search

Seji64 / LAPS-WebUI

A nice and simple Web Interface for LAPS (Local Administrator Password Solution)
MIT License
29 stars 6 forks source link

Is there support for Windows LAPS? #27

Open needthisforctf opened 4 weeks ago

needthisforctf commented 4 weeks ago

I'm running LAPS-WebUI using Docker on Linux, connection to ldap goes through, I can login with my username, but search for any ComputerName yields no results despite computers clearly being under SearchBase DN. No errors in logs.

I low-key suspect that the issue arises due to the fact that I'm using Windows LAPS instead of now deprecated Microsoft LAPS, but can't say for sure.

My docker-compose:

services:
    laps-webui:
        restart: always
        image: ghcr.io/seji64/laps-webui:1.6
        ports:
            - 8080:8080
        environment:
            - Domains__0__Name=Contoso
            - Domains__0__Ldap__Server=dc01.contoso.loc
            - Domains__0__Ldap__Port=636
            - Domains__0__Ldap__UseSSL=true
            - Domains__0__Ldap__TrustAllCertificates=true
            - Domains__0__Ldap__SearchBase='OU=Depts,OU=Contoso,DC=contoso,DC=loc'
Seji64 commented 4 weeks ago

Anything in the Container log? Are you sure you have enabled LDAPS on your Domain Controller? (Maybe Go First with 389)

needthisforctf commented 4 weeks ago

OK, so LDAPS is enabled, but certificate is self-signed and root CA is not imported on docker machine, so I decided to do as you said and try 389 — still doesn't work, still in the same way. Nothing too sus in logs of the container:

laps-webui-1  | [19:16:12 WRN] Storing keys in a directory '/home/app/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning
laps-webui-1  | [19:16:12 WRN] Storing keys in a directory '/home/app/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning
laps-webui-1  | [19:16:12 WRN] No XML encryptor configured. Key {***} may be persisted to storage in unencrypted form.
laps-webui-1  | [19:16:12 WRN] No XML encryptor configured. Key {***} may be persisted to storage in unencrypted form.
laps-webui-1  | [19:16:39 WRN] Failed to determine the https port for redirect.
laps-webui-1  | [19:16:39 WRN] Failed to determine the https port for redirect.
laps-webui-1  | [19:16:40 INF] HTTP GET / responded 200 in 429.7660 ms
laps-webui-1  | [19:16:40 INF] HTTP GET / responded 200 in 429.7660 ms
laps-webui-1  | [19:16:40 INF] HTTP GET /_framework/blazor.server.js responded 200 in 30.7275 ms
laps-webui-1  | [19:16:40 INF] HTTP GET /_framework/blazor.server.js responded 200 in 30.7275 ms
laps-webui-1  | [19:16:40 INF] HTTP GET /_blazor/initializers responded 200 in 6.2545 ms
laps-webui-1  | [19:16:40 INF] HTTP GET /_blazor/initializers responded 200 in 6.2545 ms
laps-webui-1  | [19:16:40 INF] HTTP POST /_blazor/negotiate responded 200 in 13.3014 ms
laps-webui-1  | [19:16:40 INF] HTTP POST /_blazor/negotiate responded 200 in 13.3014 ms
laps-webui-1  | [19:16:42 INF] HTTP GET /healthz responded 200 in 9.6422 ms
needthisforctf commented 3 weeks ago

@Seji64, anything on this?