You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Synchronisation of users from the identity server to the Guacamole database is not working. This seems to be due to connection failures from the identity server which are caused by an incorrect DNS allowlist.
🌳 Log messages
Relevant log messages
guacamole-user-sync
2024-05-10T15:00:54+00:00 Running LDAP synchronisation...
/var/lib/gems/3.1.0/gems/pg-ldap-sync-0.5.0/lib/pg_ldap_sync/application.rb:89:in `search_ldap_users': LDAP: Protocol Error (PgLdapSync::LdapError)
from /var/lib/gems/3.1.0/gems/pg-ldap-sync-0.5.0/lib/pg_ldap_sync/application.rb:384:in `start!'
from /var/lib/gems/3.1.0/gems/pg-ldap-sync-0.5.0/lib/pg_ldap_sync/application.rb:434:in `run'
from /var/lib/gems/3.1.0/gems/pg-ldap-sync-0.5.0/exe/pg_ldap_sync:6:in `<top (required)>'
from /usr/local/bin/pg_ldap_sync:25:in `load'
from /usr/local/bin/pg_ldap_sync:25:in `<main>'
apricot logs
2024-05-10 15:05:01+0000 [ReadOnlyLDAPServer,76,10.2.2.4] S->C LDAPMessage(id=156, value=LDAPSearchResultDone(resultCode=2, errorMessage='LDAP search request failed. HTTPSConnectionPool(host=\'graph.microsoft.com\', port=443): Max retries exceeded with url: /v1.0/groups?$select=createdDateTime,displayName,id (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7f39ba24d650>: Failed to resolve \'graph.microsoft.com\' ([Errno -2] Name does not resolve)"))'), controls=None)
apricot connectivity
/app # nslookup graph.microsoft.com
Server: 192.168.0.4
Address: 192.168.0.4:53
** server can't find graph.microsoft.com: NXDOMAIN
** server can't find graph.microsoft.com: NXDOMAIN
dns server logs
2024/05/10 15:08:03.554250 43#5641 [debug] filtering: found rule "*.*" for host "graph.microsoft.com", filter list id: 0
2024/05/10 15:08:03.554278 43#5641 [debug] dnsforward: host "graph.microsoft.com" is filtered, reason: "FilteredBlackList"; rule: "*.*"
♻️ To reproduce
Deploy an SRE. Look at the container logs.
The text was updated successfully, but these errors were encountered:
✅ Checklist
💻 System information
🚫 Describe the problem
Synchronisation of users from the identity server to the Guacamole database is not working. This seems to be due to connection failures from the identity server which are caused by an incorrect DNS allowlist.
🌳 Log messages
Relevant log messages
guacamole-user-sync
apricot logs
apricot connectivity
dns server logs
♻️ To reproduce
Deploy an SRE. Look at the container logs.
The text was updated successfully, but these errors were encountered: