
You can just generate one online
d
can you tell me what the env variable key is i cant find it
n
Look for the seed
Something like server key seed?
Sorry I'm on my phone πŸ™‚
d
i cant find more than that:
Copy code
environment:
      - UID=####
      - GID=####
      - TZ=####/####
      - LLDAP_JWT_SECRET=REPLACE_WITH_RANDOM
      - LLDAP_LDAP_USER_PASS=REPLACE_WITH_PASSWORD
      - LLDAP_LDAP_BASE_DN=dc=example,dc=com
      # If using LDAPS, set enabled true and configure cert and key path
      # - LLDAP_LDAPS_OPTIONS__ENABLED=true
      # - LLDAP_LDAPS_OPTIONS__CERT_FILE=/path/to/certfile.crt
      # - LLDAP_LDAPS_OPTIONS__KEY_FILE=/path/to/keyfile.key
      # You can also set a different database:
      # - LLDAP_DATABASE_URL=mysql://mysql-user:password@mysql-server/my-database
      # - LLDAP_DATABASE_URL=postgres://postgres-user:password@postgres-server/my-database
i know i saw it somewhere but on the github page for the kubernetes deployment i cant find it
and the same on the docker documentation
n
Check the docker config template in the repo
LLDAP_KEY_SEED
d
thanks
it does not work
n
What do you mean?
d
but i need to go sleep now can have a look at it tonorrow?
n
Sure, I'm not going anywhere πŸ™‚
d
the passwords dont work after redeploying the pod
j
If the seed changes then password need to be reset
d
i have set the seed by a env variable but the passwords dont work after redeploying the lldap deployment
j
Did the seed change?
d
how can i check that?
j
Most probably it did
d
yeah i assume it
j
You will have to set password to null in the db
That will at least set the admin password to what you specify in env. After that you can reset other users from ui
d
but i want to solve the problem not the symptom
Copy code
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ldap
  labels:
    app: ldap
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ldap
  template:
    metadata:
      name: ldap
      labels:
        app: ldap
    spec:
      imagePullSecrets:
        - name: partybuzz
      containers:
        - name: ldap
          image: registry.digitalocean.com/partybuzz/lldap:0.4.3
          imagePullPolicy: Always
          env:
            - name: LLDAP_KEY_SEED
              value: UkPLKrLXcVDl4fYF7GwoIs0iNWZOiZBR
          ports:
            - containerPort: 3890
              name: ldap
            - containerPort: 17170
              name: web
      restartPolicy: Always
thats my deployment
j
I don’t think your previous passwords are recoverable
d
yeah but i want to solve the problem that it doesnt happen again
Copy code
verbose=true
http_host = "0.0.0.0"
http_port = 17170
http_url = "http://domainname.ch/pw/reset"
jwt_secret = "M8gAjY0200T9NcwWbnCOWkvXo7lIVZ1T"
ldap_base_dn = "dc=domainname,dc=ch"
ldap_user_dn = "domainname"
ldap_user_email = "admin@domainname.ch"
ldap_user_pass = "domainname23!!"
database_url = "postgres://domainname:domainname23!!@postgres/ldap"
thats my config file
n
Just keep the same value for the seed and it's not gonna happen again. The problem is that you switched from a key file to a key seed, so the key has changed
d
no i allready deleted the database multiple times
i even recreated the cluster
n
How do you set the seed?
d
i sent my deployment there i set it with an env variable that did not work
now ill try to set it in the config
n
If you start lldap with verbose true, it'll dump the config it loaded in the logs. That'll tell you whether there is a seed or not (the seed itself will be hidden because it's a secret, but you'll know whether there is one)
d
it does not show up
but i have this line im my config:
Copy code
key_seed = "UkPLKrLXcVDl4fYF7GwoIs0iNWZOiZBR"
if i cat the config from the pod it is there
n
The config is toml, the placement of the line matters. Are you sure it's in the top level section?
d
Copy code
verbose=true
http_host = "0.0.0.0"
http_port = 17170
http_url = "http://domainname.ch/pw/reset"
jwt_secret = "M8gAjY0200T9NcwWbnCOWkvXo7lIVZ1T"
ldap_base_dn = "dc=domainname,dc=ch"
ldap_user_dn = "domainname"
ldap_user_email = "admin@domainname.ch"
ldap_user_pass = "domainname23!!"
database_url = "postgres://domainname:domainname23!!@postgres/ldap"
key_seed = "UkPLKrLXcVDl4fYF7GwoIs0iNWZOiZBR"
under that i have my smtp options
n
And in the config dump in the logs, you have something like "key_seed = None" ?
d
Copy code
Configuration: Configuration {
ldap_host: "0.0.0.0",
ldap_port: 3890,
http_host: "0.0.0.0",
http_port: 17170,
jwt_secret: ***SECRET***,
ldap_base_dn: "dc=domainname,dc=ch",
ldap_user_dn: UserId(
"domainname",
),
ldap_user_email: "admin@domainname.ch",
ldap_user_pass: ***SECRET***,
database_url: "postgres://domainname:domainname23!!@postgres/ldap",
ignored_user_attributes: [],
ignored_group_attributes: [],
verbose: true,
key_file: "server_key",
smtp_options: MailOptions {
it does not show up
not at all
n
Oh, then your LLDAP version is too old πŸ™‚
d
0.4.3 is the version i have
isnt it in the stable version?
n
I was just checking this, and I don't think so, no
d
oh my good πŸ˜‚
thanks for the help
n
Sorry, my release schedule is not super fast/regular
It was merged 5 months ago πŸ˜„
d
yeah i saw that
n
I was trying to finish something else before releasing, since it's a breaking change
d
okay whats that?
n
But it's taking longer than I thought due to personal life getting in the way
Issue 67, user defined attributes
Or custom schema
d
dont worry man im impressed what you did here
i was struggeling to setup openldap then i found lldap
n
It adds support for a bunch of setups
d
it saved my life
n
Great! That's the whole point πŸ™‚
d
nice looking forward to it
great job
n
Glad to hear it helped
7 Views
PreviousNext
Powered by