Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. How to debug Cloudron directory server?

How to debug Cloudron directory server?

Scheduled Pinned Locked Moved Solved Support
user directory
10 Posts 4 Posters 1.5k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • fbartelsF Offline
      fbartelsF Offline
      fbartels
      App Dev
      wrote on last edited by girish
      #1

      Hi everyone,

      I have been toying on and off with an instance of authentik and the next step would be to fill it with users. For this I wanted to configure my Cloudron system as the "LDAP source" in Auhtentik. But somehow I am not getting users listed.

      The authentik system is a vm on my home network and from my workstation on the same network I can also successfully execute

      ldapsearch -v -x -b "ou=users,dc=cloudron" -D "cn=admin,ou=system,dc=cloudron" -w xxx -H ldaps://my.xxx.xx:636
      

      And since I had to first set export LDAPTLS_REQCERT=never on the vm authentik is running on I expect an ssl issue. Weirdly openssl s_client -connect my.xxx.xx:636 is able to connect.

      Now I am looking for some logging. Authentik does not seem to log anything (I am asking the same question about log locations in their Discord), so I was wondering if Cloudron may have some logging that I am missing. I already did a journalctl -u box, but that did not give much info.

      PS: Authentik also offers the ability to write password changes back into its upstream ldap. Would this work with Cloudron or is the current ldap interface read only?

      1 Reply Last reply
      1
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        Generally unless there is a bug, SSL should works fine there. Also you are saying using the ldapsearch tool you get a userlisting?

        There are no further debugging options out of the box, however you can manually add console.log()s in the /home/yellowtent/box/src/userdirectory.js for debugging purpose. After changing the file you have to systemctl restart box for them to go live. This is a bit hacky but at least you can put logs as you see fit to check if authentik is even reaching the server and such.

        fbartelsF 1 Reply Last reply
        1
        • nebulonN nebulon

          Generally unless there is a bug, SSL should works fine there. Also you are saying using the ldapsearch tool you get a userlisting?

          There are no further debugging options out of the box, however you can manually add console.log()s in the /home/yellowtent/box/src/userdirectory.js for debugging purpose. After changing the file you have to systemctl restart box for them to go live. This is a bit hacky but at least you can put logs as you see fit to check if authentik is even reaching the server and such.

          fbartelsF Offline
          fbartelsF Offline
          fbartels
          App Dev
          wrote on last edited by
          #3

          @nebulon yes, I have the feeling that it is somehow ssl related, in which case no logging is expected as the general connection fails. On the other hand this is written in the ldap configuration in authentik:

          When connecting to an LDAP Server with TLS, certificates are not checked by default.

          fbartelsF 1 Reply Last reply
          0
          • fbartelsF fbartels

            @nebulon yes, I have the feeling that it is somehow ssl related, in which case no logging is expected as the general connection fails. On the other hand this is written in the ldap configuration in authentik:

            When connecting to an LDAP Server with TLS, certificates are not checked by default.

            fbartelsF Offline
            fbartelsF Offline
            fbartels
            App Dev
            wrote on last edited by
            #4

            I have progressed a good bit and have now an ldap error in authentik. Debugging further.

            1 Reply Last reply
            1
            • fbartelsF Offline
              fbartelsF Offline
              fbartels
              App Dev
              wrote on last edited by
              #5

              Just to close this topic up. It seems one mayor factor seems to have been that the "worker" in authentik was stuck and therefore did not attempt to connect to process the ldap connection. After it started processing the connection it ran into some python tracebacks because of missing attributes. I could not get the sync to run, but then anyways decided to do it the other way around and use authentik as my primary source of users and connect my Cloudron to authentik instead.

              The final switch is still pending however as Cloudron already has an ldap source configured, which I am going to decommission soon.

              andreasduerenA 1 Reply Last reply
              1
              • fbartelsF fbartels marked this topic as a question on
              • fbartelsF fbartels has marked this topic as solved on
              • fbartelsF fbartels

                Just to close this topic up. It seems one mayor factor seems to have been that the "worker" in authentik was stuck and therefore did not attempt to connect to process the ldap connection. After it started processing the connection it ran into some python tracebacks because of missing attributes. I could not get the sync to run, but then anyways decided to do it the other way around and use authentik as my primary source of users and connect my Cloudron to authentik instead.

                The final switch is still pending however as Cloudron already has an ldap source configured, which I am going to decommission soon.

                andreasduerenA Offline
                andreasduerenA Offline
                andreasdueren
                wrote on last edited by
                #6

                @fbartels said in How to debug Cloudron directory server?:

                Just to close this topic up. It seems one mayor factor seems to have been that the "worker" in authentik was stuck and therefore did not attempt to connect to process the ldap connection. After it started processing the connection it ran into some python tracebacks because of missing attributes. I could not get the sync to run, but then anyways decided to do it the other way around and use authentik as my primary source of users and connect my Cloudron to authentik instead.

                The final switch is still pending however as Cloudron already has an ldap source configured, which I am going to decommission soon.

                Would you mind sharing your ldap configuration in Authentik with us?

                1 Reply Last reply
                1
                • jdaviescoatesJ Offline
                  jdaviescoatesJ Offline
                  jdaviescoates
                  wrote on last edited by
                  #7

                  I think @Sam_uk would be interested in this thread as he's been exploring things like Authentik too.

                  I use Cloudron with Gandi & Hetzner

                  1 Reply Last reply
                  1
                  • fbartelsF Offline
                    fbartelsF Offline
                    fbartels
                    App Dev
                    wrote on last edited by
                    #8

                    I have to confess that I have not yet made that switch. While I decommissioned the old ldap I did not spend further time on connecting my Cloudron to Authentik. The reason behind this is that the hardware my authentik is running on is not really stable. Random crashes (sometimes weeks apart). Therefore I have not yet connected external services to it.

                    andreasduerenA 1 Reply Last reply
                    2
                    • fbartelsF fbartels

                      I have to confess that I have not yet made that switch. While I decommissioned the old ldap I did not spend further time on connecting my Cloudron to Authentik. The reason behind this is that the hardware my authentik is running on is not really stable. Random crashes (sometimes weeks apart). Therefore I have not yet connected external services to it.

                      andreasduerenA Offline
                      andreasduerenA Offline
                      andreasdueren
                      wrote on last edited by
                      #9

                      @fbartels understood, but just giving me the values you entered in Authentik would safe me some time 😄

                      fbartelsF 1 Reply Last reply
                      1
                      • andreasduerenA andreasdueren

                        @fbartels understood, but just giving me the values you entered in Authentik would safe me some time 😄

                        fbartelsF Offline
                        fbartelsF Offline
                        fbartels
                        App Dev
                        wrote on last edited by
                        #10

                        @andreasdueren i think I just followed their documentation: https://goauthentik.io/docs/providers/ldap/generic_setup

                        1 Reply Last reply
                        1
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes


                          • Login

                          • Don't have an account? Register

                          • Login or register to search.
                          • First post
                            Last post
                          0
                          • Categories
                          • Recent
                          • Tags
                          • Popular
                          • Bookmarks
                          • Search