Closed KrzysztofKiser closed 4 months ago
Where do you use the container? Is it a synology nas or a different type of setup?
Do you perhaps have a typing error in the volume mapping?
Slashes at the begin of the paths are also often forgotten => /volume1/docker/ldap:/app/.cache
When starting, the system only checks whether a file with the name IshouldNotExist.txt exists in the cache folder. If this is the case, the error message is displayed. The text file does not exist if the image directory is replaced with a volume mapping.
Did you maybe create the volume mapping later and moved all files to the new mapped folder? If so, just delete the txt file locally or empty the whole mapped folder.
I am running the container on an Ubuntu server with Portainer.
I've created a local volume for the container and mapped it to /app/.cache
before first run.
The container works in general, but fails whenever the LDAP_SAMBANTPWD_MAXCACHETIME
is set to anything else than 0.
I can't reproduce it yet. I tried it with values 500 and 123456789.
What happens if you do not set LDAP_SAMBANTPWD_MAXCACHETIME
? (It should then be set to -1 as default, so also not 0)
Can you open the sh console in portainer for the container? What do the following commands output?
ls -lah
ls -lah .cache
my output as a reference:
If I don't set LDAP_SAMBANTPWD_MAXCACHETIME
the container fails to run right after creation with the same error message.
Here's the output:
/app # ls -lah
total 304K
drwxr-xr-x 1 node node 4.0K Jul 21 2023 .
drwxr-xr-x 1 root root 4.0K Apr 7 07:10 ..
drwx------ 2 node node 12.0K Apr 4 13:10 .cache
-rwxr-xr-x 1 node node 704 May 19 2023 .eslintrc.json
-rwxr-xr-x 1 node node 60 Jul 21 2023 AzureAD-LDAP-wrapper.code-workspace
-rwxr-xr-x 1 node node 305 Jul 12 2023 Docker_build_DEV.cmd
-rwxr-xr-x 1 node node 603 Jun 18 2023 Docker_build_PROD.cmd
-rwxr-xr-x 1 node node 1.1K Aug 22 2021 LICENSE
drwxr-xr-x 2 node node 4.0K May 19 2023 customizer
-rwxr-xr-x 1 node node 284 May 19 2023 entrypoint.sh
-rwxr-xr-x 1 node node 879 May 19 2023 index.js
drwxr-xr-x 57 node node 4.0K Jul 21 2023 node_modules
-rwxr-xr-x 1 node node 233.9K Jul 21 2023 package-lock.json
-rwxr-xr-x 1 node node 1.3K Jul 19 2023 package.json
drwxr-xr-x 2 node node 4.0K May 19 2023 schema
drwxr-xr-x 2 node node 4.0K Jul 21 2023 src
/app # ls -lah .cache
total 812K
drwx------ 2 node node 12.0K Apr 4 13:10 .
drwxr-xr-x 1 node node 4.0K Jul 21 2023 ..
-rwx------ 1 node node 81 Jul 21 2023 IshouldNotExist.txt
-rwx------ 1 node node 227.6K Apr 7 07:11 azure.json
-rwx------ 1 node node 167.9K Apr 7 07:10 groups.json
-rwx------ 1 node node 11.3K Apr 7 07:10 members_All Users.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.Bazarr.Users.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.ChangeDetector.Users.json
-rwx------ 1 node node 852 Apr 7 07:11 members_Security.CloudFlareAppLauncher.Users.json
-rwx------ 1 node node 877 Apr 7 07:11 members_Security.Confluence.2FA.NotRequired.json
-rwx------ 1 node node 886 Apr 7 07:10 members_Security.Confluence.2FA.Required.json
-rwx------ 1 node node 1.3K Apr 7 07:10 members_Security.Confluence.Admins.json
-rwx------ 1 node node 1.3K Apr 7 07:10 members_Security.Confluence.BackDoorAccess.Allowed.json
-rwx------ 1 node node 886 Apr 7 07:11 members_Security.Confluence.ExternalShare.Users.json
-rwx------ 1 node node 886 Apr 7 07:11 members_Security.Confluence.Spaces.KnowledgeBase.json
-rwx------ 1 node node 886 Apr 7 07:11 members_Security.Confluence.Spaces.LearningCenter.json
-rwx------ 1 node node 886 Apr 7 07:10 members_Security.Confluence.Spaces.M365.json
-rwx------ 1 node node 886 Apr 7 07:11 members_Security.Confluence.Spaces.NetworkAndInfrastructure.json
-rwx------ 1 node node 886 Apr 7 07:11 members_Security.Confluence.Spaces.NetworkApplications.json
-rwx------ 1 node node 886 Apr 7 07:10 members_Security.Confluence.Spaces.Personal.json
-rwx------ 1 node node 886 Apr 7 07:10 members_Security.Confluence.Spaces.PersonalJournal.json
-rwx------ 1 node node 886 Apr 7 07:11 members_Security.Confluence.Spaces.Playground.json
-rwx------ 1 node node 1.7K Apr 7 07:11 members_Security.Confluence.Users.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.Deemix.Users.json
-rwx------ 1 node node 852 Apr 7 07:11 members_Security.DiskStationManager.Users.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.InternalDashboard.Users.json
-rw-r--r-- 1 node node 1.1K Apr 7 07:10 members_Security.Intune.DiskEncryption.json
-rw-r--r-- 1 node node 1.1K Apr 7 07:11 members_Security.Intune.LocalAdminPasswordSolution.json
-rw-r--r-- 1 node node 1.1K Apr 7 07:11 members_Security.Intune.RefreshPolicies.json
-rw-r--r-- 1 node node 1.1K Apr 7 07:10 members_Security.Intune.VirtualMachines.json
-rw-r--r-- 1 node node 1.1K Apr 7 07:11 members_Security.Intune.WindowsInsiders.json
-rwx------ 1 node node 841 Apr 7 07:10 members_Security.Jira.2FA.NotRequired.json
-rwx------ 1 node node 1.2K Apr 7 07:11 members_Security.Jira.2FA.Required.json
-rwx------ 1 node node 1.3K Apr 7 07:11 members_Security.Jira.Admins.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.AdvancedRoadmaps.Admin.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.AdvancedRoadmaps.User.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.AdvancedRoadmaps.Viewer.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Assets.Admin.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Assets.Household.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Assets.Infrastructure.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Assets.NoLongerOwned.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Assets.PersonalElectronics.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Assets.PersonalItems.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Assets.SoftwareLicenses.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Assets.Users.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.AutomationRestrictedActions.json
-rwx------ 1 node node 1.3K Apr 7 07:11 members_Security.Jira.BackDoorAccess.Allowed.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.DashboardHub.Users.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Projects.HireRight.Admin.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Projects.HireRight.User.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Projects.NetworkAndInfrustructure.Admin.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Projects.NetworkAndInfrustructure.User.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Projects.Payments.Admin.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Projects.Payments.User.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Projects.Travel.Admin.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Projects.Travel.User.json
-rwx------ 1 node node 1.2K Apr 7 07:10 members_Security.Jira.ServiceDesk.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Structure.Admins.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Structure.Automation.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Structure.ConfigureEffectors.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Structure.ConfigureGenerators.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Structure.CreateStructures.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Structure.ExecuteEffectors.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.Structure.ManageGlobalSavedColumns.json
-rwx------ 1 node node 429 Apr 7 07:10 members_Security.Jira.Structure.Users.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.TimeTracker.Admin.json
-rwx------ 1 node node 429 Apr 7 07:11 members_Security.Jira.TimeTracker.User.json
-rwx------ 1 node node 1.7K Apr 7 07:11 members_Security.Jira.Users.json
-rw-r--r-- 1 node node 441 Apr 7 07:11 members_Security.M365.Admin.FullAccess.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.M365.Intune.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.M365.Licensing.Microsoft.ADPremiumP2.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.M365.Licensing.Microsoft.BusinessStandard.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.M365.Licensing.Microsoft.PowerAutomate.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.M365.Licensing.Microsoft.PowerBI.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.M365.Loop.json
-rw-r--r-- 1 node node 441 Apr 7 07:11 members_Security.M365.OfficeInsiders.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.M365.SelfPasswordReset.json
-rwx------ 1 node node 3.3K Apr 7 07:10 members_Security.M365.ServiceAccounts.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.NZBGet.Users.json
-rwx------ 1 node node 852 Apr 7 07:10 members_Security.OVH.Admin.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.Okta.Admin.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.Portainer.Admins.json
-rwx------ 1 node node 852 Apr 7 07:10 members_Security.Portainer.Users.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.Prowlarr.Users.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.Proxmox.Admins.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.ProxyManager.Users.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.Radarr.Users.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.SharePoint.ExternalSharing.Allow.json
-rwx------ 1 node node 416 Apr 7 07:11 members_Security.SharePoint.Home.Read.json
-rwx------ 1 node node 416 Apr 7 07:10 members_Security.SharePoint.Purchases.Full.json
-rwx------ 1 node node 852 Apr 7 07:10 members_Security.Sonarr.Users.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.Syncthing.NAS.Users.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.Syncthing.UbuntuDocker.Users.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.SynologyDS.Admin.json
-rwx------ 1 node node 441 Apr 7 07:10 members_Security.pgAdmin.Users.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.SharePoint.All.Admin.json
-rwx------ 1 node node 441 Apr 7 07:11 members_Security.SharePoint.Jobs.Full.json
-rwx------ 1 node node 17.8K Apr 7 07:11 users.json
/app #
Did you create a volume in Portainer and map it to the container, or are you using a host directory?
Using a volume (myTest123), I am able to reproduce the issue. It seems like the Portainer volume copies the default files into it. So, for the wrapper, it appears that the folder wasn't mapped.
Solution: Manually delete the file IshouldNotExist.txt
.
I'll add a warning in the docs to keep this behavior in mind.
Thanks. After removing the mentioned file, it all started working, however, not sure if it's related to this, I cannot authenticate (join a device to the LDAP) using the credentials provided in LDAP_BINDUSER
I keep getting: server.js server.bind ldapconnect@xxxxx.eu Failed login -> mybe not synced yet?
I have checked multiple times and I am entering the exact credentials as stored in the LDAP_BINDUSER
.
Also, the user provided in LDAP_BINDUSER
does not exist in Azure.
I can bind with any user synced from Azure, but since I want to be able to use SMB as well, I need to use a non-Azure user to bind. Unless I'm mistaken?
Yes, I followed this guide.
I can join my NAS to the wrapper with Azure synced account, but I cannot use the one specified in LDAP_BINDUSER
. The authentication fails each time I try.
Strange... If you put "uid=" in front of the username from the env variable as in the description, it should always work. How did you set the env variables? "Normal" as a parameter or did you do it in some other way (e.g. mapped env-file)? Can you set the env var LDAP_DEBUG to true? Is there then more detailed output in the log?
I set up the ENV variable in Portainer:
I tried entering just the username, then with uid=username and then with uid=username,cn=users,dc=domain,dc=tld - none worked (of course I replaced the values with the correct ones).
I also just set the LDP_DEBUG to true and there are no more information in the logs, apart from what I was getting before: Failed login -> mybe not synced yet?
Remove your domain from the username in the env var. Just write something like LDAP_BINDUSER=ldapsearch|mySecretPW
.
Removed the domain from the username, but still getting the same error
Hm... Last idea: maybe a js problem with the CamelCase. Can you try writing the username in lowercase only?
Writing the username all in lowercase has worked.
Thank you so much for your help!
Hi there,
I've encountered an issue with the Wrapper, where is stops working whenever the LDAP_SAMBANTPWD_MAXCACHETIME is set to anything other than 0. The volume is mapped correctly as I can see all other files in there.
`2024-04-01T14:39:52.613865860Z ERROR: 2024-04-01T14:39:52.612Z: index.js start This config is invalid. Please fix the errors:
2024-04-01T14:39:52.615065176Z ERROR: 2024-04-01T14:39:52.614Z: index.js start [
2024-04-01T14:39:52.615075789Z 'config',
2024-04-01T14:39:52.615081382Z 'The volume /app/.cache/ is not mapped in the Docker container. You will lose your cached credentials from time to time and therefore have problems with Samba access. If you do not intend to cache the credentials, set the environment variable LDAP_SAMBANTPWD_MAXCACHETIME to 0.'`
Any ideas on what might be causing the issue and how to fix it?