Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

[BUG] Failed to connect to LDAP server #335

Closed
ymarkus opened this issue Jan 27, 2022 · 4 comments
Closed

[BUG] Failed to connect to LDAP server #335

ymarkus opened this issue Jan 27, 2022 · 4 comments

Comments

@ymarkus
Copy link

ymarkus commented Jan 27, 2022
edited
Loading

Describe the bug
For some reason kimai will not connect to my Samba AD. There is not even a connection attempt logged in the samba server, so I guess it's either a bug or a config issue on my end.

To Reproduce
Steps to reproduce the behaviour:

  1. Start the container with my config file below
  2. Try to login with domain user
  3. "Authentication request could not be processed due to a system problem."

Desktop (please complete the following information):

  • OS: Synology DSM
  • Docker version: 20.10.3, build b455053
  • Docker compose version: 1.28.5, build 324b023a

Command used to run the container

  • docker-compose up -d

Docker compose file (with passwords redacted)

version: '3.5'
services:

  sqldb:
    image: mysql:5.7
    environment:
      - MYSQL_DATABASE=kimai
      - MYSQL_USER=kimaiuser
      - MYSQL_PASSWORD=kimaipassword
      - MYSQL_ROOT_PASSWORD=changemeplease
    volumes:
      - ./mysql:/var/lib/mysql
    command: --default-storage-engine innodb
    restart: unless-stopped
    healthcheck:
      test: mysqladmin -p$$MYSQL_ROOT_PASSWORD ping -h localhost
      interval: 20s
      start_period: 10s
      timeout: 10s
      retries: 3

  nginx:
    image: tobybatch/nginx-fpm-reverse-proxy
    ports:
      - 8001:80
    volumes:
      - ./public:/opt/kimai/public:ro
    restart: unless-stopped
    depends_on:
      - kimai
    healthcheck:
      test:  wget --spider http://nginx/health || exit 1
      interval: 20s
      start_period: 10s
      timeout: 10s
      retries: 3

  kimai: # This is the latest FPM image of kimai
    image: kimai/kimai2:fpm
    environment:
      - [email protected]
      - ADMINPASS=changemeplease
      - DATABASE_URL=mysql://kimaiuser:kimaipassword@sqldb/kimai
      - TRUSTED_HOSTS=nginx,localhost,127.0.0.1,<MYIP>
      - APP_ENV=dev
    volumes:
      - ./public:/opt/kimai/public
      - ./local.yaml:/opt/kimai/config/packages/local.yaml:z
      # - ./var:/opt/kimai/var
      # - ./ldap.conf:/etc/openldap/ldap.conf:z
      # - ./ROOT-CA.pem:/etc/ssl/certs/ROOT-CA.pem:z
    restart: unless-stopped

  postfix:
    image: catatnight/postfix:latest
    environment:
      maildomain: neontribe.co.uk
      smtp_user: kimai:kimai
    restart: unless-stopped

Additional context
local.yaml: (I've also tried to change the uppercase stuff to lowercase, but same thing...)

kimai:
    ldap:
        activate: true
        connection:
            host: odin.corp.<DOMAIN>
            username: CN=Kimai,OU=Dienstaccounts,OU=Benutzer,DC=<>,DC=<>,DC=<>
            password: <PASSWORD>
            accountDomainName: corp.<DOMAIN>
            accountDomainNameShort: <DOMAINNAME>
            accountFilterFormat: (&(objectClass=Person)(sAMAccountName=%s))
        user:
            baseDn: OU=Benutzer,DC=<>,DC=<>,DC=<>
            filter: (&(objectClass=Person))
            usernameAttribute: samaccountname
            attributesFilter: (objectClass=Person)
            attributes:
                - { ldap_attr: mail, user_method: setEmail }
                - { ldap_attr: displayname, user_method: setAlias }
                - { ldap_attr: samaccountname,  user_method: setUsername }
        role:
            baseDn: OU=Benutzer,DC=<>,DC=<>,DC=<>
            filter: (&(objectClass=group))
            groups:
                - { ldap_value: Leads, role: ROLE_TEAMLEAD }
                - { ldap_value: Sysadmins, role: ROLE_SUPER_ADMIN }
                - { ldap_value: Users, role: ROLE_USER }

dev.log:

[2022-01-27 11:39:48] app.DEBUG: ldap_search(OU=Benutzer,DC=<>,DC=<>,DC=<>, (&(&(objectClass=Person))(samaccountname=ymarkus)), array["+","*"]) {"action":"ldap_search","base_dn":"OU=Benutzer,DC=<>,DC=<>,DC=<>","filter":"(&(&(objectClass=Person))(samaccountname=ymarkus))","attributes":["+","*"]} []
[2022-01-27 11:39:48] app.DEBUG: Laminas\Ldap\Exception\LdapException: Failed to connect to LDAP server: odin.corp.<DOMAIN>:389 in /opt/kimai/vendor/laminas/laminas-ldap/src/Ldap.php:863 Stack trace: #0 /opt/kimai/vendor/laminas/laminas-ldap/src/Ldap.php(943): Laminas\Ldap\Ldap->connect() #1 /opt/kimai/src/Ldap/LdapDriver.php(94): Laminas\Ldap\Ldap->bind() #2 /opt/kimai/src/Ldap/LdapManager.php(57): App\Ldap\LdapDriver->search() #3 /opt/kimai/src/Ldap/LdapManager.php(45): App\Ldap\LdapManager->findUserBy() #4 /opt/kimai/src/Ldap/LdapUserProvider.php(39): App\Ldap\LdapManager->findUserByUsername() #5 /opt/kimai/vendor/symfony/security-core/User/ChainUserProvider.php(56): App\Ldap\LdapUserProvider->loadUserByUsername() #6 /opt/kimai/src/Security/KimaiUserProvider.php(65): Symfony\Component\Security\Core\User\ChainUserProvider->loadUserByUsername() #7 /opt/kimai/src/Ldap/LdapAuthenticationProvider.php(62): App\Security\KimaiUserProvider->loadUserByUsername() #8 /opt/kimai/vendor/symfony/security-core/Authentication/Provider/UserAuthenticationProvider.php(66): App\Ldap\LdapAuthenticationProvider->retrieveUser() #9 /opt/kimai/vendor/symfony/security-core/Authentication/AuthenticationProviderManager.php(85): Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider->authenticate() #10 /opt/kimai/vendor/symfony/security-http/Firewall/UsernamePasswordFormAuthenticationListener.php(100): Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate() #11 /opt/kimai/vendor/symfony/security-http/Firewall/AbstractAuthenticationListener.php(141): Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener->attemptAuthentication() #12 /opt/kimai/vendor/symfony/security-bundle/Debug/WrappedLazyListener.php(49): Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->authenticate() #13 /opt/kimai/vendor/symfony/security-http/Firewall/AbstractListener.php(27): Symfony\Bundle\SecurityBundle\Debug\WrappedLazyListener->authenticate() #14 /opt/kimai/vendor/symfony/security-bundle/Debug/TraceableFirewallListener.php(62): Symfony\Component\Security\Http\Firewall\AbstractListener->__invoke() #15 /opt/kimai/vendor/symfony/security-http/Firewall.php(98): Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener->callListeners() #16 /opt/kimai/vendor/symfony/event-dispatcher/Debug/WrappedListener.php(126): Symfony\Component\Security\Http\Firewall->onKernelRequest() #17 /opt/kimai/vendor/symfony/event-dispatcher/EventDispatcher.php(264): Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke() #18 /opt/kimai/vendor/symfony/event-dispatcher/EventDispatcher.php(239): Symfony\Component\EventDispatcher\EventDispatcher->doDispatch() #19 /opt/kimai/vendor/symfony/event-dispatcher/EventDispatcher.php(73): Symfony\Component\EventDispatcher\EventDispatcher->callListeners() #20 /opt/kimai/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php(168): Symfony\Component\EventDispatcher\EventDispatcher->dispatch() #21 /opt/kimai/vendor/symfony/http-kernel/HttpKernel.php(134): Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch() #22 /opt/kimai/vendor/symfony/http-kernel/HttpKernel.php(80): Symfony\Component\HttpKernel\HttpKernel->handleRaw() #23 /opt/kimai/vendor/symfony/http-kernel/Kernel.php(201): Symfony\Component\HttpKernel\HttpKernel->handle() #24 /opt/kimai/public/index.php(32): Symfony\Component\HttpKernel\Kernel->handle() #25 {main} {"exception":"[object] (Laminas\\Ldap\\Exception\\LdapException(code: -1): Failed to connect to LDAP server: odin.corp.<DOMAIN>:389 at /opt/kimai/vendor/laminas/laminas-ldap/src/Ldap.php:863)"} []
@DerpgonCz
Copy link

Hello, I also found out LDAP does not work. And this was a peculiar one.

Docker uses PHP 8.1+, this is important because of this.

The package, laminas/laminas-ldap, while claiming to work with PHP 8.1 (as specified here), it checks if the result of ldap_connect is a resource.

Cross-linking: laminas/laminas-ldap#24

@tobybatch
Copy link
Owner

Thanks @ymarkus and @DerpgonCz

The LDAP stuff hasn't been looked at for some time (years?). This is a core Kimai bug no a container one. BUT I was the person who did the early work that got LDAP into the core product.

I'll check this with @kevinpapst and we'll see if we can fix it.

Is there any chance one of you could install a native copy of Kimai and follow the instructions here: https://www.kimai.org/documentation/ldap.html and see if the bug is reproducable.

@kevinpapst
Copy link
Collaborator

This is an upstream bug in Laminas LDAP and not in Kimai.
But you can "easily" (I hope it is easy) workaround by using PHP 8.0 in the container.
Which should be done anyways, because Kimai never announced 8.1 compatibility 😁

@tobybatch
Copy link
Owner

tobybatch commented Jan 28, 2022
edited
Loading

🖖 Over eager dependabot. I'll roll back the php version and re-build the current images

@ymarkus ymarkus mentioned this issue Jan 29, 2022
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: rollback to php8.0 ymarkus/kimai2-docker
4 participants
@tobybatch @kevinpapst @DerpgonCz @ymarkus