search

tiredofit / docker-lemonldap

Dockerized authentication server with Single Sign On SAML, OpenID Connect, CAS, and Header support
MIT License
45 stars 10 forks source link

Apache:Session module failed #21

Open tomflenner opened 3 years ago

tomflenner commented 3 years ago

Summary

After fresh install on 2.0-latest or 2.0-alpine-latest cant connect to dwho/dwho demonstration

Steps to reproduce

Just install fresh docker container and try to connect to demonstration's user dwho/dwho

What is the expected correct behavior?

Get logged in

Relevant logs and/or screenshots

image

Environment

Image version / tag: tiredofit/lemonldap:2.0-alpine-latest or tiredofit/lemonldap:2.0-latest Host OS: Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux

Any logs | docker-compose.yml 
version: '2'

services:
  lemonldap-app:
    image: tiredofit/lemonldap:2.0-alpine-latest
    container_name: lemonldap-app
    volumes:
    - ./data/etc/lemonldap-ng:/etc/lemonldap-ng
    - ./data/var/lib/lemonldap-ng/conf:/var/lib/lemonldap-ng/conf
    - ./data/var/lib/lemonldap-ng/sessions:/var/lib/lemonldap-ng/sessions
    - ./data/var/lib/lemonldap-ng/psessions:/var/lib/lemonldap-ng/psessions
    - ./logs:/www/logs
    #- ./assets/custom:/assets/custom
    environment:
    - VIRTUAL_HOST=sso.m1miaa.fr,manager.sso.m1miaa.fr,handler.sso.m1miaa.fr
    - VIRTUAL_NETWORK=nginx-proxy
    - VIRTUAL_PORT=80
    - LETSENCRYPT_HOST=sso.m1miaa.fr,manager.sso.m1miaa.fr,handler.sso.m1miaa.fr
    - LETSENCRYPT_EMAIL=letsencrypt@m1miaa.fr

    - ZABBIX_HOSTNAME=lemonldap-app

    - DOMAIN_NAME=m1miaa.fr
    - API_HOSTNAME=api.manager.sso.m1miaa.fr
    - MANAGER_HOSTNAME=manager.sso.m1miaa.fr
    - PORTAL_HOSTNAME=sso.m1miaa.fr
    - HANDLER_HOSTNAME=handler.sso.m1miaa.fr
    networks:
      - proxy-tier
    cap_add:
      - NET_ADMIN
    privileged: true
    restart: always

networks:
  proxy-tier:
    external:
      name: nginx-proxy
lemonldap-app    | [Thu May 13 23:49:10 2021] [LLNG:1219] [error] Session cannot be tied: Could not open file (/var/lib/lemonldap-ng/sessions/lock//Apache-Session-87ead0f92c763915baecba325303aa6e.lock) for writing: No such file or directory at /usr/share/perl5/vendor_perl/Apache/Session/Lock/File.pm line 75.

Possible fixes

Dont find anything, the Apache::Session is present on the container.

I found this after quick search : https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1421 but not seems to be the solution

EDIT:

After deep search, it seems to be an error due to the missing folder "lock" under "/var/lib/lemonldap-ng/sessions/" with rights on llng user/group

Maybe check for "lock" under "/var/lib/lemonldap-ng/psessions/" too

Tell me if im right or not ! 👯

tiredofit commented 3 years ago

You are right. Interesting how that surfaced, this came up years ago. Will look into and re add the check to force the lock folder to be built.

tiredofit commented 3 years ago

OK, I see how it snuck back in. Building tiredofit/lemonldap:2.0.3 is building and should be on DockerHub shortly.

radokristof commented 1 year ago

@tiredofit I'm having the same issue on 2.0.51

radokristof commented 1 year ago

Fixed it by removing sessions and pgsessions from volume mapping

tiredofit commented 1 year ago

Best to map /var/lib/lemonldap, if you absolutely have to create seperate mappings, then ensure that your folders are owned by llng or 2884 and make sure you have a lock directory in each of them.