Kuaqe - Hey, am setting up the LLDAP docker con...
Hey, am setting up the LLDAP docker container standalone (before integration), and im having trouble with logging in as admin - Invalid username or password
- the /data folder is persistent
- both the config.toml file and users.db file are there and populated, but changing the toml doesnt seem to help
- server has been restarted several times...
Solution:
Stupid question, stupider solution sigh
Persisting the /data folder means the admin does not get a password if you start the docker container without the LLDAP_LDAP_USER_PASS ENV variable (which a lot of ppl might do, since its not listed in the sample docker compose)
so i had to delete the users.db and recreate it for the admin login to work...
Curtain2021 - Today I used the example docker-c...
Today I used the example docker-compose.yaml. Worked well without LDAPS options. As soon as I activate the LDAPS options the container remains in "exited" status.
I created .crt and .key with openssl.
Used...
Solution:
likely you want to mount the cert files into coontainer and change the CERT_FILE and ENV_FILE to it.
Something like this
```
volumes:
- /cert/path/at/host:/path/in/container.crt...
Message Not Public
Sign In & Join Server To View
JohnBeePowel - Hey everyone. I've just installe...
Hey everyone. I've just installed LLDAP in a docker container. It seems to work well with Jellyfin. I want to get the password reset to work.
Right now it doesn't work. I set it up with my throwaway Gmail account, I generated an app password and it put it in the toml file. When I tried password reset, it doesn't send a password. Am I missing a configuration?...
Solution:
[smtp_options]
enable_password_reset=true
server="smtp.gmail.com"
port=465
smtp_encryption = "TLS"...
Johannes - anyone succesfully connected Kasm Wo...
anyone succesfully connected Kasm Workspaces to lldap? i get a connection ok when i test it, but when i try to login as an ldap user i get an error "invalid user"
Solution:
so for me the solution is: adding our mail domain to the Alternate Username Domains, changing my usernames to match whatever we use before the @ in our emails.
Profesor_Ig - I'm having trouble starting the s...
I'm having trouble starting the service installed from AUR for Arch. The logs are showing "Error: Permission denied (os error 13) in /etc/lldap.toml TOML file", but the permissions don't seem to matter. Even if I change them, same error
Solution:
solution:
chown lldap:lldap /etc/lldap.toml
chown lldap:lldap /etc/lldap.toml
Matéo - Hey! I'm trying to configure emails wit...
Hey! I'm trying to configure emails with BREVO, but it seems like it's not taking into account the environment variables:
```yaml
services:
db:...
Solution:
That usually means that you have starttls with the SSL port or vice versa
Johannes - is there a way to reset the password...
is there a way to reset the password of the admin account, without resetting everything?
Solution:
Check the config template for "force reset admin password" or similar
Johannes - i installed a new lldap server, crea...
i installed a new lldap server, created accounts anew, then changed the jitsi config to point to the new server, but when i try to login it throws an error saying: [error]: | error: Authentication protocol error for
Protocol error: This error results from an error during password verification``Solution:
i put the password in quotes, in the .env file 😐
Kikikan - Hello everyone, I am having a tiny is...
Hello everyone, I am having a tiny issue with LLDAP. When podman starts the pod in which lldap is on, I'm guessing LLDAP starts faster than the database, and then because the database has not started, it quits waiting and then stops. (Because if I rerun it, it works flawlessly.) Is there a solution to this problem? (Like an environmental variable that disables this forced stop?) Here is the log:
Setup permissions.. Starting lldap..Loading configuration from /data/lldap_config.toml...
Solution:
another way to solve it (though it's a bit ugly) would be to have the equivalent of docker-compose's
restart: unless-stoppedSTYT - Hi all, after upgrading to latest image ...
Hi all, after upgrading to latest image today I cannot read Docker Secrets any longer. It worked prior since I started using lldap.
Septus - Hi there.Did a system upgrade and all...
Hi there.
Did a system upgrade and all user passwords suddenly stopped working...
Solution:
Are you using a key seed?
tram - Hi, I'm seeing surprising behavior where...
Hi, I'm seeing surprising behavior where
lldap_set_password is not accepting the credentials I specified in LLDAP_LDAP_USER_DN_FILE and LLDAP_LDAP_USER_PASS_FILE - the tool reports a 401 when connecting to localhost:17170/auth/simple/login.
Should I be able to use those credentials as the admin user/pass with that CLI tool? Also, I got into this mess because I'm rotating my private_key - I have a separate instance stood up and I've mirrored the database, and now I'm attempting to update the passwords. Does the private key change impact this admin user as well? Is the only way to change the passwords via the email reset flow?...Solution:
Hey! Yes, the admin password will be invalidated by the private key rotation. The config values are only used when first creating the admin user, that's not the case anymore. If you can reset the password by email, that's the best. Otherwise, you'll have to delete every admin user using SQL, restart the server to have it recreate the admin user, and then the config values will be set
Trick789 - Hi 🙂 I'm running homeassistant (HA)...
Hi 🙂 I'm running homeassistant (HA), lldap and the cisco duo authentication proxy (DUO) on k8s. I can't use the example config as I'm using HA > LDAP > DUO > LDAP > LLDAP. It's working beautifully using a a custom auth provider for HA (python script using ldap3 library: https://gist.github.com/yumenohikari/8440144023cf33ab3ef0d68084a1b42f) , but the only thing I can't get right is the filter so that only members of a group cn=ha_rw,ou=groups,dc=example,dc=com can authenticate.
I've tried a bunch of flavors for the filter, but the lldap log continues to throw [warn]: Ignoring unknown group attribute ""memberof"" in filter messages. I thought memberof was a person attribute so I loaded up an LDAP browser (Apache DS) but can't find the attribute on either groups or people. But it must work because DUO is also pulling a memberof query to allow certain LLDAP users through and that's not generating a log entry on the LLDAP server.
This is the original filter in the script (basically for AD):...
Solution:
@nitnelave - hey, just wanted to let you know that with the right filter in place I got it to work..
filter in ldap-auth.py
safe_username = escape_filter_chars(os.environ['username']) FILTER = f"(&(uid={safe_username})(memberOf=cn=ha_rw,ou=groups,dc=example,dc=com))"...
homura_left_得得B - hello i am try to use the ref...
hello i am try to use the refresh token to get another JWT ,
the doc said that
"You can use the refresh token to query /auth/refresh and get another JWT. The refresh token is valid for 30 days."
do the query here mean graphql query?
the return response was "DEBUG http://localhost:17170 "GET /auth/refresh HTTP/1.1" 401 47"...
Solution:
As I said earlier, either in a "refresh-token" header, or in a "refresh_token" cookie
nitnelave - Come on, guys, we have threads here...
Come on, guys, we have threads here! I'll move your messages to the thread
hardypart - Can't log in after initial setup......
Can't log in after initial setup...
I would say everything looks fine in my config file:
1. Uncommented and set ldap_user_pass = "xxxxxxxxxxxx"...
@.leenn regarding VMware vcenter: I see in the ...
@.leenn regarding VMware vcenter: I see in the logs lots of root dse requests, where VMware is querying the properties of the LLDAP server. It's possible that it expects something that we don't populate in there, but I don't know what...
Hello all, wanted to seek some guidance on my L...
Hello all, wanted to seek some guidance on my LDAP queries. It appears proxmox or lldap don't seem to like wildcard searches, or at least I am writing them wrong, any suggestions on better ways to write these two filter queries? ...
&(objectClass=person)(|(memberof=cn=proxmox_user,ou=groups,dc=phukish,dc=cvn)(memberof=cn=proxmox_admin,ou=groups,dc=phukish,dc=cvn))
&(objectClass=groupofnames)(|(cn=proxmox_user)(cn=proxmox_admin))
&(objectClass=person)(|(memberof=cn=proxmox_user,ou=groups,dc=phukish,dc=cvn)(memberof=cn=proxmox_admin,ou=groups,dc=phukish,dc=cvn))
&(objectClass=groupofnames)(|(cn=proxmox_user)(cn=proxmox_admin))
Solution:
LLDAP doesn't support wildcards everywhere, that might just be a missing feature. I don't remember exactly where we support them, but I'm pretty sure we don't support wildcard UIDs (or CNs)
FYI: Trying out auto-threading to keep each sup...
FYI: Trying out auto-threading to keep each support discussion in its own thread