Login throws error

[Abhishek-Srivastava]

When I try logging from the UI, I get this:

I have helmfied the stuff and PR can be reviewed here: https://github.com/wheelybird/ldap-user-manager/pull/17

Warning: ldap_search(): Search: No such object in /opt/ldap_user_manager/includes/ldap_functions.inc.php on line 275

Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in /opt/ldap_user_manager/includes/ldap_functions.inc.php on line 276

Warning: preg_grep() expects parameter 2 to be array, null given in /opt/ldap_user_manager/includes/ldap_functions.inc.php on line 282

Warning: Cannot modify header information - headers already sent by (output started at /opt/ldap_user_manager/includes/ldap_functions.inc.php:275) in /opt/ldap_user_manager/log_in/index.php on line 27

[wheelybird]

This is weird. It suggests that the LDAP variables aren't set as they ought to be - something odd is being passed in. For example, the preg_replace is looking for group_membership_attribute, set by LDAP_GROUP_MEMBERSHIP_ATTRIBUTE. That defaults to uniqueid, so whatever Helm is setting via value: {{ .Values.ldap.groupMemAttr | quote }} is incorrect. I'm not familiar with Helm. Is it possibly setting literal quotation marks (https://github.com/wheelybird/ldap-user-manager/pull/17/files#diff-63753c90b8a0d8169378bf72c1d63884R43)? Either way, it's not passing what it ought to.

[Abhishek-Srivastava]

This is weird. It suggests that the LDAP variables aren't set as they ought to be - something odd is being passed in. For example, the preg_replace is looking for group_membership_attribute, set by LDAP_GROUP_MEMBERSHIP_ATTRIBUTE. That defaults to uniqueid, so whatever Helm is setting via value: {{ .Values.ldap.groupMemAttr | quote }} is incorrect. I'm not familiar with Helm. Is it possibly setting literal quotation marks (https://github.com/wheelybird/ldap-user-manager/pull/17/files#diff-63753c90b8a0d8169378bf72c1d63884R43)? Either way, it's not passing what it ought to.

Thanks for looking into this. However when I run just the docker as specified in the docs: I get the exact same error: Warning: ldap_search(): Search: No such object in /opt/ldap_user_manager/includes/ldap_functions.inc.php on line 275

Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in /opt/ldap_user_manager/includes/ldap_functions.inc.php on line 276

Warning: preg_grep() expects parameter 2 to be array, null given in /opt/ldap_user_manager/includes/ldap_functions.inc.php on line 282

Warning: Cannot modify header information - headers already sent by (output started at /opt/ldap_user_manager/includes/ldap_functions.inc.php:275) in /opt/ldap_user_manager/log_in/index.php on line 27

And in the logs I see: [Mon May 04 14:13:13.173035 2020] [:error] [pid 28] [client 172.17.0.1:45780] 2020-05-04 14:13:13 - LDAP manager - - Failed to start STARTTLS connection to ldap://172.18.105.11:389, referer: https://localhost:557/log_in/ example.com:443 172.17.0.1 - - [04/May/2020:14:13:13 +0000] "POST /log_in/ HTTP/1.1" 200 613 "https://localhost:557/log_in/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63"

[wheelybird]

I don't get that behaviour when using the README example. Please try using wheelybird/ldap-user-manager:debug. This is modified to dump all the PHP variables on each page load (obviously this will dump any passwords). The LDAP settings are stored as an array called LDAP - you can find that array in the output and check that the settings you're passing to the container are indeed getting set.

[Abhishek-Srivastava]

I tried running with the debug image:

Mon May 04 16:42:21.100153 2020] [:error] [pid 26] [client 172.17.0.1:47126] 2020-05-04 16:42:21 - LDAP manager -  -  Settings: Array(    [LOGIN_TIMEOUT_MINS] => 10    [VALIDATED] =>     [IS_ADMIN] =>     [IS_SETUP_ADMIN] =>     [ACCESS_LEVEL_NAME] => Array        (            [0] => account            [1] => admin        )    [CURRENT_PAGE] => /index.php    [SENT_HEADERS] =>     [paths] => Array        (            [0] =>             [1] => opt            [2] => ldap_user_manager        )    [THIS_MODULE_PATH] => ldap_user_manager    [GOOD_ICON] => ☑    [WARN_ICON] => ⚠    [FAIL_ICON] => ⛔    [MODULES] => Array        (            [log_in] => hidden_on_login            [change_password] => auth            [account_manager] => admin            [log_out] => auth        )    [LDAP] => Array        (            [uri] => ldap://172.18.105.11:389            [base_dn] => dc=example,dc=org            [admins_group] => admins            [admin_bind_dn] => cn=admin,dc=example,dc=org            [admin_bind_pwd] => admin            [group_ou] => groups            [user_ou] => people            [group_membership_attribute] => uniquemember            [group_membership_uses_uid] =>             [account_attribute] => uid            [require_starttls] =>             [group_dn] => ou=groups,dc=example,dc=org            [user_dn] => ou=people,dc=example,dc=org        )    [DEFAULT_USER_GROUP] => everybody    [DEFAULT_USER_SHELL] => /bin/bash    [EMAIL_DOMAIN] => example.org    [SITE_NAME] => LDAP user manager    [USERNAME_FORMAT] => {first_name}-{last_name}    [USERNAME_REGEX] => ^[a-z][a-zA-Z0-9\\._-]{3,32}$    [LDAP_DEBUG] =>     [SESSION_DEBUG] =>     [log_prefix] => 2020-05-04 16:42:21 - LDAP manager -  - )
lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:21 +0000] "GET / HTTP/1.1" 200 2228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63"
lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:21 +0000] "GET /favicon.ico HTTP/1.1" 404 530 "https://localhost:557/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63"
lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:22 +0000] "GET /log_in HTTP/1.1" 301 607 "https://localhost:557/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63"
[Mon May 04 16:42:22.622224 2020] [:error] [pid 26] [client 172.17.0.1:47126] 2020-05-04 16:42:22 - LDAP manager -  -  Settings: Array(    [LDAP] => Array        (            [uri] => ldap://172.18.105.11:389            [base_dn] => dc=example,dc=org            [admins_group] => admins            [admin_bind_dn] => cn=admin,dc=example,dc=org            [admin_bind_pwd] => admin            [group_ou] => groups            [user_ou] => people            [group_membership_attribute] => uniquemember            [group_membership_uses_uid] =>             [account_attribute] => uid            [require_starttls] =>             [group_dn] => ou=groups,dc=example,dc=org            [user_dn] => ou=people,dc=example,dc=org        )    [THIS_MODULE_PATH] => log_in    [VALIDATED] =>     [IS_ADMIN] =>     [IS_SETUP_ADMIN] =>     [ACCESS_LEVEL_NAME] => Array        (            [0] => account            [1] => admin        )    [CURRENT_PAGE] => /log_in/index.php    [SENT_HEADERS] =>     [paths] => Array        (            [0] =>             [1] => opt            [2] => ldap_user_manager            [3] => log_in        )    [GOOD_ICON] => ☑    [WARN_ICON] => ⚠    [FAIL_ICON] => ⛔    [MODULES] => Array        (            [log_in] => hidden_on_login            [change_password] => auth            [account_manager] => admin            [log_out] => auth        )    [DEFAULT_USER_GROUP] => everybody    [DEFAULT_USER_SHELL] => /bin/bash    [EMAIL_DOMAIN] => example.org    [LOGIN_TIMEOUT_MINS] => 10    [SITE_NAME] => LDAP user manager    [USERNAME_FORMAT] => {first_name}-{last_name}    [USERNAME_REGEX] => ^[a-z][a-zA-Z0-9\\._-]{3,32}$    [LDAP_DEBUG] =>     [SESSION_DEBUG] =>     [log_prefix] => 2020-05-04 16:42:22 - LDAP manager -  - ), referer: https://localhost:557/
lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:22 +0000] "GET /log_in/ HTTP/1.1" 200 954 "https://localhost:557/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63"
[Mon May 04 16:42:28.899887 2020] [:error] [pid 25] [client 172.17.0.1:47200] 2020-05-04 16:42:28 - LDAP manager -  -  Settings: Array(    [LDAP] => Array        (            [uri] => ldap://172.18.105.11:389            [base_dn] => dc=example,dc=org            [admins_group] => admins            [admin_bind_dn] => cn=admin,dc=example,dc=org            [admin_bind_pwd] => admin            [group_ou] => groups            [user_ou] => people            [group_membership_attribute] => uniquemember            [group_membership_uses_uid] =>             [account_attribute] => uid            [require_starttls] =>             [group_dn] => ou=groups,dc=example,dc=org            [user_dn] => ou=people,dc=example,dc=org        )    [THIS_MODULE_PATH] => log_in    [VALIDATED] =>     [IS_ADMIN] =>     [IS_SETUP_ADMIN] =>     [ACCESS_LEVEL_NAME] => Array        (            [0] => account            [1] => admin        )    [CURRENT_PAGE] => /log_in/index.php    [SENT_HEADERS] =>     [paths] => Array        (            [0] =>             [1] => opt            [2] => ldap_user_manager            [3] => log_in        )    [GOOD_ICON] => ☑    [WARN_ICON] => ⚠    [FAIL_ICON] => ⛔    [MODULES] => Array        (            [log_in] => hidden_on_login            [change_password] => auth            [account_manager] => admin            [log_out] => auth        )    [DEFAULT_USER_GROUP] => everybody    [DEFAULT_USER_SHELL] => /bin/bash    [EMAIL_DOMAIN] => example.org    [LOGIN_TIMEOUT_MINS] => 10    [SITE_NAME] => LDAP user manager    [USERNAME_FORMAT] => {first_name}-{last_name}    [USERNAME_REGEX] => ^[a-z][a-zA-Z0-9\\._-]{3,32}$    [LDAP_DEBUG] =>     [SESSION_DEBUG] =>     [log_prefix] => 2020-05-04 16:42:28 - LDAP manager -  - ), referer: https://localhost:557/log_in/
[Mon May 04 16:42:28.922297 2020] [:error] [pid 25] [client 172.17.0.1:47200] 2020-05-04 16:42:28 - LDAP manager -  -  Failed to start STARTTLS connection to ldap://172.18.105.11:389, referer: https://localhost:557/log_in/
lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:28 +0000] "POST /log_in/ HTTP/1.1" 200 767 "https://localhost:557/log_in/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63"

I dont have tls setup for my openldap. Is that making a difference. Because what I see is this even when StartTLS is FALSE: Failed to start STARTTLS connection to ldap://172.18.105.11:389, referer: https://localhost:557/log_in/

[wheelybird]

Could you try again with LDAP_DEBUG=TRUE and SESSION_DEBUG=TRUE, go to the setup page at /setup and send the logs along with the logs from the LDAP container?

On 4 May 2020 17:46:03 Abhishek Srivastava notifications@github.com wrote:

I tried running with the debug image: [``` Mon May 04 16:42:21.100153 2020] [:error] [pid 26] [client 172.17.0.1:47126] 2020-05-04 16:42:21 - LDAP manager - - Settings: Array( [LOGIN_TIMEOUT_MINS] => 10 [VALIDATED] => [IS_ADMIN] => [IS_SETUP_ADMIN] => [ACCESS_LEVEL_NAME] => Array ( [0] => account [1] => admin ) [CURRENT_PAGE] => /index.php [SENT_HEADERS] => [paths] => Array ( [0] => [1] => opt [2] => ldap_user_manager ) [THIS_MODULE_PATH] => ldap_user_manager [GOOD_ICON] => ☑ [WARN_ICON] => ⚠ [FAIL_ICON] => ⛔ [MODULES] => Array ( [log_in] => hidden_on_login [change_password] => auth [account_manager] => admin [log_out] => auth ) [LDAP] => Array ( [uri] => ldap://172.18.105.11:389 [base_dn] => dc=example,dc=org [admins_group] => admins [admin_bind_dn] => cn=admin,dc=example,dc=org [admin_bind_pwd] => admin [group_ou] => groups [user_ou] => people [group_membership_attribute] => uniquemember [group_membership_uses_uid] => [account_attribute] => uid [require_starttls] => [group_dn] => ou=groups,dc=example,dc=org [user_dn] => ou=people,dc=example,dc=org ) [DEFAULT_USER_GROUP] => everybody [DEFAULT_USER_SHELL] => /bin/bash [EMAIL_DOMAIN] => example.org [SITE_NAME] => LDAP user manager [USERNAME_FORMAT] => {first_name}-{last_name} [USERNAME_REGEX] => ^[a-z][a-zA-Z0-9.-]{3,32}$ [LDAP_DEBUG] => [SESSION_DEBUG] => [log_prefix] => 2020-05-04 16:42:21 - LDAP manager - - ) lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:21 +0000] "GET / HTTP/1.1" 200 2228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63" lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:21 +0000] "GET /favicon.ico HTTP/1.1" 404 530 "https://localhost:557/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63" lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:22 +0000] "GET /log_in HTTP/1.1" 301 607 "https://localhost:557/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63" [Mon May 04 16:42:22.622224 2020] [:error] [pid 26] [client 172.17.0.1:47126] 2020-05-04 16:42:22 - LDAP manager - - Settings: Array( [LDAP] => Array ( [uri] => ldap://172.18.105.11:389 [base_dn] => dc=example,dc=org [admins_group] => admins [admin_bind_dn] => cn=admin,dc=example,dc=org [admin_bind_pwd] => admin [group_ou] => groups [user_ou] => people [group_membership_attribute] => uniquemember [group_membership_uses_uid] => [account_attribute] => uid [require_starttls] => [group_dn] => ou=groups,dc=example,dc=org [user_dn] => ou=people,dc=example,dc=org ) [THIS_MODULE_PATH] => log_in [VALIDATED] => [IS_ADMIN] => [IS_SETUP_ADMIN] => [ACCESS_LEVEL_NAME] => Array ( [0] => account [1] => admin ) [CURRENT_PAGE] => /log_in/index.php [SENT_HEADERS] => [paths] => Array ( [0] => [1] => opt [2] => ldap_user_manager [3] => log_in ) [GOOD_ICON] => ☑ [WARN_ICON] => ⚠ [FAIL_ICON] => ⛔ [MODULES] => Array ( [log_in] => hidden_on_login [change_password] => auth [account_manager] => admin [log_out] => auth ) [DEFAULT_USER_GROUP] => everybody [DEFAULT_USER_SHELL] => /bin/bash [EMAIL_DOMAIN] => example.org [LOGIN_TIMEOUT_MINS] => 10 [SITE_NAME] => LDAP user manager [USERNAME_FORMAT] => {first_name}-{last_name} [USERNAME_REGEX] => ^[a-z][a-zA-Z0-9.-]{3,32}$ [LDAP_DEBUG] => [SESSION_DEBUG] => [log_prefix] => 2020-05-04 16:42:22 - LDAP manager - - ), referer: https://localhost:557/ lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:22 +0000] "GET /log_in/ HTTP/1.1" 200 954 "https://localhost:557/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63" [Mon May 04 16:42:28.899887 2020] [:error] [pid 25] [client 172.17.0.1:47200] 2020-05-04 16:42:28 - LDAP manager - - Settings: Array( [LDAP] => Array ( [uri] => ldap://172.18.105.11:389 [base_dn] => dc=example,dc=org [admins_group] => admins [admin_bind_dn] => cn=admin,dc=example,dc=org [admin_bind_pwd] => admin [group_ou] => groups [user_ou] => people [group_membership_attribute] => uniquemember [group_membership_uses_uid] => [account_attribute] => uid [require_starttls] => [group_dn] => ou=groups,dc=example,dc=org [user_dn] => ou=people,dc=example,dc=org ) [THIS_MODULE_PATH] => log_in [VALIDATED] => [IS_ADMIN] => [IS_SETUP_ADMIN] => [ACCESS_LEVEL_NAME] => Array ( [0] => account [1] => admin ) [CURRENT_PAGE] => /log_in/index.php [SENT_HEADERS] => [paths] => Array ( [0] => [1] => opt [2] => ldap_user_manager [3] => log_in ) [GOOD_ICON] => ☑ [WARN_ICON] => ⚠ [FAIL_ICON] => ⛔ [MODULES] => Array ( [log_in] => hidden_on_login [change_password] => auth [account_manager] => admin [log_out] => auth ) [DEFAULT_USER_GROUP] => everybody [DEFAULT_USER_SHELL] => /bin/bash [EMAIL_DOMAIN] => example.org [LOGIN_TIMEOUT_MINS] => 10 [SITE_NAME] => LDAP user manager [USERNAME_FORMAT] => {first_name}-{last_name} [USERNAMEREGEX] => ^[a-z][a-zA-Z0-9.-]{3,32}$ [LDAP_DEBUG] => [SESSION_DEBUG] => [log_prefix] => 2020-05-04 16:42:28 - LDAP manager - - ), referer: https://localhost:557/log_in/ [Mon May 04 16:42:28.922297 2020] [:error] [pid 25] [client 172.17.0.1:47200] 2020-05-04 16:42:28 - LDAP manager - - Failed to start STARTTLS connection to ldap://172.18.105.11:389, referer: https://localhost:557/log_in/ lum.example.com:443 172.17.0.1 - - [04/May/2020:16:42:28 +0000] "POST /log_in/ HTTP/1.1" 200 767 "https://localhost:557/log_in/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63"

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[Abhishek-Srivastava]

lum_log.log

Logs attached above. With the setup, when I enter the admin creds, the page just reloads itself. My be because of unauthorized error. lum.example.com:443 172.17.0.1 - - [05/May/2020:05:58:10 +0000] "GET /setup/index.php?unauthorised HTTP/1.1" 200 884 "https://localhost:5557/setup/index.php?unauthorised" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63"

[Abhishek-Srivastava]

Let me also show you the ldapsearch command out from the openldap deployment:

ldapsearch -H ldap://172.18.98.106:389 -D cn=admin,dc=example,dc=org -w admin -b dc=example,dc=org
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example

# admin, example.org
dn: cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9bHBidndTVHk3Wm9EV25KTFovaUJZMVVEOFVLMGZadTU=

# groups, example.org
dn: ou=groups,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups

# admins, groups, example.org
dn: cn=admins,ou=groups,dc=example,dc=org
objectClass: groupOfUniqueNames
objectClass: top
cn: admins
description: Group for the tenant mlops-dev-1
uniqueMember: cn=admin,dc=example,dc=org

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4

[wheelybird]

Hi. If you're on a Mac could you try a new image: wheelybird/ldap-user-manager:mac - I've changed the way the cookies are set, which seems to be an issue on Macs.

[Abhishek-Srivastava]

No mac, this is windows. (WSL-2). Would mind having a virtual debug session somewhere?

[wheelybird]

I've made some fixes that ought to solve the issue. Please try the latest image (either wheelybird/ldap-user-manager:latest or wheelybird/ldap-user-manager:v1.0). The issue was that you're using the default schema provided by osixia/openldap - the NIS schema. The user manager was supposed to be able to use that schema but at some point the code changed and broke that. To use the NIS schema you need to pass LDAP_USES_NIS_SCHEMA=TRUE as a variable.

Alternatively you can use the BIS schema with OpenLDAP - with osixia/openldap you need to pass LDAP_RFC2307BIS_SCHEMA=true when you initialise LDAP. This is generally a preferable schema.

Hopefully this will solve your problem.

[Abhishek-Srivastava]

Sorry to respond late. With this flag LDAP_USES_NIS_SCHEMA=TRUE I could visit the setup page and it created the necessary stuff. But while creating the admin account it said, it created the new admin account but couldn't add it to the group.

When I login using the new account:

Warning: preg_grep() expects parameter 2 to be array, null given in /opt/ldap_user_manager/includes/ldap_functions.inc.php on line 333

Warning: Cannot modify header information - headers already sent by (output started at /opt/ldap_user_manager/includes/ldap_functions.inc.php:333) in /opt/ldap_user_manager/log_in/index.php on line 27

Thu May 14 16:07:29.604984 2020] [:error] [pid 25] [client 192.168.65.3:54174] 2020-05-14 16:07:29 - LDAP manager -  -  Session: orf_cookie wasn't sent by the client., referer: https://localhost:5557/log_in/?
[Thu May 14 16:07:29.631479 2020] [:error] [pid 25] [client 192.168.65.3:54174] 2020-05-14 16:07:29 - LDAP manager -  -  Failed to start STARTTLS connection to ldap://my-openldap:389: Connect error, referer: https://localhost:5557/log_in/?
[Thu May 14 16:07:29.632866 2020] [:error] [pid 25] [client 192.168.65.3:54174] 2020-05-14 16:07:29 - LDAP manager -  -  Bound to ldap://my-openldap:389 as cn=admin,dc=example,dc=org, referer: https://localhost:5557/log_in/?
[Thu May 14 16:07:29.633375 2020] [:error] [pid 25] [client 192.168.65.3:54174] 2020-05-14 16:07:29 - LDAP manager -  -  LDAP search returned 0 records for uid=john-doe,ou=people,dc=example,dc=org, referer: https://localhost:5557/log_in/?
example.com:443 192.168.65.3 - - [14/May/2020:16:07:29 +0000] "POST /log_in/? HTTP/1.1" 200 708 "https://localhost:5557/log_in/?" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 OPR/68.0.3618.63"

However, when serach john-doe I get a valid reponse. ldapsearch -H ldap://localhost:20389 -D 'uid=john-doe,ou=people,dc=example,dc=org' -w $SECUREDPASSWORD -b 'ou=people,dc=example,dc=org'

[wheelybird]

Could you retry without using the Helm stuff? i.e. using a standalone Docker engine. Also enable the debugging and include the logs for the setup so we can see why it's not adding the user to the admin group. It sounds like LDAP_GROUP_MEMBERSHIP_USES_UID is being set and not using the default.

[Abhishek-Srivastava]

THere was one mistake though, LDAP_GROUP_MEMBERSHIP_ATTRIBUTE was incorrectly set. I did set it to memberUID and the admin account was successfully added to the admins group. However when I visit the setup page it shows:

Warning: Invalid argument supplied for foreach() in /opt/ldap_user_manager/includes/ldap_functions.inc.php on line 290

I dont see this LDAP_GROUP_MEMBERSHIP_USES_UID being set to anything. I logged in the container, here the env vars which are set:

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=ldap-user-manager-7cc9f95899-9qgxh TERM=xterm LDAP_URI=ldap://my-openldap:389 LDAP_BASE_DN=dc=example,dc=org LDAP_ADMIN_BIND_PWD=admin LDAP_USER_OU=people LOGIN_TIMEOUT_MINS=30 SESSION_DEBUG=TRUE LDAP_ADMIN_BIND_DN=cn=admin,dc=example,dc=org LDAP_ADMINS_GROUP=admins LDAP_GROUP_OU=groups LDAP_GROUP_MEMBERSHIP_ATTRIBUTE=memberUID LDAP_USES_NIS_SCHEMA=TRUE LDAP_DEBUG=TRUE LDAP_USER_MANAGER_SERVICE_PORT=5556 LDAP_USER_MANAGER_SERVICE_PORT_HTTP=5556 LDAP_USER_MANAGER_PORT=tcp://10.110.158.86:5556 LDAP_USER_MANAGER_PORT_5556_TCP=tcp://10.110.158.86:5556 LDAP_USER_MANAGER_PORT_5556_TCP_PORT=5556 KUBERNETES_SERVICE_PORT_HTTPS=443 MY_OPENLDAP_PORT_389_TCP_ADDR=10.105.246.34 MY_OPENLDAP_PORT_636_TCP_ADDR=10.105.246.34 LDAP_USER_MANAGER_PORT_5556_TCP_PROTO=tcp LDAP_USER_MANAGER_PORT_5557_TCP=tcp://10.110.158.86:5557 KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443 MY_OPENLDAP_PORT_636_TCP_PORT=636 KUBERNETES_PORT_443_TCP_PROTO=tcp MY_OPENLDAP_SERVICE_PORT_LDAP_PORT=389 KUBERNETES_PORT_443_TCP_PORT=443 KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1 LDAP_USER_MANAGER_PORT_5557_TCP_PORT=5557 MY_OPENLDAP_PORT_636_TCP=tcp://10.105.246.34:636 MY_OPENLDAP_PORT_636_TCP_PROTO=tcp LDAP_USER_MANAGER_SERVICE_PORT_HTTPS=5557 LDAP_USER_MANAGER_PORT_5557_TCP_ADDR=10.110.158.86 KUBERNETES_SERVICE_HOST=10.96.0.1 MY_OPENLDAP_PORT_389_TCP_PORT=389 MY_OPENLDAP_PORT=tcp://10.105.246.34:389 MY_OPENLDAP_PORT_389_TCP_PROTO=tcp LDAP_USER_MANAGER_SERVICE_HOST=10.110.158.86 KUBERNETES_SERVICE_PORT=443 MY_OPENLDAP_SERVICE_PORT=389 LDAP_USER_MANAGER_PORT_5557_TCP_PROTO=tcp MY_OPENLDAP_SERVICE_PORT_SSL_LDAP_PORT=636 MY_OPENLDAP_PORT_389_TCP=tcp://10.105.246.34:389 LDAP_USER_MANAGER_PORT_5556_TCP_ADDR=10.110.158.86 KUBERNETES_PORT=tcp://10.96.0.1:443 MY_OPENLDAP_SERVICE_HOST=10.105.246.34 PHPIZE_DEPS=autoconf dpkg-dev file g++ gcc libc-dev make pkg-config re2c PHP_INI_DIR=/usr/local/etc/php APACHE_CONFDIR=/etc/apache2 APACHE_ENVVARS=/etc/apache2/envvars PHP_EXTRA_BUILD_DEPS=apache2-dev PHP_EXTRA_CONFIGURE_ARGS=--with-apxs2 --disable-cgi PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 PHP_LDFLAGS=-Wl,-O1 -Wl,--hash-style=both -pie GPG_KEYS=1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 PHP_VERSION=7.0.33 PHP_URL=https://secure.php.net/get/php-7.0.33.tar.xz/from/this/mirror PHP_ASC_URL=https://secure.php.net/get/php-7.0.33.tar.xz.asc/from/this/mirror PHP_SHA256=ab8c5be6e32b1f8d032909dedaaaa4bbb1a209e519abb01a52ce3914f9a13d96 PHP_MD5= HOME=/root

[Abhishek-Srivastava]

Hey, Thanks a gazillion times. I removed all the env vars and just set those which you mentioned in the README.

-e "SERVER_HOSTNAME=lum.example.org" \
-e "LDAP_URI=ldaps://172.18.85.251:20636" \
-e "LDAP_BASE_DN=dc=example,dc=org" \
-e "LDAP_REQUIRE_STARTTLS=FALSE" \
-e "LDAP_ADMINS_GROUP=admins" \
-e "LDAP_ADMIN_BIND_DN=cn=admin,dc=example,dc=org" \
-e "LDAP_ADMIN_BIND_PWD=secret"\
-e "LDAP_USES_NIS_SCHEMA=true" 

I deployed thru the charts from this PR and tested some basic functionalities. Would you merge it? I would be happy to main this support this deployment on kubernetes. https://github.com/wheelybird/ldap-user-manager/pull/17