Kuaqe
Kuaqe
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
got it
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
sure, will do sometime tomorrow
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
congrats on the project so far, and good luck!
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
yep, thats a start for sure
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
but significantly reduce the pain on most
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
make it a touch more painful (in the form of errors)
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
then I guess this is the most neutral route
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
I see
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
Considering most people use lldap in smaller scale environments, I dont think most of us are too restrictive on file permissions (from what I've seen) You might want to confirm this first, though
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
I think considering all possible scenarios such as this one might hamper the ease of setup aspect that lldap has going on
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
yeah perhaps print out the jwt in the error log and just tell them to copy it over or something
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
hmmm
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
Fair enough, I hate doing UI too. Understand the admin password part too, so then it can just be a hard error if the password is "password" like you mentioned about the jwt secret part, do you think its better to have something like LLDAP_JWT_SECRET_AUTO=true/false LLDAP_JWT_SECRET_LENGTH= xx #above 32 chars LLDAP_JWT_SECRET=only used if the first var is false #still needs to be 32 chars and/or their .toml counterparts in the config?
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
Off the top of my head, I think there are two approaches from what I've seen from other the services i've deployed 1. If the admin user is default -> set up the admin user on the first login to the web interface (initially insecure, but user friendly) 2. Do something similar to the above, but across all platforms. If the .toml file passes certain tests such as: - Admin password is atleast 8 characters long, has mix of upper/lower, special characters etc - JWT secret is atleast 32 characters long and satisfy the above conditions, moreover, it should NOT match those in a lightweight dictionary (to avoid predictable secrets) ...(likewise for other necessary parameters) ...then flip a boolean in the program/database (this config is "verified" so these tests dont have to be done again on reboot. also save the hash of the config file every time the config file changes (hash differs) -> run internal tests again I might be over engineering this part, but I think something like this would be sufficient. After all, it is the deployer's responsibility to make sure they do a decent job at the end of the day.
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
However, I do agree that doing things this way is better, i.e forcing the container (in docker's case) into a restart loop and highlighting the lack of a good jwt secret and/or admin password in docker logs
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
Hi! So I did find the admin password's behavior based on what was given in the default lldap_config.toml template and a bit of my own thinking.
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
sure! no worries, just making sure it doesnt happen to anyone else
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
about this ^ hope this gets into the next "big" merge, bc i was thinking its too small to pr
49 replies
LLLDAP
Created by Kuaqe on 11/12/2024 in #troubleshooting
Kuaqe - Hey, am setting up the LLDAP docker con...
Stupid question, stupider solution sigh Persisting the /data folder means the admin does not get a password if you start the docker container without the LLDAP_LDAP_USER_PASS ENV variable (which a lot of ppl might do, since its not listed in the sample docker compose) so i had to delete the users.db and recreate it for the admin login to work Please add this to the I can't log in! section or add the ENV variable to the docker compose example. Thanks!
49 replies