https://github.com/lldap/lldap logo
Join Discord
Powered by
joshiparth1000 - After upgrading from 0.4.3 to ...
# troubleshooting
n
That's strange. Are you using a file-based private key or a seed-based one?
j
I have specified the seed as environment variable
n
(do you have a file, usually called private_key, in the /data folder?)
Ah, okay
And just to make sure, you haven't changed it?
j
Nope just changed the image tag
n
What if you run this: 
ldapsearch -H ldap://localhost:3890 -D 'cn=admin,ou=people,dc=example,dc=com' -w password -x -b 'ou=people, dc=example,dc=com' '(objectclass=person)'
(with the correct password of course)
(and the correct DC)
j
This is from within the container ?
Copy code
WARNING: A key_seed was given, we will ignore the server_key and generate one from the seed!
2023-09-15T01:12:50.148548087+00:00  INFO     set_up_server [ 26.4ms | 100.00% ]
2023-09-15T01:12:50.148603222+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.5.0
2023-09-15T01:12:50.211383508+00:00  INFO     ┝━ i [info]: Upgrading DB schema from version 3
2023-09-15T01:12:50.211394682+00:00  INFO     ┝━ i [info]: Upgrading DB schema to version 4
2023-09-15T01:12:50.289663498+00:00  INFO     ┝━ i [info]: Upgrading DB schema to version 5
2023-09-15T01:12:50.332745119+00:00  INFO     ┝━ i [info]: Starting the LDAP server on port 3890
2023-09-15T01:12:50.335878574+00:00  INFO     ┕━ i [info]: Starting the API/web server on port 17170
2023-09-15T01:12:50.336065122+00:00  INFO     i [info]: starting 1 workers
2023-09-15T01:12:50.336080630+00:00  INFO     i [info]: Actix runtime found; starting in Actix runtime
2023-09-15T01:12:50.337853378+00:00  INFO     i [info]: DB Cleanup Cron started
2023-09-15T01:18:12.156582519+00:00  INFO     LDAP session [ 106ms | 0.19% / 100.00% ]
2023-09-15T01:18:12.156697766+00:00  INFO     ┝━ LDAP request [ 106ms | 99.70% ]
2023-09-15T01:18:12.263425699+00:00  ERROR    │  ┝━ 🚨 [error]:  | error: Authentication protocol error for `Protocol error: `This error results from an error during password verification``
2023-09-15T01:18:12.263436539+00:00  ERROR    │  ┕━ 🚨 [error]:  | error: Authentication error: ` for user 'admin'`
n
from wherever you have access to the LDAP port of the container
j
this is the log message
i can see
n
I see. Out of curiosity, if you restart, do you also see the "Upgrading DB" messages?
j
Let me try that
n
(regarding ldapsearch: You can run it from inside the container after running 
apk add openldap-clients
)
j
now its this
Copy code
[entrypoint] Copying the default config to /data/lldap_config.toml
[entrypoint] Edit this file to configure LLDAP.
> Setup permissions..
> Starting lldap..

Loading configuration from /data/lldap_config.toml
WARNING: A key_seed was given, we will ignore the server_key and generate one from the seed!
2023-09-15T20:32:11.276710842+00:00  INFO     set_up_server [ 24.4ms | 100.00% ]
2023-09-15T20:32:11.276737594+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.5.0
2023-09-15T20:32:11.413294884+00:00  INFO     ┝━ i [info]: Starting the LDAP server on port 3890
2023-09-15T20:32:11.417302538+00:00  INFO     ┕━ i [info]: Starting the API/web server on port 17170
2023-09-15T20:32:11.417411062+00:00  INFO     i [info]: starting 1 workers
2023-09-15T20:32:11.417432779+00:00  INFO     i [info]: Actix runtime found; starting in Actix runtime
2023-09-15T20:32:11.418948639+00:00  INFO     i [info]: DB Cleanup Cron started
n
alright, great
I didn't expect another migration, so that's nice to see
j
the ldapsearch gave invalid credentials error
n
and just checking, are you setting the seed only in env, in env and config file, or just in config file? Or maybe on the command line?
j
in only the env
i use external postgres database so there is no persistent data storage for lldap
other than of course the postgres db
n
hmmmmm
curiouser and curiouser
Could you setup a dev LLDAP with the same key seed, and an sqlite DB backend (just to have a local file so you don't have to setup another PG)
ideally the same admin password as well via the env variable
and then check if you can login (either via web or via ldapsearch)
j
what if i set the admin password to null in database and restart lldap?
n
you'd have to delete the admin user
j
ok i can do that
n
or alternatively, just give it an email
and do a normal password reset
j
i am getting error when reseting password. this is how the smtp environment need to be set LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET, correct? with two underscores?
n
yep
j
hmm getting 500 internal server error
n
the easiest way to check is to start LLDAP in verbose mode, it'll dump the config
j
Copy code
2023-09-15T20:41:31.564948176+00:00  WARN     🚧 [warn]: Error sending email: lettre::transport::smtp::Error {
    kind: Connection,
    source: lettre::transport::smtp::Error {
        kind: Connection,
        source: Custom {
            kind: InvalidData,
            error: CorruptMessage,
        },
    },
}
n
have you tested the password reset before or is it the first time?
j
its the first time
n
This usually means that you have STARTTLS instead of TLS or vice-versa
j
i dont have either
its just plain
n
then your smtp server likely expects TLS
j
nope i have other applications using it without any starttls or tls config
n
Then you need to set the smtp encryption to "NONE"
it defaults to TLS
j
whats the env variable for that?
n
LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION
j
let me try that out
n
(and again, use verbose mode when debugging your config, it really helps)
j
ok got smtp working. the reset password also works. do the users also need to reset their passwords?
n
they shouldn't need to, no
but then again, you shouldn't have needed to
j
yup thats what i am thinking
lets see who compains
n
FWIW, I haven't run into this issue when developing LLDAP
but then again, I mostly use SQlite
j
ok
f
Maybe we need to add the starttls extendop so we can have a proper warning? 🤔but we just dont implement the parts to actually install the starttls layer (since its insecure)
n
No, that's starttls for the SMTP email password reset, not LDAP
f
Ahhhhhh my mistake
PreviousNext
Powered by