The volume /app/.cache/ is not mapped in the Docker container

[KrzysztofKiser]

Hi there,

I've encountered an issue with the Wrapper, where is stops working whenever the LDAP_SAMBANTPWD_MAXCACHETIME is set to anything other than 0. The volume is mapped correctly as I can see all other files in there.

`2024-04-01T14:39:52.613865860Z ERROR: 2024-04-01T14:39:52.612Z: index.js start This config is invalid. Please fix the errors:

2024-04-01T14:39:52.615065176Z ERROR: 2024-04-01T14:39:52.614Z: index.js start [

2024-04-01T14:39:52.615075789Z 'config',

2024-04-01T14:39:52.615081382Z 'The volume /app/.cache/ is not mapped in the Docker container. You will lose your cached credentials from time to time and therefore have problems with Samba access. If you do not intend to cache the credentials, set the environment variable LDAP_SAMBANTPWD_MAXCACHETIME to 0.'`

Any ideas on what might be causing the issue and how to fix it?

[ahaenggli]

Where do you use the container? Is it a synology nas or a different type of setup?

Do you perhaps have a typing error in the volume mapping? Slashes at the begin of the paths are also often forgotten => /volume1/docker/ldap:/app/.cache

When starting, the system only checks whether a file with the name IshouldNotExist.txt exists in the cache folder. If this is the case, the error message is displayed. The text file does not exist if the image directory is replaced with a volume mapping.

Did you maybe create the volume mapping later and moved all files to the new mapped folder? If so, just delete the txt file locally or empty the whole mapped folder.

[KrzysztofKiser]

I am running the container on an Ubuntu server with Portainer. I've created a local volume for the container and mapped it to /app/.cache before first run.

The container works in general, but fails whenever the LDAP_SAMBANTPWD_MAXCACHETIME is set to anything else than 0.

[ahaenggli]

I can't reproduce it yet. I tried it with values 500 and 123456789. What happens if you do not set LDAP_SAMBANTPWD_MAXCACHETIME? (It should then be set to -1 as default, so also not 0)

Can you open the sh console in portainer for the container? What do the following commands output?

ls -lah
ls -lah .cache

my output as a reference:

[KrzysztofKiser]

If I don't set LDAP_SAMBANTPWD_MAXCACHETIME the container fails to run right after creation with the same error message.

Here's the output:

/app # ls -lah
total 304K   
drwxr-xr-x    1 node     node        4.0K Jul 21  2023 .
drwxr-xr-x    1 root     root        4.0K Apr  7 07:10 ..
drwx------    2 node     node       12.0K Apr  4 13:10 .cache
-rwxr-xr-x    1 node     node         704 May 19  2023 .eslintrc.json
-rwxr-xr-x    1 node     node          60 Jul 21  2023 AzureAD-LDAP-wrapper.code-workspace
-rwxr-xr-x    1 node     node         305 Jul 12  2023 Docker_build_DEV.cmd
-rwxr-xr-x    1 node     node         603 Jun 18  2023 Docker_build_PROD.cmd
-rwxr-xr-x    1 node     node        1.1K Aug 22  2021 LICENSE
drwxr-xr-x    2 node     node        4.0K May 19  2023 customizer
-rwxr-xr-x    1 node     node         284 May 19  2023 entrypoint.sh
-rwxr-xr-x    1 node     node         879 May 19  2023 index.js
drwxr-xr-x   57 node     node        4.0K Jul 21  2023 node_modules
-rwxr-xr-x    1 node     node      233.9K Jul 21  2023 package-lock.json
-rwxr-xr-x    1 node     node        1.3K Jul 19  2023 package.json
drwxr-xr-x    2 node     node        4.0K May 19  2023 schema
drwxr-xr-x    2 node     node        4.0K Jul 21  2023 src
/app # ls -lah .cache
total 812K   
drwx------    2 node     node       12.0K Apr  4 13:10 .
drwxr-xr-x    1 node     node        4.0K Jul 21  2023 ..
-rwx------    1 node     node          81 Jul 21  2023 IshouldNotExist.txt
-rwx------    1 node     node      227.6K Apr  7 07:11 azure.json
-rwx------    1 node     node      167.9K Apr  7 07:10 groups.json
-rwx------    1 node     node       11.3K Apr  7 07:10 members_All Users.json
-rwx------    1 node     node         441 Apr  7 07:11 members_Security.Bazarr.Users.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.ChangeDetector.Users.json
-rwx------    1 node     node         852 Apr  7 07:11 members_Security.CloudFlareAppLauncher.Users.json
-rwx------    1 node     node         877 Apr  7 07:11 members_Security.Confluence.2FA.NotRequired.json
-rwx------    1 node     node         886 Apr  7 07:10 members_Security.Confluence.2FA.Required.json
-rwx------    1 node     node        1.3K Apr  7 07:10 members_Security.Confluence.Admins.json
-rwx------    1 node     node        1.3K Apr  7 07:10 members_Security.Confluence.BackDoorAccess.Allowed.json
-rwx------    1 node     node         886 Apr  7 07:11 members_Security.Confluence.ExternalShare.Users.json
-rwx------    1 node     node         886 Apr  7 07:11 members_Security.Confluence.Spaces.KnowledgeBase.json
-rwx------    1 node     node         886 Apr  7 07:11 members_Security.Confluence.Spaces.LearningCenter.json
-rwx------    1 node     node         886 Apr  7 07:10 members_Security.Confluence.Spaces.M365.json
-rwx------    1 node     node         886 Apr  7 07:11 members_Security.Confluence.Spaces.NetworkAndInfrastructure.json
-rwx------    1 node     node         886 Apr  7 07:11 members_Security.Confluence.Spaces.NetworkApplications.json
-rwx------    1 node     node         886 Apr  7 07:10 members_Security.Confluence.Spaces.Personal.json
-rwx------    1 node     node         886 Apr  7 07:10 members_Security.Confluence.Spaces.PersonalJournal.json
-rwx------    1 node     node         886 Apr  7 07:11 members_Security.Confluence.Spaces.Playground.json
-rwx------    1 node     node        1.7K Apr  7 07:11 members_Security.Confluence.Users.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.Deemix.Users.json
-rwx------    1 node     node         852 Apr  7 07:11 members_Security.DiskStationManager.Users.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.InternalDashboard.Users.json
-rw-r--r--    1 node     node        1.1K Apr  7 07:10 members_Security.Intune.DiskEncryption.json
-rw-r--r--    1 node     node        1.1K Apr  7 07:11 members_Security.Intune.LocalAdminPasswordSolution.json
-rw-r--r--    1 node     node        1.1K Apr  7 07:11 members_Security.Intune.RefreshPolicies.json
-rw-r--r--    1 node     node        1.1K Apr  7 07:10 members_Security.Intune.VirtualMachines.json
-rw-r--r--    1 node     node        1.1K Apr  7 07:11 members_Security.Intune.WindowsInsiders.json
-rwx------    1 node     node         841 Apr  7 07:10 members_Security.Jira.2FA.NotRequired.json
-rwx------    1 node     node        1.2K Apr  7 07:11 members_Security.Jira.2FA.Required.json
-rwx------    1 node     node        1.3K Apr  7 07:11 members_Security.Jira.Admins.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.AdvancedRoadmaps.Admin.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.AdvancedRoadmaps.User.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.AdvancedRoadmaps.Viewer.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Assets.Admin.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Assets.Household.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Assets.Infrastructure.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Assets.NoLongerOwned.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Assets.PersonalElectronics.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Assets.PersonalItems.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Assets.SoftwareLicenses.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Assets.Users.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.AutomationRestrictedActions.json
-rwx------    1 node     node        1.3K Apr  7 07:11 members_Security.Jira.BackDoorAccess.Allowed.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.DashboardHub.Users.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Projects.HireRight.Admin.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Projects.HireRight.User.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Projects.NetworkAndInfrustructure.Admin.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Projects.NetworkAndInfrustructure.User.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Projects.Payments.Admin.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Projects.Payments.User.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Projects.Travel.Admin.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Projects.Travel.User.json
-rwx------    1 node     node        1.2K Apr  7 07:10 members_Security.Jira.ServiceDesk.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Structure.Admins.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Structure.Automation.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Structure.ConfigureEffectors.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Structure.ConfigureGenerators.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Structure.CreateStructures.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Structure.ExecuteEffectors.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.Structure.ManageGlobalSavedColumns.json
-rwx------    1 node     node         429 Apr  7 07:10 members_Security.Jira.Structure.Users.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.TimeTracker.Admin.json
-rwx------    1 node     node         429 Apr  7 07:11 members_Security.Jira.TimeTracker.User.json
-rwx------    1 node     node        1.7K Apr  7 07:11 members_Security.Jira.Users.json
-rw-r--r--    1 node     node         441 Apr  7 07:11 members_Security.M365.Admin.FullAccess.json
-rwx------    1 node     node         441 Apr  7 07:11 members_Security.M365.Intune.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.M365.Licensing.Microsoft.ADPremiumP2.json
-rwx------    1 node     node         441 Apr  7 07:11 members_Security.M365.Licensing.Microsoft.BusinessStandard.json
-rwx------    1 node     node         441 Apr  7 07:11 members_Security.M365.Licensing.Microsoft.PowerAutomate.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.M365.Licensing.Microsoft.PowerBI.json
-rwx------    1 node     node         441 Apr  7 07:11 members_Security.M365.Loop.json
-rw-r--r--    1 node     node         441 Apr  7 07:11 members_Security.M365.OfficeInsiders.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.M365.SelfPasswordReset.json
-rwx------    1 node     node        3.3K Apr  7 07:10 members_Security.M365.ServiceAccounts.json
-rwx------    1 node     node         441 Apr  7 07:11 members_Security.NZBGet.Users.json
-rwx------    1 node     node         852 Apr  7 07:10 members_Security.OVH.Admin.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.Okta.Admin.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.Portainer.Admins.json
-rwx------    1 node     node         852 Apr  7 07:10 members_Security.Portainer.Users.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.Prowlarr.Users.json
-rwx------    1 node     node         441 Apr  7 07:11 members_Security.Proxmox.Admins.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.ProxyManager.Users.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.Radarr.Users.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.SharePoint.ExternalSharing.Allow.json
-rwx------    1 node     node         416 Apr  7 07:11 members_Security.SharePoint.Home.Read.json
-rwx------    1 node     node         416 Apr  7 07:10 members_Security.SharePoint.Purchases.Full.json
-rwx------    1 node     node         852 Apr  7 07:10 members_Security.Sonarr.Users.json
-rwx------    1 node     node         441 Apr  7 07:11 members_Security.Syncthing.NAS.Users.json
-rwx------    1 node     node         441 Apr  7 07:11 members_Security.Syncthing.UbuntuDocker.Users.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.SynologyDS.Admin.json
-rwx------    1 node     node         441 Apr  7 07:10 members_Security.pgAdmin.Users.json
-rwx------    1 node     node         441 Apr  7 07:11 members_‎Security.SharePoint.All.Admin.json
-rwx------    1 node     node         441 Apr  7 07:11 members_‎Security.SharePoint.Jobs.Full.json
-rwx------    1 node     node       17.8K Apr  7 07:11 users.json
/app # 

[ahaenggli]

Did you create a volume in Portainer and map it to the container, or are you using a host directory?

Using a volume (myTest123), I am able to reproduce the issue. It seems like the Portainer volume copies the default files into it. So, for the wrapper, it appears that the folder wasn't mapped.

Solution: Manually delete the file IshouldNotExist.txt. I'll add a warning in the docs to keep this behavior in mind.

[KrzysztofKiser]

Thanks. After removing the mentioned file, it all started working, however, not sure if it's related to this, I cannot authenticate (join a device to the LDAP) using the credentials provided in LDAP_BINDUSER I keep getting: server.js server.bind ldapconnect@xxxxx.eu Failed login -> mybe not synced yet?

I have checked multiple times and I am entering the exact credentials as stored in the LDAP_BINDUSER. Also, the user provided in LDAP_BINDUSER does not exist in Azure.

I can bind with any user synced from Azure, but since I want to be able to use SMB as well, I need to use a non-Azure user to bind. Unless I'm mistaken?

[ahaenggli]

Did you follow the guide to connect your nas/samba?

[KrzysztofKiser]

Yes, I followed this guide.

I can join my NAS to the wrapper with Azure synced account, but I cannot use the one specified in LDAP_BINDUSER. The authentication fails each time I try.

[ahaenggli]

Strange... If you put "uid=" in front of the username from the env variable as in the description, it should always work. How did you set the env variables? "Normal" as a parameter or did you do it in some other way (e.g. mapped env-file)? Can you set the env var LDAP_DEBUG to true? Is there then more detailed output in the log?

[KrzysztofKiser]

I set up the ENV variable in Portainer:

I tried entering just the username, then with uid=username and then with uid=username,cn=users,dc=domain,dc=tld - none worked (of course I replaced the values with the correct ones).

I also just set the LDP_DEBUG to true and there are no more information in the logs, apart from what I was getting before: Failed login -> mybe not synced yet?

[ahaenggli]

Remove your domain from the username in the env var. Just write something like LDAP_BINDUSER=ldapsearch|mySecretPW.

[KrzysztofKiser]

Removed the domain from the username, but still getting the same error

[ahaenggli]

Hm... Last idea: maybe a js problem with the CamelCase. Can you try writing the username in lowercase only?

[KrzysztofKiser]

Writing the username all in lowercase has worked.

Thank you so much for your help!