Comments (6)
I just updated the previous comment but its seem to be late. Let me put the full log again
> Setup permissions..
> Starting lldap..
Loading configuration from /data/lldap_config.toml
Configuration: Configuration {
ldap_host: "0.0.0.0",
ldap_port: 3890,
http_host: "0.0.0.0",
http_port: 17170,
jwt_secret: ***SECRET***,
ldap_base_dn: "dc=magicat,dc=lol",
ldap_user_dn: UserId(
"admin",
),
ldap_user_email: "[email protected]",
ldap_user_pass: ***SECRET***,
database_url: "sqlite:///data/users.db?mode=rwc",
ignored_user_attributes: [],
ignored_group_attributes: [],
verbose: true,
key_file: "/data/private_key",
key_seed: None,
smtp_options: MailOptions {
enable_password_reset: true,
from: Some(
Mailbox {
name: Some(
"LLDAP Admin",
),
email: Address {
serialized: "[email protected]",
at_start: 8,
},
},
),
reply_to: None,
server: "smtp.gmail.com",
port: 465,
user: "[email protected]",
password: ***SECRET***,
smtp_encryption: None,
tls_required: None,
},
ldaps_options: LdapsOptions {
enabled: false,
port: 6360,
cert_file: "cert.pem",
key_file: "key.pem",
},
http_url: Url {
scheme: "http",
cannot_be_a_base: false,
username: "",
password: None,
host: Some(
Domain(
"localhost",
),
),
port: None,
path: "/",
query: None,
fragment: None,
},
server_setup: None,
}
2023-12-12T09:42:37.246337450+00:00 INFO set_up_server [ 5.52ms | 29.20% / 100.00% ]
2023-12-12T09:42:37.246385961+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.5.0
2023-12-12T09:42:37.247203406+00:00 DEBUG ┝━ get_schema_version [ 186µs | 3.37% ]
2023-12-12T09:42:37.249625156+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: Some(SchemaVersion(5))
2023-12-12T09:42:37.249697391+00:00 DEBUG ┝━ list_groups [ 870µs | 15.76% ] filters: Some(DisplayName("lldap_admin"))
2023-12-12T09:42:37.252194039+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [Group { id: GroupId(1), display_name: "lldap_admin", creation_date: 2023-12-12T08:40:04.548707389, uuid: Uuid("ff5c19e2-9993-369f-8054-130b41826e08"), users: [UserId("admin")], attributes: [] }]
2023-12-12T09:42:37.252205071+00:00 DEBUG ┝━ list_groups [ 1.66ms | 29.98% ] filters: Some(DisplayName("lldap_password_manager"))
2023-12-12T09:42:37.254176886+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [Group { id: GroupId(2), display_name: "lldap_password_manager", creation_date: 2023-12-12T08:40:04.551430262, uuid: Uuid("094625dd-d037-3ad0-9682-c3ac70266811"), users: [], attributes: [] }]
2023-12-12T09:42:37.254190431+00:00 DEBUG ┝━ list_groups [ 583µs | 10.56% ] filters: Some(DisplayName("lldap_strict_readonly"))
2023-12-12T09:42:37.255794045+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [Group { id: GroupId(3), display_name: "lldap_strict_readonly", creation_date: 2023-12-12T08:40:04.559195266, uuid: Uuid("45ab3a33-56aa-357b-82ca-22bb85208bbc"), users: [], attributes: [] }]
2023-12-12T09:42:37.255814292+00:00 DEBUG ┝━ list_users [ 518µs | 9.38% ] filters: Some(MemberOf("lldap_admin")) | _get_groups: false
2023-12-12T09:42:37.257039003+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [UserAndGroups { user: User { user_id: UserId("admin"), email: "", display_name: Some("Administrator"), creation_date: 2023-12-12T08:40:04.595258435, uuid: Uuid("bf3462f9-f659-3ff8-ab1e-792a6a632b7e"), attributes: [] }, groups: Some([GroupDetails { group_id: GroupId(1), display_name: "lldap_admin", creation_date: 2023-12-12T08:40:04.548707389, uuid: Uuid("ff5c19e2-9993-369f-8054-130b41826e08"), attributes: [] }]) }]
2023-12-12T09:42:37.257473140+00:00 INFO ┝━ i [info]: Starting the LDAP server on port 3890
2023-12-12T09:42:37.258986578+00:00 DEBUG ┝━ get_jwt_blacklist [ 96.1µs | 1.74% ]
2023-12-12T09:42:37.259209329+00:00 INFO ┕━ i [info]: Starting the API/web server on port 17170
2023-12-12T09:42:37.261194259+00:00 INFO i [info]: starting 1 workers
2023-12-12T09:42:37.261227327+00:00 INFO i [info]: Actix runtime found; starting in Actix runtime
2023-12-12T09:42:37.262657125+00:00 INFO i [info]: DB Cleanup Cron started
2023-12-12T09:42:59.156600369+00:00 DEBUG HTTP request [ 4.64ms | 8.03% / 100.00% ] method: "POST" | uri: "/auth/opaque/login/start"
2023-12-12T09:42:59.156853113+00:00 DEBUG ┝━ opaque_login_start [ 4.27ms | 0.67% / 91.97% ]
2023-12-12T09:42:59.156872589+00:00 DEBUG │ ┕━ login_start [ 4.24ms | 82.36% / 91.30% ]
2023-12-12T09:42:59.156896414+00:00 DEBUG │ ┕━ get_password_file_for_user [ 415µs | 8.94% ] user_id: UserId("admin")
2023-12-12T09:42:59.161728146+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200
2023-12-12T10:00:00.002034533+00:00 INFO cleanup_db [ 331µs | 100.00% ]
2023-12-12T11:00:00.001915257+00:00 INFO cleanup_db [ 1.26ms | 100.00% ]
2023-12-12T11:24:53.962279114+00:00 DEBUG HTTP request [ 69.3µs | 73.70% / 100.00% ] method: "GET" | uri: "/auth/refresh"
2023-12-12T11:24:53.962313977+00:00 DEBUG ┝━ get_refresh [ 18.2µs | 26.30% ]
2023-12-12T11:24:53.962355639+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 401
2023-12-12T11:25:00.914384690+00:00 DEBUG HTTP request [ 1.35ms | 6.04% / 100.00% ] method: "POST" | uri: "/auth/opaque/login/start"
2023-12-12T11:25:00.914435698+00:00 DEBUG ┝━ opaque_login_start [ 1.27ms | 0.75% / 93.96% ]
2023-12-12T11:25:00.914438223+00:00 DEBUG │ ┕━ login_start [ 1.26ms | 80.83% / 93.21% ]
2023-12-12T11:25:00.914443705+00:00 DEBUG │ ┕━ get_password_file_for_user [ 167µs | 12.38% ] user_id: UserId("admin")
2023-12-12T11:25:00.916338611+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200
let me know if you find anything wrong 🙏
from lldap.
Welcome! Sorry that you can't log in, let's try to fix that.
First things first, the config: It's recommended to start by copying the lldap_config.docker_template.toml in the repository as a starting point: you'll have all the values, as well as the documentation for every parameter. In particular, it seems that you don't have the key_file
or key_seed
configured (the recommended one is key_seed
). As a result, the server's private key (used to encrypt the passwords) will be regenerated every time on startup, and written to a file in /app
(next to the lldap
binary), which is not persisted. So as soon as you restart, every password is wrong. Same goes for the database, by the way: it will be deleted on every restart with your current configuration.
So, start by copying the template and adjust it from there. If you still have trouble, set verbose = true
in the config, and paste (no screenshot) the entire log (including the config dump at the top) after trying to log in. You can put the logs between triple backticks:
```
all the logs
```
from lldap.
Hi, thank you for the fast reply. I'm actually already using the docker config and just omitted the other configs.
Here's my full config:
## Default configuration for Docker.
## All the values can be overridden through environment variables, prefixed
## with "LLDAP_". For instance, "ldap_port" can be overridden with the
## "LLDAP_LDAP_PORT" variable.
## Tune the logging to be more verbose by setting this to be true.
## You can set it with the LLDAP_VERBOSE environment variable.
verbose=true
## The host address that the LDAP server will be bound to.
## To enable IPv6 support, simply switch "ldap_host" to "::":
## To only allow connections from localhost (if you want to restrict to local self-hosted services),
## change it to "127.0.0.1" ("::1" in case of IPv6)".
#ldap_host = "0.0.0.0"
## The port on which to have the LDAP server.
#ldap_port = 3890
## The host address that the HTTP server will be bound to.
## To enable IPv6 support, simply switch "http_host" to "::".
## To only allow connections from localhost (if you want to restrict to local self-hosted services),
## change it to "127.0.0.1" ("::1" in case of IPv6)".
#http_host = "0.0.0.0"
## The port on which to have the HTTP server, for user login and
## administration.
#http_port = 17170
## The public URL of the server, for password reset links.
#http_url = "http://localhost"
## Random secret for JWT signature.
## This secret should be random, and should be shared with application
## servers that need to consume the JWTs.
## Changing this secret will invalidate all user sessions and require
## them to re-login.
## You should probably set it through the LLDAP_JWT_SECRET environment
## variable from a secret ".env" file.
## This can also be set from a file's contents by specifying the file path
## in the LLDAP_JWT_SECRET_FILE environment variable
## You can generate it with (on linux):
## LC_ALL=C tr -dc 'A-Za-z0-9!#%&'\''()*+,-./:;<=>?@[\]^_{|}~' </dev/urandom | head -c 32; echo ''
jwt_secret = "<insecure_secret>"
## Base DN for LDAP.
## This is usually your domain name, and is used as a
## namespace for your users. The choice is arbitrary, but will be needed
## to configure the LDAP integration with other services.
## The sample value is for "example.com", but you can extend it with as
## many "dc" as you want, and you don't actually need to own the domain
## name.
ldap_base_dn = "dc=example,dc=com"
## Admin username.
## For the LDAP interface, a value of "admin" here will create the LDAP
## user "cn=admin,ou=people,dc=example,dc=com" (with the base DN above).
## For the administration interface, this is the username.
ldap_user_dn="admin"
## Admin email.
## Email for the admin account. It is only used when initially creating
## the admin user, and can safely be omitted.
ldap_user_email = "<email>@gmail.com"
## Admin password.
## Password for the admin account, both for the LDAP bind and for the
## administration interface. It is only used when initially creating
## the admin user.
## It should be minimum 8 characters long.
## You can set it with the LLDAP_LDAP_USER_PASS environment variable.
## This can also be set from a file's contents by specifying the file path
## in the LLDAP_LDAP_USER_PASS_FILE environment variable
## Note: you can create another admin user for user administration, this
## is just the default one.
ldap_user_pass="123456789"
## Database URL.
## This encodes the type of database (SQlite, MySQL, or PostgreSQL)
## , the path, the user, password, and sometimes the mode (when
## relevant).
## Note: SQlite should come with "?mode=rwc" to create the DB
## if not present.
## Example URLs:
## - "postgres://postgres-user:password@postgres-server/my-database"
## - "mysql://mysql-user:password@mysql-server/my-database"
##
## This can be overridden with the LLDAP_DATABASE_URL env variable.
database_url = "sqlite:///data/users.db?mode=rwc"
## Private key file.
## Contains the secret private key used to store the passwords safely.
## Note that even with a database dump and the private key, an attacker
## would still have to perform an (expensive) brute force attack to find
## each password.
## Randomly generated on first run if it doesn't exist.
## Alternatively, you can use key_seed to override this instead of relying on
## a file.
## Env variable: LLDAP_KEY_FILE
key_file = "/data/private_key"
## Seed to generate the server private key, see key_file above.
## This can be any random string, the recommendation is that it's at least 12
## characters long.
## Env variable: LLDAP_KEY_SEED
#key_seed = "RanD0m STR1ng"
## Ignored attributes.
## Some services will request attributes that are not present in LLDAP. When it
## is the case, LLDAP will warn about the attribute being unknown. If you want
## to ignore the attribute and the service works without, you can add it to this
## list to silence the warning.
#ignored_user_attributes = [ "sAMAccountName" ]
#ignored_group_attributes = [ "mail", "userPrincipalName" ]
## Options to configure SMTP parameters, to send password reset emails.
## To set these options from environment variables, use the following format
## (example with "password"): LLDAP_SMTP_OPTIONS__PASSWORD
[smtp_options]
## Whether to enabled password reset via email, from LLDAP.
enable_password_reset=true
## The SMTP server.
server="smtp.gmail.com"
## The SMTP port.
port=465
## How the connection is encrypted, either "NONE" (no encryption), "TLS" or "STARTTLS".
smtp_encryption = "NONE"
## The SMTP user, usually your email address.
user="<email>@gmail.com"
## The SMTP password.
password="<password>"
## The header field, optional: how the sender appears in the email. The first
## is a free-form name, followed by an email between <>.
from="LLDAP Admin <[email protected]>"
## Same for reply-to, optional.
#reply_to="Do not reply <noreply@localhost>"
## Options to configure LDAPS.
## To set these options from environment variables, use the following format
## (example with "port"): LLDAP_LDAPS_OPTIONS__PORT
[ldaps_options]
## Whether to enable LDAPS.
#enabled=true
## Port on which to listen.
#port=6360
## Certificate file.
#cert_file="/data/cert.pem"
## Certificate key file.
#key_file="/data/key.pem"
I have added the key_file
and mount the volume as shown o the compose file above. Is there something i missed?
Here's the log
2023-12-12T09:42:37.257473140+00:00 INFO ┝━ i [info]: Starting the LDAP server on port 3890
2023-12-12T09:42:37.258986578+00:00 DEBUG ┝━ get_jwt_blacklist [ 96.1µs | 1.74% ]
2023-12-12T09:42:37.259209329+00:00 INFO ┕━ i [info]: Starting the API/web server on port 17170
2023-12-12T09:42:37.261194259+00:00 INFO i [info]: starting 1 workers
2023-12-12T09:42:37.261227327+00:00 INFO i [info]: Actix runtime found; starting in Actix runtime
2023-12-12T09:42:37.262657125+00:00 INFO i [info]: DB Cleanup Cron started
2023-12-12T09:42:59.156600369+00:00 DEBUG HTTP request [ 4.64ms | 8.03% / 100.00% ] method: "POST" | uri: "/auth/opaque/login/start"
2023-12-12T09:42:59.156853113+00:00 DEBUG ┝━ opaque_login_start [ 4.27ms | 0.67% / 91.97% ]
2023-12-12T09:42:59.156872589+00:00 DEBUG │ ┕━ login_start [ 4.24ms | 82.36% / 91.30% ]
2023-12-12T09:42:59.156896414+00:00 DEBUG │ ┕━ get_password_file_for_user [ 415µs | 8.94% ] user_id: UserId("admin")
2023-12-12T09:42:59.161728146+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200
2023-12-12T10:00:00.002034533+00:00 INFO cleanup_db [ 331µs | 100.00% ]
2023-12-12T11:00:00.001915257+00:00 INFO cleanup_db [ 1.26ms | 100.00% ]
from lldap.
from lldap.
Hi, already found out the problem is. It seems that after changing the password on config file, the password on the db is not changed even after restarting the service. I have to delete users.db
file ad restart the service. Now it works!
Thank you for your time and fast response! I will now close this issue 🙏
from lldap.
Ah yes! That would be it :)
It's written in the documentation above the password field, but I guess we should also add it to the FAQ
from lldap.
Related Issues (20)
- [BUG] Repetitive Validation Loop for 'admin' User in lldap/lldap:2024-02-06-debian-rootless Container Logs HOT 2
- [BUG] email for password reset is case sensitive, without error message HOT 2
- [BUG] if no displayname set, the dropdown list in groups should print the userID [EASY FIX]
- [BUG] Kubernetes: invalid value for ldap-port HOT 2
- No such file or directory (os error 2) HOT 4
- [INTEGRATION] Creating a DB with k8s setup fails HOT 26
- [BUG] error: Invalid JWT HOT 3
- [BUG] Uppercase names not searchable HOT 7
- [FEATURE REQUEST] Package lldap_set_password in lldap deb package or distribute a deb package in the same repository HOT 3
- [BUG] Search for custom list attribute fails HOT 6
- [INTEGRATION] publish lldap_auth(version = "0.4.0") to rust crate HOT 1
- [FEATURE REQUEST] update the opaque-ke version HOT 1
- [INTEGRATION] Trying to use LLDAP with etherpad (plus ep_ldapauth_ng plugin) HOT 6
- [BUG] subpath don't work with image lldap/lldap:2024-03-07-debian|alpine HOT 4
- [INTEGRATION] AMP by cubecoders HOT 5
- [BUG] Ldap query to filter user present in two groups is always empty
- [FEATURE REQUEST] Paranoid logging mode
- [BUG] `lldap_password_manager` role does not see other users in the web UI HOT 5
- [INTEGRATION] Stalwart Mailserver HOT 3
- Traefik's PathPrefix supported? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lldap.