Comments (10)
Just an update, I did not manage to Duo's LDAP working with push notification. Tried several mods with no luck
from lldap.
Hi,
I've just tested the sync and it is not working. I am using LLDAP version 0.5.0.
The error I'm getting is as per below
Below is the log of the sync process.
2023-12-31T12:06:38.546615+0000 [duoauthproxy.lib.log#info] Summary: drpc_timing. Extra data: {'data_length': 617, 'parse_duration': 0, 'decompress_duration': None, 'call_id': '<REDACTED>'}
2023-12-31T12:06:38.547603+0000 [duoauthproxy.lib.log#info] Performing LDAP search for directory sync: call_id=<REDACTED> host=192.168.10.5 port=3890 base_dn=DC=EXAMPLE,DC=com auth_type=plain transport_type=clear ssl_verify_depth=9 ssl_verify_hostname=False ssl_ca_certs=False attributes=['entrydn', 'entryuuid', 'cn']
2023-12-31T12:06:38.547603+0000 [duoauthproxy.modules.drpc_plugins.ldap_directory_sync.LdapSyncClientFactory#info] Starting factory <duoauthproxy.modules.drpc_plugins.ldap_directory_sync.LdapSyncClientFactory object at 0x00000207E3DF3700>
2023-12-31T12:06:38.624619+0000 [Uninitialized] C->S LDAPMessage(id=9, value=LDAPBindRequest(version=3, dn='uid=ro_admin,ou=people,dc=EXAMPLE,dc=com', auth='****', sasl=False), controls=None)
2023-12-31T12:06:38.751650+0000 [LdapSyncClientProtocol, <REDACTED>,client] C<-S LDAPMessage(id=9, value=LDAPBindResponse(resultCode=0), controls=None)
2023-12-31T12:06:38.758650+0000 [LdapSyncClientProtocol, <REDACTED>,client] C->S LDAPMessage(id=10, value=LDAPSearchRequest(baseObject='DC=EXAMPLE,DC=com', scope=2, derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=LDAPFilter_and(value=[LDAPFilter_equalityMatch(attributeDesc=LDAPAttributeDescription(value='objectclass'), assertionValue=LDAPAssertionValue(value='groupofnames')), LDAPFilter_or(value=[LDAPFilter_equalityMatch(attributeDesc=LDAPAttributeDescription(value='entryuuid'), assertionValue=LDAPAssertionValue(value='<REDACTED>'))])]), attributes=[b'entrydn', b'entryuuid', b'cn']), controls=[(b'1.2.840.113556.1.4.319', True, BERSequence(value=[BERInteger(value=5000), BEROctetString(value='')]))])
2023-12-31T12:06:38.849203+0000 [LdapSyncClientProtocol, <REDACTED>,client] C<-S LDAPMessage(id=10, value=LDAPSearchResultEntry(objectName=b'cn=jellyfin-users,ou=groups,dc=EXAMPLE,dc=com', attributes=[(b'entryuuid', [b'8e99cd33-3e4f-36e5-9067-e5c130c8b262']), (b'cn', [b'jellyfin-users'])]), controls=None)
2023-12-31T12:06:38.987234+0000 [LdapSyncClientProtocol, <REDACTED>,client] C<-S LDAPMessage(id=10, value=LDAPSearchResultDone(resultCode=0), controls=None)
2023-12-31T12:06:38.987234+0000 [duoauthproxy.lib.log#critical] Unexpected error handling message
Traceback (most recent call last):
File "twisted\internet\tcp.pyc", line 248, in doRead
File "twisted\internet\tcp.pyc", line 253, in _dataReceived
File "ldaptor\protocols\ldap\ldapclient.pyc", line 67, in dataReceived
File "ldaptor\protocols\ldap\ldapclient.pyc", line 217, in handle
--- <exception caught here> ---
File "duoauthproxy\modules\drpc_plugins\ldap_base.pyc", line 402, in handle_msg
File "duoauthproxy\lib\util.pyc", line 708, in get_cookie
builtins.TypeError: 'NoneType' object is not iterable
2023-12-31T12:06:38.989233+0000 [duoauthproxy.lib.log#error] Paging cookie not found!
2023-12-31T12:06:38.989233+0000 [duoauthproxy.lib.log#info] Summary: drpc_jsonify_metrics. Extra data: {'json_parse_time': 0.0, 'length': 244}
2023-12-31T12:06:38.990234+0000 [duoauthproxy.lib.log#info] Summary: drpc_msg_metrics. Extra data: {'msg_time': 0.0010001659393310547, 'data_length': 245, 'msg_id': '2d6d77c0dda4314e7fbdf5a968ee928d'}
2023-12-31T12:06:38.990234+0000 [duoauthproxy.modules.drpc_plugins.ldap_directory_sync.LdapSyncClientFactory#info] Stopping factory <duoauthproxy.modules.drpc_plugins.ldap_directory_sync.LdapSyncClientFactory object at 0x00000207E3DF3700>
from lldap.
Did you make sure to pull the latest image? Given the request they sent, the response should contain the attribute. You need to be using a "latest" tag (latest-alpine, latest-debian, ...)
The v0.5 tag will not work (no new release containing the change)
from lldap.
Did you make sure to pull the latest image? Given the request they sent, the response should contain the attribute. You need to be using a "latest" tag (latest-alpine, latest-debian, ...) The v0.5 tag will not work (no new release containing the change)
Made a mistake, I using the the stable tag. The LDAP is now connected but I am now having another issue with syncing. I've attached a log to see if you may have an idea as to what is wrong
2023-12-31T20:11:42.978123+0000 [duoauthproxy.lib.log#info] Performing LDAP search for directory sync: call_id=8c19f4c38fc287dca937a6d4b4adf40c_54fd7c2c5b707ebd6882c4839d11c0a9 host=192.168.10.5 port=3890 base_dn=dc=EXAMPLE,dc=com auth_type=plain transport_type=clear ssl_verify_depth=9 ssl_verify_hostname=False ssl_ca_certs=False attributes=['entrydn', 'entryuuid', 'cn', 'objectclass', 'member']
2023-12-31T20:11:42.978123+0000 [duoauthproxy.modules.drpc_plugins.ldap_directory_sync.LdapSyncClientFactory#info] Starting factory <duoauthproxy.modules.drpc_plugins.ldap_directory_sync.LdapSyncClientFactory object at 0x00000207E3DF78B0>
2023-12-31T20:11:43.051409+0000 [Uninitialized] C->S LDAPMessage(id=263, value=LDAPBindRequest(version=3, dn='uid=ro_admin,ou=people,dc=EXAMPLE,dc=com', auth='****', sasl=False), controls=None)
2023-12-31T20:11:43.188168+0000 [LdapSyncClientProtocol,,client] C<-S LDAPMessage(id=263, value=LDAPBindResponse(resultCode=0), controls=None)
2023-12-31T20:11:43.192061+0000 [LdapSyncClientProtocol, ,client] C->S LDAPMessage(id=264, value=LDAPSearchRequest(baseObject='dc=EXAMPLE,dc=com', scope=2, derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=LDAPFilter_and(value=[LDAPFilter_equalityMatch(attributeDesc=LDAPAttributeDescription(value='objectclass'), assertionValue=LDAPAssertionValue(value='groupofnames')), LDAPFilter_equalityMatch(attributeDesc=LDAPAttributeDescription(value='entryuuid'), assertionValue=LDAPAssertionValue(value='8e99cd33-3e4f-36e5-9067-e5c130c8b262'))]), attributes=[b'cn', b'member', b'objectclass', b'entryuuid', b'entrydn']), controls=[(b'1.2.840.113556.1.4.319', True, BERSequence(value=[BERInteger(value=5000), BEROctetString(value='')]))])
2023-12-31T20:11:43.290824+0000 [LdapSyncClientProtocol, ,client] C<-S LDAPMessage(id=264, value=LDAPSearchResultEntry(objectName=b'cn=jellyfin-users,ou=groups,dc=EXAMPLE,dc=com', attributes=[(b'cn', [b'jellyfin-users']), (b'member', [b'uid=duotest,ou=people,dc=EXAMPLE,dc=com', b'uid=duotest2,ou=people,dc=EXAMPLE,dc=com']), (b'objectclass', [b'groupOfUniqueNames']), (b'entryuuid', [b'8e99cd33-3e4f-36e5-9067-e5c130c8b262']), (b'entrydn', [b'uid=jellyfin-users,ou=groups,dc=EXAMPLE,dc=com'])]), controls=None)
2023-12-31T20:11:43.461483+0000 [LdapSyncClientProtocol, ,client] C<-S LDAPMessage(id=264, value=LDAPSearchResultDone(resultCode=0), controls=[(b'1.2.840.113556.1.4.319', None, b'0\x05\x02\x01\x01\x04\x00')])
from lldap.
What is not working? What error are you getting? I see only a correct search query with a correct response, so it's a bit hard to help :/
from lldap.
Sorry, i thought i posted the snippets
The admin page of duo is not helpful
from lldap.
Hmm, hard to say from the errors. Can you ask some Duo support for help with this? AFAICT, LLDAP is behaving well.
from lldap.
will do, hopefully they come back with something useful
from lldap.
I'd be curious to see if openLdap replies differently. I can try to match their response.
from lldap.
I'll try to make some time to find a simple openldap docker image to test
from lldap.
Related Issues (20)
- Plea for a new release HOT 11
- [BUG] WebUI Case Sensitivity HOT 18
- [BUG] LLDAP_ADMIN_USERNAME should bootstrap admin username HOT 2
- [CLEANUP] Polish attribute creation form controls
- [CLEANUP] Use new form components across all components
- [FEATURE REQUEST] Add support for https HOT 3
- Attributes are not sorted, users are not sorted, or previous user didn't consume all the attributes HOT 20
- [BUG] First name and Last name are empty HOT 1
- [CLEANUP] Create component for confirmation dialogs
- [BUG] Regular users can view group attributes
- [INTEGRATION] Dolibarr update HOT 3
- [BUG] Repetitive Validation Loop for 'admin' User in lldap/lldap:2024-02-06-debian-rootless Container Logs HOT 2
- [BUG] email for password reset is case sensitive, without error message HOT 2
- [BUG] if no displayname set, the dropdown list in groups should print the userID [EASY FIX]
- [BUG] Kubernetes: invalid value for ldap-port HOT 2
- No such file or directory (os error 2) HOT 4
- [INTEGRATION] Creating a DB with k8s setup fails HOT 26
- [BUG] error: Invalid JWT HOT 3
- [BUG] Uppercase names not searchable HOT 7
- [FEATURE REQUEST] Package lldap_set_password in lldap deb package or distribute a deb package in the same repository HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lldap.