Channels
Kikikan - Hello everyone, I am having a tiny is...
Hello everyone, I am having a tiny issue with LLDAP. When podman starts the pod in which lldap is on, I'm guessing LLDAP starts faster than the database, and then because the database has not started, it quits waiting and then stops. (Because if I rerun it, it works flawlessly.) Is there a solution to this problem? (Like an environmental variable that disables this forced stop?) Here is the log:
Setup permissions.. Starting lldap..Loading configuration from /data/lldap_config.toml...
Solution:
another way to solve it (though it's a bit ugly) would be to have the equivalent of docker-compose's
restart: unless-stoppedSTYT - Hi all, after upgrading to latest image ...
Hi all, after upgrading to latest image today I cannot read Docker Secrets any longer. It worked prior since I started using lldap.
Septus - Hi there.Did a system upgrade and all...
Hi there.
Did a system upgrade and all user passwords suddenly stopped working...
Solution:
Are you using a key seed?
tram - Hi, I'm seeing surprising behavior where...
Hi, I'm seeing surprising behavior where
lldap_set_password is not accepting the credentials I specified in LLDAP_LDAP_USER_DN_FILE and LLDAP_LDAP_USER_PASS_FILE - the tool reports a 401 when connecting to localhost:17170/auth/simple/login.
Should I be able to use those credentials as the admin user/pass with that CLI tool? Also, I got into this mess because I'm rotating my private_key - I have a separate instance stood up and I've mirrored the database, and now I'm attempting to update the passwords. Does the private key change impact this admin user as well? Is the only way to change the passwords via the email reset flow?...Solution:
Hey! Yes, the admin password will be invalidated by the private key rotation. The config values are only used when first creating the admin user, that's not the case anymore. If you can reset the password by email, that's the best. Otherwise, you'll have to delete every admin user using SQL, restart the server to have it recreate the admin user, and then the config values will be set
Trick789 - Hi 🙂 I'm running homeassistant (HA)...
Hi 🙂 I'm running homeassistant (HA), lldap and the cisco duo authentication proxy (DUO) on k8s. I can't use the example config as I'm using HA > LDAP > DUO > LDAP > LLDAP. It's working beautifully using a a custom auth provider for HA (python script using ldap3 library: https://gist.github.com/yumenohikari/8440144023cf33ab3ef0d68084a1b42f) , but the only thing I can't get right is the filter so that only members of a group cn=ha_rw,ou=groups,dc=example,dc=com can authenticate.
I've tried a bunch of flavors for the filter, but the lldap log continues to throw [warn]: Ignoring unknown group attribute ""memberof"" in filter messages. I thought memberof was a person attribute so I loaded up an LDAP browser (Apache DS) but can't find the attribute on either groups or people. But it must work because DUO is also pulling a memberof query to allow certain LLDAP users through and that's not generating a log entry on the LLDAP server.
This is the original filter in the script (basically for AD):...
Solution:
@nitnelave - hey, just wanted to let you know that with the right filter in place I got it to work..
filter in ldap-auth.py
safe_username = escape_filter_chars(os.environ['username']) FILTER = f"(&(uid={safe_username})(memberOf=cn=ha_rw,ou=groups,dc=example,dc=com))"...
homura_left_å¾—å¾—B - hello i am try to use the ref...
hello i am try to use the refresh token to get another JWT ,
the doc said that
"You can use the refresh token to query /auth/refresh and get another JWT. The refresh token is valid for 30 days."
do the query here mean graphql query?
the return response was "DEBUG http://localhost:17170 "GET /auth/refresh HTTP/1.1" 401 47"...
Solution:
As I said earlier, either in a "refresh-token" header, or in a "refresh_token" cookie
nitnelave - Come on, guys, we have threads here...
Come on, guys, we have threads here! I'll move your messages to the thread
hardypart - Can't log in after initial setup......
Can't log in after initial setup...
I would say everything looks fine in my config file:
1. Uncommented and set ldap_user_pass = "xxxxxxxxxxxx"...
@.leenn regarding VMware vcenter: I see in the ...
@.leenn regarding VMware vcenter: I see in the logs lots of root dse requests, where VMware is querying the properties of the LLDAP server. It's possible that it expects something that we don't populate in there, but I don't know what...
Hello all, wanted to seek some guidance on my L...
Hello all, wanted to seek some guidance on my LDAP queries. It appears proxmox or lldap don't seem to like wildcard searches, or at least I am writing them wrong, any suggestions on better ways to write these two filter queries? ...
&(objectClass=person)(|(memberof=cn=proxmox_user,ou=groups,dc=phukish,dc=cvn)(memberof=cn=proxmox_admin,ou=groups,dc=phukish,dc=cvn))
&(objectClass=groupofnames)(|(cn=proxmox_user)(cn=proxmox_admin))
&(objectClass=person)(|(memberof=cn=proxmox_user,ou=groups,dc=phukish,dc=cvn)(memberof=cn=proxmox_admin,ou=groups,dc=phukish,dc=cvn))
&(objectClass=groupofnames)(|(cn=proxmox_user)(cn=proxmox_admin))
Solution:
LLDAP doesn't support wildcards everywhere, that might just be a missing feature. I don't remember exactly where we support them, but I'm pretty sure we don't support wildcard UIDs (or CNs)
FYI: Trying out auto-threading to keep each sup...
FYI: Trying out auto-threading to keep each support discussion in its own thread
NextCloud memberOf
Hi, I pulled the new image and tried the filter again. It didn't work, gives 0 users and an error message in the lldap log compared to 0.4.1 that gives all objects. Maybe I am using the filter wrong? The filter I am using for only allowing members in the nextcloudusers group os the following;
(&(objectclass=person)(memberOf=cn=nextcloudusers,ou=groups,dc=ldap,dc=example,dc=com))
This gives me 0 results and an error message in the lldap log....
Hi I have recently installed lldap in
Hi, I have recently installed lldap in docker. Everything went smooth EXCEPT smtp config. I am running an open SMTP relay server in a separate docker container. No TLS/SSL or password. How can I just relay from lldap to my server? I set port 25 and server but it seems to still default to TLS? How can I force lldap to NOT use TLS or any other security to relay via my postfix smtp server? Thx Stefan
Due to some system library Stable should
Due to some system library. Stable should work, and @xaverius666 is working on a fix