search

milux / ctldap

LDAP Wrapper for ChurchTools
GNU General Public License v3.0
12 stars 8 forks source link

Trouble running container on Synology #50

Closed smehrbrodt closed 5 months ago

smehrbrodt commented 6 months ago

Trying to run this on Synology DSM with Container Manager.

Built the image, ran with the following .env (replaced some stuff with <var>):

DEBUG=true
TRACE=true
# This is required for clients using lowercase DNs, e.g. ownCloud/nextCloud
IS_DN_LOWER_CASE=true
# This is required for clients that need lowercase email addresses, e.g. Seafile
IS_EMAIL_LOWER_CASE=true

# LDAP admin user, can be a "virtual" root user or a ChurchTools username (virtual root is recommended!)
LDAP_USER=root
# The static password to be used for the virtual ldapUser, i.e. if that one is NOT a CT account.
# Ideally, choose a LONG SECURE RANDOM password from a password generator like KeePass and hash it with argon2!
LDAP_PW=<ldap_pw>
# LDAP base DN, "o=<xxx>", e.g. "o=churchtools"
LDAP_BASE_DN="o=churchtools"

# LDAP server ip to listen on, change it to 0.0.0.0 when external access required
LDAP_IP=0.0.0.0
# LDAP server port, you may change this to the privileged default port 389.
LDAP_PORT=1389

# The URI pointing to the root of your ChurchTools installation
CT_URI=https://<ct_base>.church.tools
# This access token is used to authenticate against ChurchTools for API access.
# The backing user must be granted sufficient rights for the wrapper to work properly! Typically, these are:
# churchdb:{ view | view alldata(-1) | view grouptype(-1) | security level person(1,2*) | security level group(1*) }
# * = additional security levels might be required, depending on your ChurchTools settings.
# IMPORTANT: It is strongly recommended to use a LONG SECURE RANDOM password from a generator like KeePass for this user!
# You can obtain the API token from the API:
# - Login via https://your.ct.domain/api > "General" > "login" (copy your "personId" from the shown output!)
# - Get your token via "Person" > "/persons/{personId}/logintoken"
API_TOKEN="<my_personal_token>"

# This controls (in milliseconds) how old the user/group data can be until it is fetched from ChurchTools again
CACHE_LIFETIME_MS=300000

When I try to connect with

ldapsearch -H ldap://<synology>:1389 -x -w "<ldap_pw>" -D cn=root,ou=users,o=<ct_base> -b o=<ct_base>

I get: ldap_bind: No such object (32)

docker log shows: 

2024/03/06 13:32:13 stdout  2024-03-06T12:32:13.321Z [DEBUG] root logger - ChurchTools-LDAP-Wrapper listening @ ldap://0.0.0.0:1389
2024/03/06 13:32:13 stdout  2024-03-06T12:32:13.312Z [DEBUG] root logger - Debug mode enabled, expect lots of output!

Not sure I got the users/pw all right.

milux commented 5 months ago

Please turn on debug mode, for starters. :wink:

smehrbrodt commented 5 months ago

Found the problem, had the wrong API_TOKEN.

Debug mode was already enabled ;)

milux commented 5 months ago

Found the problem, had the wrong API_TOKEN.

Debug mode was already enabled ;)

Didn't look so, no typical output indicating any action. :wink: But great you sorted it yourself. :)