Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't contact LDAP server #20

Open
dom6770 opened this issue Apr 16, 2024 · 2 comments
Open

Can't contact LDAP server #20

dom6770 opened this issue Apr 16, 2024 · 2 comments

Comments

@dom6770
Copy link

dom6770 commented Apr 16, 2024

We're currently trying to migrate our bare-metal installation of Group Office to a docker container. So far, everythings works except LDAP. It's 1:1 the same configuration as in our working non-docker instance, but yet in docker it says "Can't contact LDAP server", which is weird.

#7 {main}root@test-groupoffice:/usr/local/share/groupoffice# php cli.php community/ldapauthenticator/Sync/test --id=2 --username=fenrir --debug=1
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][log][go\modules\community\ldapauthenticator\model\Server:217] Connect to ldaps://kerberos.example.intern:7636
Connected
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][log][go\modules\community\ldapauthenticator\cli\controller\Sync:56] Find DN: "ou=SP-Users,dc=example,dc=at", Query: "uid=fenrir"
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][log][go\core\ErrorHandler:117] ErrorHandler::exceptionHandler() called with ErrorException
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][error][go\core\ErrorHandler:72] ErrorException in /usr/local/share/groupoffice/go/core/ldap/Record.php at line 98: ldap_search(): Search: Can't contact LDAP server
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][error][go\core\ErrorHandler:81] #0 [internal function]: go\core\ErrorHandler::errorHandler(2, 'ldap_search(): ...', '/usr/local/shar...', 98, Array)
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][error][go\core\ErrorHandler:81] #1 /usr/local/share/groupoffice/go/core/ldap/Record.php(98): ldap_search(Resource id #115, 'ou=SP-Users,dc=...', 'uid=fenrir')
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][error][go\core\ErrorHandler:81] #2 /usr/local/share/groupoffice/go/modules/community/ldapauthenticator/cli/controller/Sync.php(56): go\core\ldap\Record::find(Object(go\core\ldap\Connection), 'ou=SP-Users,dc=...', 'uid=fenrir')
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][error][go\core\ErrorHandler:81] #3 [internal function]: go\modules\community\ldapauthenticator\cli\controller\Sync->test('2', 'fenrir')
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][error][go\core\ErrorHandler:81] #4 /usr/local/share/groupoffice/go/core/cli/Router.php(186): call_user_func_array(Array, Array)
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][error][go\core\ErrorHandler:81] #5 /usr/local/share/groupoffice/go/core/cli/Router.php(127): go\core\cli\Router->callMethod(Object(go\modules\community\ldapauthenticator\cli\controller\Sync), 'test', Array)
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][error][go\core\ErrorHandler:81] #6 /usr/local/share/groupoffice/cli.php(42): go\core\cli\Router->run()
109 [2024-04-16 13:30:20][cli: community/ldapauthenticator/Sync/test][error][go\core\ErrorHandler:81] #7 {main}
Uncaught exception: ErrorException in /usr/local/share/groupoffice/go/core/ldap/Record.php at line 98: ldap_search(): Search: Can't contact LDAP server at 2024-04-16T13:30:20+00:00

#0 [internal function]: go\core\ErrorHandler::errorHandler(2, 'ldap_search(): ...', '/usr/local/shar...', 98, Array)
#1 /usr/local/share/groupoffice/go/core/ldap/Record.php(98): ldap_search(Resource id #115, 'ou=SP-Users,dc=...', 'uid=fenrir')
#2 /usr/local/share/groupoffice/go/modules/community/ldapauthenticator/cli/controller/Sync.php(56): go\core\ldap\Record::find(Object(go\core\ldap\Connection), 'ou=SP-Users,dc=...', 'uid=fenrir')
#3 [internal function]: go\modules\community\ldapauthenticator\cli\controller\Sync->test('2', 'fenrir')
#4 /usr/local/share/groupoffice/go/core/cli/Router.php(186): call_user_func_array(Array, Array)
#5 /usr/local/share/groupoffice/go/core/cli/Router.php(127): go\core\cli\Router->callMethod(Object(go\modules\community\ldapauthenticator\cli\controller\Sync), 'test', Array)
#6 /usr/local/share/groupoffice/cli.php(42): go\core\cli\Router->run()
#7 {main}


Debug dump: 

Connect to ldaps://kerberos.example.intern:7636
Find DN: "ou=SP-Users,dc=example,dc=at", Query: "uid=fenrir"
ErrorHandler::exceptionHandler() called with ErrorException
ErrorException in /usr/local/share/groupoffice/go/core/ldap/Record.php at line 98: ldap_search(): Search: Can't contact LDAP server
#0 [internal function]: go\core\ErrorHandler::errorHandler(2, 'ldap_search(): ...', '/usr/local/shar...', 98, Array)
#1 /usr/local/share/groupoffice/go/core/ldap/Record.php(98): ldap_search(Resource id #115, 'ou=SP-Users,dc=...', 'uid=fenrir')
#2 /usr/local/share/groupoffice/go/modules/community/ldapauthenticator/cli/controller/Sync.php(56): go\core\ldap\Record::find(Object(go\core\ldap\Connection), 'ou=SP-Users,dc=...', 'uid=fenrir')
#3 [internal function]: go\modules\community\ldapauthenticator\cli\controller\Sync->test('2', 'fenrir')
#4 /usr/local/share/groupoffice/go/core/cli/Router.php(186): call_user_func_array(Array, Array)
#5 /usr/local/share/groupoffice/go/core/cli/Router.php(127): go\core\cli\Router->callMethod(Object(go\modules\community\ldapauthenticator\cli\controller\Sync), 'test', Array)
#6 /usr/local/share/groupoffice/cli.php(42): go\core\cli\Router->run()

By installing ping and telnet inside the docker container, I can ping kerberos.example.intern, and telnet kerberos.example.internet 7363 without any issue. We use Univention LDAP.
@dom6770
Copy link
Author

dom6770 commented Apr 16, 2024 

LDAP Port
The UCS LDAP service can be reached via ports 7389 (unsecure) and 7636 (TLS encrypted). The UCS LDAP service has two dedicated ports:

Port 7389 (unsecure)
Port 7636 (TLS encrypted)

The unsecure port seems to work, but the TLS port not. When I use the encrypted port and TLS I get
You have errors in your form. The invalid fields are marked. pointing to the hostname filed, when I select SSL I only get
Failed to query user for authentication: ldap_search(): Search: Can't contact LDAP server. In both cases "Verify SSL certicate" is enabled. I even tried to build my own image which imports the UCS CA without any luck.

@mschering
Copy link
Member

Is the server using a valid certificate? I noticed it will report that message also when TLS fails:

image

See also: https://serverfault.com/questions/628777/cant-contact-ldap-server-with-ldaps-in-docker

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mschering @dom6770