Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

How to debug Cloudron directory server?

Scheduled Pinned Locked Moved Solved Support
user directory
5 Posts 2 Posters 192 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    wrote on last edited by girish
    #1

    Hi everyone,

    I have been toying on and off with an instance of authentik and the next step would be to fill it with users. For this I wanted to configure my Cloudron system as the "LDAP source" in Auhtentik. But somehow I am not getting users listed.

    The authentik system is a vm on my home network and from my workstation on the same network I can also successfully execute

    ldapsearch -v -x -b "ou=users,dc=cloudron" -D "cn=admin,ou=system,dc=cloudron" -w xxx -H ldaps://my.xxx.xx:636
    

    And since I had to first set export LDAPTLS_REQCERT=never on the vm authentik is running on I expect an ssl issue. Weirdly openssl s_client -connect my.xxx.xx:636 is able to connect.

    Now I am looking for some logging. Authentik does not seem to log anything (I am asking the same question about log locations in their Discord), so I was wondering if Cloudron may have some logging that I am missing. I already did a journalctl -u box, but that did not give much info.

    PS: Authentik also offers the ability to write password changes back into its upstream ldap. Would this work with Cloudron or is the current ldap interface read only?

    1 Reply Last reply
    1
  • nebulonN Online
    nebulonN Online
    nebulon Staff
    wrote on last edited by
    #2

    Generally unless there is a bug, SSL should works fine there. Also you are saying using the ldapsearch tool you get a userlisting?

    There are no further debugging options out of the box, however you can manually add console.log()s in the /home/yellowtent/box/src/userdirectory.js for debugging purpose. After changing the file you have to systemctl restart box for them to go live. This is a bit hacky but at least you can put logs as you see fit to check if authentik is even reaching the server and such.

    fbartelsF 1 Reply Last reply
    1
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to nebulon on last edited by
    #3

    @nebulon yes, I have the feeling that it is somehow ssl related, in which case no logging is expected as the general connection fails. On the other hand this is written in the ldap configuration in authentik:

    When connecting to an LDAP Server with TLS, certificates are not checked by default.

    fbartelsF 1 Reply Last reply
    0
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to fbartels on last edited by
    #4

    I have progressed a good bit and have now an ldap error in authentik. Debugging further.

    1 Reply Last reply
    1
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    wrote on last edited by
    #5

    Just to close this topic up. It seems one mayor factor seems to have been that the "worker" in authentik was stuck and therefore did not attempt to connect to process the ldap connection. After it started processing the connection it ran into some python tracebacks because of missing attributes. I could not get the sync to run, but then anyways decided to do it the other way around and use authentik as my primary source of users and connect my Cloudron to authentik instead.

    The final switch is still pending however as Cloudron already has an ldap source configured, which I am going to decommission soon.

    1 Reply Last reply
    0
  • fbartelsF fbartels marked this topic as a question on
  • fbartelsF fbartels has marked this topic as solved on

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.