Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved How to debug Cloudron directory server?

    Support
    user directory
    2
    5
    180
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • fbartels
      fbartels App Dev last edited by girish

      Hi everyone,

      I have been toying on and off with an instance of authentik and the next step would be to fill it with users. For this I wanted to configure my Cloudron system as the "LDAP source" in Auhtentik. But somehow I am not getting users listed.

      The authentik system is a vm on my home network and from my workstation on the same network I can also successfully execute

      ldapsearch -v -x -b "ou=users,dc=cloudron" -D "cn=admin,ou=system,dc=cloudron" -w xxx -H ldaps://my.xxx.xx:636

      And since I had to first set export LDAPTLS_REQCERT=never on the vm authentik is running on I expect an ssl issue. Weirdly openssl s_client -connect my.xxx.xx:636 is able to connect.

      Now I am looking for some logging. Authentik does not seem to log anything (I am asking the same question about log locations in their Discord), so I was wondering if Cloudron may have some logging that I am missing. I already did a journalctl -u box, but that did not give much info.

      PS: Authentik also offers the ability to write password changes back into its upstream ldap. Would this work with Cloudron or is the current ldap interface read only?

      1 Reply Last reply Reply Quote 1
      • nebulon
        nebulon Staff last edited by

        Generally unless there is a bug, SSL should works fine there. Also you are saying using the ldapsearch tool you get a userlisting?

        There are no further debugging options out of the box, however you can manually add console.log()s in the /home/yellowtent/box/src/userdirectory.js for debugging purpose. After changing the file you have to systemctl restart box for them to go live. This is a bit hacky but at least you can put logs as you see fit to check if authentik is even reaching the server and such.

        fbartels 1 Reply Last reply Reply Quote 1
        • fbartels
          fbartels App Dev @nebulon last edited by

          @nebulon yes, I have the feeling that it is somehow ssl related, in which case no logging is expected as the general connection fails. On the other hand this is written in the ldap configuration in authentik:

          When connecting to an LDAP Server with TLS, certificates are not checked by default.

          fbartels 1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels App Dev @fbartels last edited by

            I have progressed a good bit and have now an ldap error in authentik. Debugging further.

            1 Reply Last reply Reply Quote 1
            • fbartels
              fbartels App Dev last edited by

              Just to close this topic up. It seems one mayor factor seems to have been that the "worker" in authentik was stuck and therefore did not attempt to connect to process the ldap connection. After it started processing the connection it ran into some python tracebacks because of missing attributes. I could not get the sync to run, but then anyways decided to do it the other way around and use authentik as my primary source of users and connect my Cloudron to authentik instead.

              The final switch is still pending however as Cloudron already has an ldap source configured, which I am going to decommission soon.

              1 Reply Last reply Reply Quote 0
              • Topic has been marked as a question  fbartels fbartels 
              • Topic has been marked as solved  fbartels fbartels 
              • First post
                Last post
              Powered by NodeBB