search

downtownallday / mailinabox-ldap

This is a version of Mail-in-a-Box with LDAP used as the user account database instead of sqlite allowing the use of a remote Nextcloud.
Other
7 stars 4 forks source link

Fresh Install | Error on Install #33

Closed writeDavid closed 4 months ago

writeDavid commented 4 months ago

This is the output during the install

Installing nsd (DNS server)... Installing OpenLDAP server... awk: not an option: -e setup/start.sh failed

Command I used to start the install:

curl -s https://raw.githubusercontent.com/downtownallday/mailinabox-ldap/master/setup/bootstrap.sh | sudo ENCRYPTION_AT_REST=true REMOTE_NEXTCLOUD=true bash

downtownallday commented 4 months ago

What does update-alternatives --display awk show?

writeDavid commented 4 months ago

I resolved by installing gawk (mawk was set to default).

Also, it appears you already have my previously requested feature implemented? Your questions during the setup refer to a server that the remote nextcloud queries for LDAP? I'm not sure, but I put my OpenLDAP Server as that IP Address. I'm not sure where to go from here.

I would be willing to assist with the coding requirements to stand that feature up in this repo. Essentially, the MiaB Server would connect directly to the OpenLDAP Server for ldaps queries, and connect to the remote nextcloud to store CardDav CalDav info. I think having MiaB act as the main place to create accounts (and not on the OpenLDAP Server or the nextcloud server) is a great idea that I wouldn't want to change.

I do want to add functionality to the GUI to at least show currently configured settings. I'll keep playing around with it.

downtownallday commented 4 months ago

I think you may be asking about the setup question "your Nextcloud's source IP address for ldap queries". This is the IP address that the MiaB host sees when the remote Nextcloud issues an LDAP query. It's there primarily for a Docker setup where the remote Nextcloud is at 127.0.0.1 (outbound), but LDAP queries come from the Docker-assigned network interface (inbound). Normally, you'd leave this blank for a "real" remote Nextcloud. By entering an IP address here, an extra 'ufw' firewall rule is added to allow LDAPS queries.

Regarding adding support for a remote LDAP service: As you know, LDAP servers are hard to work with due to their schema inflexibility, complicated tools, impossible to read wire protocol based on ASN.1, etc. This makes it very hard to debug problems and fix things. LDAP was created from X.500, an old Digital Equipment standard and they're both very rigid.

Supporting anything other than a dedicated OpenLDAP server would require a lot of work and testing (ie. supporting something like Active Directory would be too hard or even an OpenLDAP with an existing schema) and if there's a dedicated OpenLDAP, why not just run it on MiaB - it doesn't require a lot of resources.

writeDavid commented 4 months ago

That is very true. Consider the matter settled! Thanks for the assistance!