Ldaps not working with seafile 7.0.5 64-bit, on centos 8.2

haiwen / seafile

High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.

http://seafile.com/

Other

12.26k stars 1.54k forks source link

Ldaps not working with seafile 7.0.5 64-bit, on centos 8.2 #2386

Closed am4nu closed 1 year ago

am4nu commented 3 years ago

ccnet config This works HOST = ldap://ad.hostname.ca BASE=DC=ad,DC=hostname,DC=ca USER_DN=OHDP_seafile_svc@ad.hostname.ca PASSWORD= LOGIN_ATTR=userPrincipalName FILTER = objectClass=User USE_PAGED_RESULT = true FOLLOW_REFERRALS = false

With ldaps it doesn't, but it works with ldap. I have moved libnssutil3.so outside as mentioned in the documentation.

ccnet.log say ldap_bind failed with wrong username and password, but clearly the credential are fine as it works with ldap.

Ldap search with ssl cert config added works and can fetch all users with simple bind. The following is the cert config in the ldap-client config on the centos8.2 server. /etc/openldap/ldap.conf

SASL_NOCANON on

TLS_REQCERT demand TLS_CACERT /etc/ssl/certs/ca-bundle.crt

any help will be deeply appreciated

so, this works --> ldapsearch -x -b "DC=ad,DC=queensu,DC=ca" -H ldaps://host -D "OHDP_seafile_svc@host" -W with the above client config

feiniks commented 3 years ago

Hello, can you paste the specific ccnet logs here?

am4nu commented 3 years ago

` [10/27/20 16:03:42] user-mgr.c(300): ldap_bind failed for user OHDP_seafile_svc@ad.amaan.ca: Can't contact LDAP server. [10/27/20 16:03:42] user-mgr.c(385): Please check USER_DN and PASSWORD settings. [10/27/20 16:03:42] user-mgr.c(300): ldap_bind failed for user OHDP_seafile_svc@ad.amaan.ca: Can't contact LDAP server. [10/27/20 16:03:42] user-mgr.c(385): Please check USER_DN and PASSWORD settings. [10/27/20 16:04:10] ../common/session.c(369): Exit at Tue Oct 27 16:04:10 2020

feiniks commented 3 years ago

Hello, this may be a problem in the centos 8.2 system. We don't test our seafile's ldaps on centos8, so it may not be supported. We recommend that you use docker to deploy the seafile to avoid such problems.The document is here. https://download.seafile.com/published/seafile-manual/docker/deploy%20seafile%20with%20docker.md

dani commented 3 years ago

On CentOS 8, you need to remove the libs liblber-2.4.so.2 libldap-2.4.so.2 libsasl2.so.3 from seafile-server/seafile/lib/ dir for LDAPS to work

oyxnaut commented 3 years ago

I have exactly the same issue, but with Seafile 8.0.7 on Ubuntu 20.04. Using Host = ldap:// in ccnet.conf works, but ldaps:// does not. If I follow the instructions here, I get this error in the browser:

Page unavailable
Sorry, but the requested page is unavailable due to a server hiccup.

Our engineers have been notified, so check back later.

I also tried the CentOS 6 specific instruction mv libnssutil3.so disabled_libs_use_local_ones_instead/, without success. Any combination of moving the mentioned libraries out of the library search path result in the above error.

killing commented 1 year ago

You should change to docker. CentOS is no longer supported.

oyxnaut commented 1 year ago

Is this fixed for Ubuntu 20.04+?