Mailstorm-ctrl
commented
11 months ago Just as an update: I'm making progress. First, I never realized my server didn't have a DNS server set. Setting that allowed the worker to download and deploy the LDAP outpost. ss -tnlp now shows the proper ports as listening but ldap still not working.
The worker shows an unhealthy status but checking the docker status shows no errors. The LDAP Outpost health is shown as not available.
When running containers in foreground there are repeated errors about a bad TLS certificate for the embedded proxy service account. Seems like nothing I do will make it go away.
EDIT:
Ended up just deleting everything and starting from scratch hoping a fresh start could fix it. Nope. ldap port is open and responds but when using something like ldapsearch...you get ldap_result: Can't contact LDAP server (-1)
So something is funky with authentik
What this is coming down to is a trust issue with certificates. I'm not exactly sure what the difference is but for some reason, the ldap docker image is being verify precise about TLS. Starting fresh, I get warnings that
*does not matchauth.my.domainTLS failure. Creating a self-signed certificate withauth.my.domainresults in "common name is legacy. TLS failure". Creating a self-signed certificate withauth.my.domainresults in "Self-signed certificate cannot trust. TLS failure". Uploading a valid Let's Encrypt certificate results in "CA not trusted. TLS failure"I'm going to leave this up as I believe this may be an issue with my host system rather than the docker image.Extracted /etc/ssl/certs/ca-certificates.crt from the ldap outpost container. Lets Encrypt is NOT listed. So yeah...that's probably the issue I'm facing at least.Old bug report
**Describe the bug** When using the docker image, LDAP is not listening/functional **To Reproduce** Spin up an authentik container, see ldap isn't listening. Optionally try and configure an ldap app and watch it fail to work since the ldap service is unreachable **Expected behavior** ldap to be working **Screenshots**  **Logs** The only error I get is when I run docker compose up in the foreground. I get the error: `Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mount "/var/run/docker.sock" to rootfs at "/var/run/docker/sock": mount /var/run/docker.sock:/var/run/docker.sock (via /proc/self/fd6), flags: 0x500: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)` However this is because of me running rootless which I solved by changing where to look for the socket service. But I do see the state of the local docker connection is Unhealty but can't find much more information about what exactly is unhealthy about it. Additionally, checking the status of the docker daemon shows a bunch of resolver errors about timing out to 10.0.2.3 **Version and Deployment (please complete the following information):** - authentik version: 2023.8.3 - Deployment: Docker Compose **Additional context** Running Rocky Linux 9 and running docker in rootless mode.