Replies: 7 comments 1 reply
-
Hey! I think authelia doesn't report the entire error. If you look at the LLDAP logs (potentially after setting verbose to true), you should have more info about the error: what was sent vs what was expected. |
Beta Was this translation helpful? Give feedback.
-
I set verbose to true and captured this:
|
Beta Was this translation helpful? Give feedback.
-
You called it. I am setting these values but it looks like my helm chart contains a bug which is causing it to silently skip a bunch of config options which come after that bug. So Looks like it's something to do with the parsing of this this line causing all the following lines to get skipped. But right now the weather is nice so I'm taking my daughter to the skate park! I'll have a look at the code this evening 🙂
|
Beta Was this translation helpful? Give feedback.
-
That looks like unescaped double quotes!
I'm glad you found the issue ;)
…On Mon, 1 Apr 2024, 10:27 Jonathan, ***@***.***> wrote:
You called it. I am setting these values but it looks like my helm chart
contains a bug which is causing it to silently skip a bunch of config
options which come after that bug. So ldap_base_bn actually reverts to
the default value, and my SMTP config is not set properly either. This is
on me to fix, but thanks for the pointer.
Looks like it's something to do with the parsing of this this line
<https://github.com/djjudas21/charts/blob/main/charts/lldap/templates/deployment.yaml#L68>
causing all the following lines to get skipped. But right now the weather
is nice so I'm taking my daughter to the skate park! I'll have a look at
the code this evening 🙂
Configuration: Configuration {
ldap_host: "0.0.0.0",
ldap_port: 3890,
http_host: "0.0.0.0",
http_port: 17170,
jwt_secret: ***SECRET***,
ldap_base_dn: "dc=example,dc=com",
ldap_user_dn: UserId(
"admin",
),
ldap_user_email: "",
ldap_user_pass: ***SECRET***,
database_url: ***@***.***/lldap",
ignored_user_attributes: [],
ignored_group_attributes: [],
verbose: true,
key_file: "/data/private_key",
key_seed: Some(
***SECRET***,
),
smtp_options: MailOptions {
enable_password_reset: false,
from: None,
reply_to: None,
server: "localhost",
port: 587,
user: "",
password: ***SECRET***,
smtp_encryption: Tls,
tls_required: None,
},
ldaps_options: LdapsOptions {
enabled: false,
port: 6360,
cert_file: "/data/cert.pem",
key_file: "/data/key.pem",
},
http_url: Url {
scheme: "https",
cannot_be_a_base: false,
username: "",
password: None,
host: Some(
Domain(
"ldap.gazeley.uk",
),
),
port: None,
path: "/",
query: None,
fragment: None,
WARNING: A key_seed was given, we will ignore the server_key and generate one from the seed!
},
server_setup: None,
}
—
Reply to this email directly, view it on GitHub
<#888 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGCPWPLU3CBWMOPTQEXDJLY3EK7PAVCNFSM6AAAAABFP4MWL6VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DSNZQGU2DK>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Hmm, it's not that simple. I have now fixed the helm chart so it renders the config properly. My container env vars are as follows:
But the container startup shows:
So it looks like the lldap container is not correctly reading the environment variables and is still relying on defaults from a config file. Can this be disabled? Thanks |
Beta Was this translation helpful? Give feedback.
-
That's "LLDAP_LDAP_BASE_DN" ;)
…On Mon, 1 Apr 2024, 12:29 Jonathan, ***@***.***> wrote:
Hmm, it's not that simple. I have now fixed the helm chart so it renders
the config properly. My container env vars are as follows:
- env:
- name: uid
value: "1000"
- name: gid
value: "1000"
- name: TZ
value: Europe/London
- name: LLDAP_HTTP_URL
value: https://ldap.gazeley.uk/
- name: LLDAP_LDAP_PORT
value: "3890"
- name: LLDAP_HTTP_PORT
value: "17170"
- name: LLDAP_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwtSecret
name: lldap-credentials
- name: LLDAP_LDAP_USER_PASS
valueFrom:
secretKeyRef:
key: ldapUserPass
name: lldap-credentials
- name: LLDAP_DATABASE_URL
value: ***@***.***/lldap
- name: LLDAP_BASE_DN
value: dc=gazeley,dc=uk
- name: LLDAP_LDAP_USER_DN
value: admin
- name: LLDAP_VERBOSE
value: "true"
- name: LLDAP_KEY_SEED
value: 5bf837cc3a5cd97bce18b5cb4c73eef8
- name: LLDAP_LDAPS_OPTIONS__ENABLED
value: "false"
- name: LLDAP_LDAPS_OPTIONS__CERT_FILE
value: /data/cert.pem
- name: LLDAP_LDAPS_OPTIONS__KEY_FILE
value: /data/key.pem
But the container startup shows:
> Setup permissions..
> Starting lldap..
Loading configuration from /data/lldap_config.toml
Configuration: Configuration {
ldap_host: "0.0.0.0",
ldap_port: 3890,
http_host: "0.0.0.0",
http_port: 17170,
jwt_secret: ***SECRET***,
ldap_base_dn: "dc=example,dc=com",
ldap_user_dn: UserId(
"admin",
),
ldap_user_email: "",
ldap_user_pass: ***SECRET***,
database_url: ***@***.***/lldap",
ignored_user_attributes: [],
ignored_group_attributes: [],
verbose: true,
key_file: "/data/private_key",
key_seed: Some(
***SECRET***,
),
smtp_options: MailOptions {
enable_password_reset: false,
from: None,
reply_to: None,
server: "localhost",
port: 587,
user: "",
password: ***SECRET***,
smtp_encryption: Tls,
tls_required: None,
},
ldaps_options: LdapsOptions {
enabled: false,
port: 6360,
cert_file: "/data/cert.pem",
key_file: "/data/key.pem",
},
http_url: Url {
scheme: "https",
cannot_be_a_base: false,
username: "",
password: None,
host: Some(
Domain(
"ldap.gazeley.uk",
),
),
port: None,
path: "/",
query: None,
WARNING: A key_seed was given, we will ignore the server_key and generate one from the seed!
fragment: None,
},
server_setup: None,
}
So it looks like the lldap container is not correctly reading the
environment variables and is still relying on defaults from a config file.
Can this be disabled? Thanks
—
Reply to this email directly, view it on GitHub
<#888 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGCPWMJDNCOZSVHRNYIIX3Y3EZG7AVCNFSM6AAAAABFP4MWL6VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DSNZRGUYTE>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Arf, that was it. Working now. Thanks for your help! |
Beta Was this translation helpful? Give feedback.
-
I'm new to both lldap and Authelia but I'm running into this error when Authelia starts up:
Relevant environment variables from my lldap config:
Relevant config from Authelia, adapted from the example config:
I've double checked that the
authelia
user exists and is a member of thelldap_password_manager
group.If I am understanding this properly, the
LDAP Result Code 64 \"Naming Violation\": Not a subtree of the base tree"
error is being returned by lldap, not Authelia? Seems like the error implies thatuid=authelia,ou=people,dc=gazeley,dc=uk
is not underdc=gazeley,dc=uk
.Any clues on how to track this down? Thanks
Beta Was this translation helpful? Give feedback.
All reactions