LDAPs issue with wekan 3.65

[mqu]

hello,

I am having troubles with OpenLDAP, using SSL, with Wekan, in a dockerised configuration.

• LDAP connexions are working fine with wekan<=3.64
• LDAP connexions are having timeout with wekan 3.65

exactly same configuration (docker-compose.yml) is working fine with wekan<=3.64 but issuing a connexion timeout with LDAPS.

Here is logs from 3.64 and 3.65.

docker-compose.yml

version: '2'

services:
  wekandb:
    image: mongo:3.2.21
    restart: always
    command: mongod --smallfiles --oplogSize 128
    networks:
      - wekan-tier
    expose:
      - 27017

  wekan:
    # issue with LDAP/SSL with v3.65
    image: wekanteam/wekan:v3.64
    restart: always
    networks:
      - wekan-tier
    ports:
      - 8901:8080
    environment:
      - MONGO_URL=mongodb://wekandb:27017/wekan
      - ROOT_URL=https://wekan.<MY-DOMAIN>/
      - WITH_API=true
      - DEBUG=true

      - MAIL_URL=smtp://smtp.<MY-DOMAIN>:25/?ignoreTLS=true&tls={rejectUnauthorized:true}
      - MAIL_FROM=Wekan-ASAP<no-reply-wekan@asap.<MY-DOMAIN>>
      - DEFAULT_AUTHENTICATION_METHOD=ldap
      - LDAP_ENABLE=true
      - LDAP_HOST=ldap.<MY-DOMAIN>
      - LDAP_PORT=636
      - LDAP_ENCRYPTION=ssl
      - LDAP_BASEDN=<DN>
      - LDAP_LOGIN_FALLBACK=true
      - LDAP_AUTHENTIFICATION=true
      - LDAP_AUTHENTIFICATION_USERDN=<CN>
      - LDAP_AUTHENTIFICATION_PASSWORD=<PASSWD>
      - LDAP_LOG_ENABLED=true
      - LDAP_BACKGROUND_SYNC=false
      - LDAP_REJECT_UNAUTHORIZED=false
      - LDAP_USER_AUTHENTICATION_FIELD=uid
      - LDAP_USER_SEARCH_FILTER=(&(objectclass=<CUSTOM-CLASS>))
      - LDAP_USER_SEARCH_SCOPE=sub
      - LDAP_USER_SEARCH_FIELD=uid
      - LDAP_RECONNECT=true
      - LDAP_FULLNAME_FIELD=cn
      - LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}

networks:
  wekan-tier:
    driver: bridge

logs from wekan :

wekan 3.64 : OK
wekan_1    | [INFO] Init LDAP login "ldap.user"
wekan_1    | [WARN] Lookup for unset variable: INTERNAL_LOG_LEVEL 
wekan_1    | [WARN] Lookup for unset variable: LDAP_USER_ATTRIBUTES 
wekan_1    | [INFO] Init setup 
wekan_1    | [INFO] Connecting "ldaps://ldap.<MY-DOMAIN>:636"
wekan_1    | [DEBUG] connectionOptions{ url: 'ldaps://ldapd.<MY-DOMAIN>:636',
wekan_1    |   timeout: 10000,
wekan_1    |   connectTimeout: 10000,
wekan_1    |   idleTimeout: 10000,
wekan_1    |   reconnect: true,
wekan_1    |   log: 
wekan_1    |    Logger {
wekan_1    |      domain: null,
wekan_1    |      _events: {},
wekan_1    |      _eventsCount: 0,
wekan_1    |      _maxListeners: undefined,
wekan_1    |      _level: 30,
wekan_1    |      streams: [ [Object] ],
wekan_1    |      serializers: null,
wekan_1    |      src: false,
wekan_1    |      fields: 
wekan_1    |       { name: 'ldapjs',
wekan_1    |         component: 'client',
wekan_1    |         hostname: 'dcb023c844ab',
wekan_1    |         pid: 1 } },
wekan_1    |   tlsOptions: { rejectUnauthorized: false } } 
wekan_1    | [INFO] LDAP connected 
wekan_1    | [INFO] Binding UserDN "sn=<CN>"
wekan_1    | [INFO] Searching user "ldap.user"
wekan_1    | [DEBUG] searchOptions {
wekan_1    |   "filter": "(&(&(objectclass=<CUSTOM-CLASS>))(uid=<CN>))",
wekan_1    |   "scope": "sub",
wekan_1    |   "sizeLimit": 0
wekan_1    | }
wekan_1    | [DEBUG] BaseDN "sn=internes_si,dc=<MY-DOMAIN>"
wekan_1    | [INFO] Search result count 1
wekan_1    | [INFO] Authenticating "uidNumber=26566,...,dc=<MY-DOMAIN>"
wekan_1    | [INFO] Authenticated "uidNumber=26566,...,dc=<MY-DOMAIN>"
wekan_1    | [DEBUG] Identifying user with: uid 
wekan_1    | [INFO] Querying user 
wekan_1    | [DEBUG] userQuery {
wekan_1    |   "services.ldap.id": "...."
wekan_1    | }
wekan_1    | [INFO] Logging user 
wekan_1    | [INFO] Syncing user data 
wekan_1    | [DEBUG] user {
wekan_1    |   "_id": "...."
wekan_1    | }
wekan_1    | [DEBUG] fullname= "<CN>"
wekan_1    | [INFO] Syncing user fullname: "<CN>"

wekan 3.65 : KO
wekan_1    | [INFO] Init LDAP login "ldap.user"
wekan_1    | [WARN] Lookup for unset variable: INTERNAL_LOG_LEVEL 
wekan_1    | [WARN] Lookup for unset variable: LDAP_USER_ATTRIBUTES 
wekan_1    | [INFO] Init setup 
wekan_1    | [INFO] Connecting "ldaps://ldapd.<MY-DOMAIN>:636"
wekan_1    | [DEBUG] connectionOptions{
wekan_1    |   url: 'ldaps://ldapd.<MY-DOMAIN>:636',
wekan_1    |   timeout: 10000,
wekan_1    |   connectTimeout: 10000,
wekan_1    |   idleTimeout: 10000,
wekan_1    |   reconnect: true,
wekan_1    |   log: Logger {
wekan_1    |     _events: [Object: null prototype] {},
wekan_1    |     _eventsCount: 0,
wekan_1    |     _maxListeners: undefined,
wekan_1    |     _level: 30,
wekan_1    |     streams: [ [Object] ],
wekan_1    |     serializers: null,
wekan_1    |     src: false,
wekan_1    |     fields: {
wekan_1    |       name: 'ldapjs',
wekan_1    |       component: 'client',
wekan_1    |       hostname: '86308fe1991c',
wekan_1    |       pid: 1
wekan_1    |     }
wekan_1    |   },
wekan_1    |   tlsOptions: { rejectUnauthorized: false }
wekan_1    | } 
wekan_1    | [ERROR] connection time out 10000
wekan_1    | [ERROR] Error: Timeout 
wekan_1    | [INFO] Fallback to default account system:  {
wekan_1    |   "username": "<ldap.user>"
wekan_1    | }
wekan_1    | [DEBUG] Fallback options:  {
wekan_1    |   "user": {
wekan_1    |     "username": "<ldap.user>"
wekan_1    |   },
wekan_1    |   "password": {
wekan_1    |     "digest": "....",
wekan_1    |     "algorithm": "sha-256"
wekan_1    |   }
wekan_1    | }

[xet7]

Did you check your settings with this? https://github.com/wekan/wekan/wiki/LDAP

[xet7]

Newest Wekan is v3.70. Old versions are not supported.

[mqu]

same error with 3.71 (https://hub.docker.com/r/wekanteam/wekan/tags) ;

• my settings are OK with wekan<3.65 ;
• Yes I read many (all) the documentations about setting Wekan and LDAP.

[mqu]

working as expected with wekan 3.83 ; this issue can be closed.

[mqu]

this issue can be closed.