Skip to content

Problem: No LDAP logs #2932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rob518183 opened this issue Apr 18, 2025 · 1 comment · May be fixed by #2944
Open

Problem: No LDAP logs #2932

rob518183 opened this issue Apr 18, 2025 · 1 comment · May be fixed by #2944
Assignees
@fiftin
Labels
enhancement
Milestone
2.14

Comments

@rob518183
Copy link

Issue

I have configured to use LDAP as a login method, but it does not work, and there is not much logged either.

- sudo service semaphore status
Redirecting to /bin/systemctl status semaphore.service
● semaphore.service - Ansible Semaphore
     Loaded: loaded (/etc/systemd/system/semaphore.service; enabled; preset: disabled)
     Active: active (running) since Fri 2025-04-18 15:30:08 CEST; 1min 46s ago
       Docs: https://docs.ansible-semaphore.com/
   Main PID: 15500 (semaphore)
      Tasks: 6 (limit: 48906)
     Memory: 6.9M
        CPU: 45ms
     CGroup: /system.slice/semaphore.service
             └─15500 /usr/bin/semaphore server --config /etc/semaphore/config.json

Apr 18 15:30:08 server.net semaphore[15500]: Loading config
Apr 18 15:30:08 server.net semaphore[15500]: Validating config
Apr 18 15:30:08 server.net semaphore[15500]: Postgres [email protected]:5432 semaphore_db
Apr 18 15:30:08 server.net semaphore[15500]: Tmp Path (projects home) /tmp/semaphore
Apr 18 15:30:08 server.net semaphore[15500]: Semaphore 2.12.17-5767d93-1741607578
Apr 18 15:30:08 server.net semaphore[15500]: Interface
Apr 18 15:30:08 server.net semaphore[15500]: Port :3000
Apr 18 15:30:08 server.net semaphore[15500]: Server is running
Apr 18 15:45:53 server.net semaphore[15500]: time="2025-04-18T15:45:53+02:00" level=error msg="websocket: close 1006 (abnormal closure): unexpected EOF" fields.level=Error
Apr 18 15:45:53 server.net semaphore[15500]: time="2025-04-18T15:45:53+02:00" level=error msg="write tcp 127.0.0.1:3000->127.0.0.1:40792: use of closed network connection" error="Cannot send close message"

These are all different destination ports.

config.json

{
        "postgres": {
                "host": "127.0.0.1:5432",
                "user": "semaphore_user",
                "pass": "pass",
                "name": "semaphore_db",
                "options": {
                        "sslmode": "disable"
                }
        },
        "dialect": "postgres",
        "tmp_path": "/tmp/semaphore",
        "cookie_hash": "t6Yg=",
        "cookie_encryption": "/Shr/n54tmEvN/yKGtZh4=",
        "access_key_encryption": "/eeup46L/mSSPYafPY="
        },
        "force_pull": true,
        "web_host": "http://semaphore.net",
        "ldap_binddn": "CN=SA_Semaphore,OU=Service Accounts,OU=Accounts,DC=DC,DC=net",
        "ldap_bindpassword": "password",
        "ldap_server": "ldaps://DC.net:636/",
        "ldap_searchdn": "OU=Admin Accounts,OU=Accounts,DC=DC,DC=net",
        "ldap_searchfilter": "(&(uid=%s)(memberOf=cn=ROLADM-Satellite,cn=AdminRoles,cn=groups,DC=DC,DC=net",
        "ldap_mappings": {
                "dn": "dn",
                "mail": "mail",
                "uid": "uid",
                "cn": "cn"
        },
        "ldap_enable": true,
        "ldap_needtls": true,
 }

The browser does give me this:

WebSocket connection to 'wss://semaphore.net/api/ws' failed: HTTP Authentication failed; no valid credentials available

Impact

Web-Frontend (what users interact with)

Installation method

Package

Database

Postgres

Browser

Microsoft Edge

Semaphore Version

semaphore version
2.12.17-5767d93-1741607578

Ansible Version



Logs & errors


No response


Manual installation - system information


Linux 5.14.0-503.31.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Mar 6 09:41:44 EST 2025 x86_64 x86_64 x86_64 GNU/Linux


nginx reverse proxy


Configuration


No response


Additional information


Do I need to do something like this? https://serverfault.com/questions/1144501/nginx-as-forward-proxy-for-secure-ldap

      		
    

      
  





        



            
            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @fiftin
fiftin




              self-assigned this


      Apr 19, 2025

    

  



    


    

    

      
    

    


      

          @fiftin
fiftin




          added this to the   2.14 milestone


      Apr 19, 2025

    

  



  

  

    
  


  

    


      @fiftin
fiftin



        linked a pull request
        Apr 21, 2025
        that will
        close
        this issue





  

    
      feat(oidc): more detailed error messages and error validation
      #2944
  



  

      
   Open

  







  









      

  
      



  

  @kris9854





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  


  

    

  





      


        


  
    

      
          
Just a notice for you that if the user isn't having an email (from what i see you AD join). The claim fails. Try with an account that has an email in your AD.

also you are using ldaps://DC.net:636/

Please test with dc.net:636 instead

      		
    

  





        


            

            
            

              
            

        

      


      

            
  

    
  
    
    

  

  


    
















  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

      

        

  
      @fiftin
  
    fiftin
    

      








      


  


  

    Labels
  



    

      

    enhancement









      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      
    
  
    2.14
  





    
      
          


  

    

      
        

          
    

    Development
  




            
  
Successfully merging a pull request may close this issue.





    


  
          
      feat(oidc): more detailed error messages and error validation

    
      semaphoreui/semaphore
    





      
    

  




      

    

  
      

  

    

      3 participants
    

    

        
          @fiftin 
        
          @kris9854 
        
          @rob518183