search

linuxserver / docker-kimai

GNU General Public License v3.0
8 stars 2 forks source link

LDAP auth is not working #8

Closed Elbullazul closed 3 months ago

Elbullazul commented 6 months ago

Is there an existing issue for this?

Current Behavior

Based on Kimai's documentation, adding a local.yaml with the appropriate LDAP settings should allow users to authenticate with their LDAP credentials.

Since this container's mappings are different than kimai's official container, I tried adding the local.yaml to /app/www/config/packages, but it does not do anything, and no related messages are found in the logs.

Expected Behavior

LDAP auth should work.

Steps To Reproduce

Follow kimai's guide to enable LDAP auth: https://www.kimai.org/documentation/ldap.html

Environment

- OS: Debian 12
- How docker service was installed: Docker's official instructions

CPU architecture

x86-64

Docker creation

version: '3.9'

services:
  kimai:
    #image: kimai/kimai2:prod
    image: lscr.io/linuxserver/kimai:latest
    container_name: kimai
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=$TIMEZONE
      - DATABASE_URL=mysql://${DB_USER}:${DB_PASSWORD}@kimai-db/${DB_NAME}?charset=utf8&serverVersion=$DB_VER
      # fixes 'bad CLRF token' error
      - TRUSTED_HOSTS=*  #swag,localhost,127.0.0.1
      # from kimai's compose documentation
      - APP_ENV=prod
      - APP_SECRET=$JWT
    volumes:
      - $BINDS/kimai/data:/config
      - $BINDS/kimai/config/local.yaml:/app/www/config/packages/local.yaml:ro
    restart: unless-stopped
    depends_on:
      - kimai-db
    networks:
      - backend
      - kimai

  kimai-db:
    image: linuxserver/mariadb:latest
    container_name: kimai-db
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=$TIMEZONE
      - MYSQL_DATABASE=${DB_NAME}
      - MYSQL_USER=${DB_USER}
      - MYSQL_PASSWORD=${DB_PASSWORD}
      - MYSQL_ROOT_PASSWORD=${ROOT_PASSWORD}
    volumes:
      - $BINDS/kimai/mariadb:/config
    healthcheck:
      test: mysqladmin -p$$MYSQL_ROOT_PASSWORD ping -h localhost
      interval: 20s
      start_period: 10s
      timeout: 10s
      retries: 3
    restart: unless-stopped
    networks:
      - backend

networks:
  backend_kimai:
  kimai:

Container logs

[migrations] started
[migrations] 01-nginx-site-confs-default: executing...
[migrations] 01-nginx-site-confs-default: succeeded
[migrations] done
───────────────────────────────────────
      ██╗     ███████╗██╗ ██████╗ 
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝ 
   Brought to you by linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
Kimai: https://www.kimai.org/donate/
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID:    1000
User GID:    1000
───────────────────────────────────────
Setting resolver to  127.0.0.11
Setting worker_processes to 6
generating self-signed keys in /config/keys, you can replace these with your own keys if required
...........+..+...+.+.....+....+...........+....+......+........+...+.........+.+...+++++++++++++++++++++++++++++++++++++++*..+....+...+.....+++++++++++++++++++++++++++++++++++++++*..+..+.+............+...+..+...+...............+.+.....+.+.....+.......++++++
.....+.+........+.+......+...........+++++++++++++++++++++++++++++++++++++++*....+...+...+....+...+........+++++++++++++++++++++++++++++++++++++++*.+..........+.....+.......+......++++++
-----
Waiting for DB to be available
Kimai installation running ...
==============================
Database `kmdb` for connection named default already exists. Skipped.
[notice] Migrating up to DoctrineMigrations\Version20231130000719
[notice] finished in 3819.3ms, used 88.5M memory, 66 migrations executed, 243 sql queries
 [OK] Successfully migrated to version: DoctrineMigrations\Version20231130000719
 Rebuilding your cache, please be patient ...
 // Clearing the cache for the prod environment with debug false                
 [OK] Cache for the "prod" environment (debug=false) was successfully cleared.  
 // Warming up the cache for the prod environment with debug false              
 [OK] Cache for the "prod" environment (debug=false) was successfully warmed.   
 [OK] Congratulations! Successfully installed Kimai version 2.7.0               
Kimai updates running ...
=========================
 [OK] Already at the latest version ("DoctrineMigrations\Version20231130000719")
 Rebuilding your cache, please be patient ...
 // Clearing the cache for the prod environment with debug false                
 [OK] Cache for the "prod" environment (debug=false) was successfully cleared.  
 // Warming up the cache for the prod environment with debug false              
 [OK] Cache for the "prod" environment (debug=false) was successfully warmed.   
 [OK] Congratulations! Successfully updated Kimai to version 2.7.0              
[custom-init] No custom files found, skipping...
[ls.io-init] done.
drizuid commented 6 months ago

We found the issue and will work on a PR to resolve this. Sorry for the inconvenience.

drizuid commented 6 months ago

hi, can you please test with lspipepr/kimai:2.7.0-pkg-50d3f1f3-dev-fcbf5317184ca7c7df263ed16d787b9eb41d932f-pr-9 (just change your image to this) and let me know if this resolves the issue

drizuid commented 6 months ago

hold off, i typo'd :)

drizuid commented 6 months ago

k, sorry, it's ready now lspipepr/kimai:2.7.0-pkg-50d3f1f3-dev-604418a6d23a40cb2156a2736f73f084d5569b33-pr-9

Elbullazul commented 6 months ago

it does make the file editable, thanks!

unfortunately, LDAP auth doesn't actually work. On login, I see 'invalid credentials': image

and no LDAP queries reached my lldap server. It seems like kimai isn't actually sending requests, even though it loads the local.yaml. I tried setting APP_ENV=dev, but didn't find anything that could help solve this error.

drizuid commented 6 months ago

unfortunately, no one on the team is using ldap or sso or anything similar. I suspect there is a necessary package missing to support this, but we would need end-user assistance to determine what is missing.

sajtiii commented 4 months ago

Hello, I recently came across the same problem as you, and found out, that the required composer package (laminas/laminas-ldap) mentioned in the documentation (https://www.kimai.org/documentation/ldap.html) isn't installed inside the container, as the Dockerfile did not contain it.

To install it, you could easily just run the following command: COMPOSER_MEMORY_LIMIT=-1 php -d memory_limit=-1 /usr/bin/composer require laminas/laminas-ldap -d /app/www/ --optimize-autoloader --no-interaction (The package also needs the php-ldap extension, but it is already installed inside the container.)