leenooks / phpLDAPadmin

phpLDAPadmin - Web based LDAP administration tool
www.phpldapadmin.org
GNU General Public License v2.0
536 stars 171 forks source link

phpLDAPadmin and my SLAPD (SAMBA4 DC Ldap, Windows Server 2019 ) not working - no data instead of ldap data tree #272

Open guega2GitHub opened 3 months ago

guega2GitHub commented 3 months ago

I have a Debian Host (as XEN Dom0) running Windows Server 2019 SAMBA 4.20 Slapd 2.5.18 (Openldap) ldapsearch works fine on all of them, including Administrator bind

--- Issue 1 docker pull

https://hub.docker.com/r/leenooks/phpldapadmin: docker pull leenooks/phpldapadmin --> gives error no manifest Under Tags: docker pull leenooks/phpldapadmin:2.0.0-dev --> works run docker run -it --rm leenooks/phpldapadmin:2.0.0-dev ./artisan key:generate --show --> works except APP_KEY was created but obviously not used --> I permanently got a missing APP_KEY exception Eventually I put an -e APP_KEY ins the docker run string like this docker run ... -e APP_KEY='base64:tcQT5EwBa/e0Q5XhvAcn7P1m2vSsb5WuelEJ0tNGqG0=' ... Then it worked.

--- Issue 2 no BASE_DN

In the running image I first tried to edit the .env file APP_URL='http://pla1.intern.example.com:8000' (works in a browser) APP_TIMEZONE='Europe/Berlin' LDAP_NAME='PLA1SLAPD' LDAP_HOST='pla1.intern.example.com' LDAP_PORT=1389 LDAP_USERNAME='cn=admin,dc=intern,dc=example,dc=com' <-- I guess this is the binddn? LDAP_PASSWORD='xxxxxx' <-- I guess this is the bindpass? LDAP_LOGIN_ATTR='mail' (or uid or samaccountname etc) LDAP_LOGIN_OBJECTCLASS='user,person,posixAccount,organizationalPerson' LDAP_BASE_DN='o=mail,dc=intern,dc=example,dc=com' <-- gets ignored?

These values took me to a login-page, where every combination of userid/pass yielded a non instructive whoops messages or a php exception

Then I added all these ENV variables to the docker run statement via -e which brought me at least to the expected PLA-startpage

But my SLAPD server (as well as SAMBA4 WindowsServer2019) showed up with "do-data" there. Clicking the no-data entry yields a php-exception:

THE PAYLOAD IS INVALID public function dn_frame(Request $request) { $dn = Crypt::decryptString($request->post('key')); <-- This is highlighted $page_actions = collect(['edit'=>TRUE,'copy'=>TRUE]); return view('frames.dn') ->with('o',config('server')->fetch($dn))

Digging deeper I found out that there is no BASE_DN value available. The function Server::baseDNs() calls rootDSE() The latter throws en exception (invalid credentials) Helas, ldapsearch doesn't think so, At least the credentials in the ENV are correct.

The link "Server-Info" on the PLA-startpage works but entryDN is empty If I try to use the login-link in the top level menu I get the Whoops message: my (otherwise working) credentials are not working

--- Issue 3 More trouble: The "connection" variable seems to be null.

What is the difference between the values in the ldap.php file: connections end the ENV? Precedence?

It tried the (old) phpLDAPadmin configuration method via config.php. Using the (old) phpLDAPadmin config.php leads to a sudden death of this app. These files should be removed alltogether if this is no longer the expected way to configure this app.

Then I put this in the ldap.php file: 'default' => env('LDAP_CONNECTION','PLA1SLAPD'), 'connections' => [ 'PLA1SLAPD' => [ 'hosts' => [env('LDAP_HOST', 'pla1.example.com')], 'username' => env('LDAP_USERNAME','cn=admin,dc=intern,dc=example,dc=com'), 'password' => env('LDAP_PASSWORD','xxxxxxxx), 'port' => env('LDAP_PORT', 1389), 'base_dn' => env('LDAP_BASE_DN', 'o=mail,dc=intern,dc=example,dc=com'), 'timeout' => env('LDAP_TIMEOUT',10), 'use_ssl' => env('LDAP_SSL', false), 'use_tls' => env('LDAP_TLS', false), 'name' => env('LDAP_NAME','SLAPD LDAP Server'), ], ], I made this file reboot-survivable by creating a docker -v link Are these values used? My PLA-startpage does not bother.

--- issue 4 php.ini

Is the php.ini in /usr/local/php used? I randomly get PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 1310720 bytes) in /var/www/html/vendor/laravel/framework/src/Illuminate/Cache/FileStore.php on line 310 memory size is currently 1024m

-- issue 5 https und nginxs ports

No nginx https config in the image available, I will use my own. I use a port redirect in docker run like -p 8000:80 since the port 80 is already used on the host. Could this lead to any problems (I guess not).

--- Help needed.

I would try to help but this php laravel framework is beyond decipherable. I wasn't able to find the code, where $connection, $user, LDAP account validation are populated or executed.
At least it would be helpful if the docker log verbosity could be increased.

sdousley commented 3 months ago

I'm also getting the issue with memory limits - when using master, or the 2.0.0-dev docker container.

For now, I have reverted to using v1.2.6.7, which doesn't appear to have the memory limit issue.