Using cloudron LDAP on another app

TomsFreitas

Hello everyone,

I am trying to setup ansible-semaphore using cloudron's LDAP for authentication.

By following the steps in the cloudron documentation I have reached this configuration for ansible-semaphore in the docker-compose file:

SEMAPHORE_LDAP_ACTIVATED: 'yes' # if you wish to use ldap, set to: 'yes' 
      SEMAPHORE_LDAP_HOST: XXXXXXXXXXXXX
      SEMAPHORE_LDAP_PORT: '636'
      SEMAPHORE_LDAP_NEEDTLS: 'yes'
      SEMAPHORE_LDAP_DN_BIND: 'cn=admin,ou=system,dc=cloudron'
      SEMAPHORE_LDAP_PASSWORD: 'XXXXXXXXXXXXXXXXXXXXXXXX'
      SEMAPHORE_LDAP_DN_SEARCH: 'ou=users,dc=cloudron'
      SEMAPHORE_LDAP_SEARCH_FILTER: '(\u0026(objectclass=person)(mail=%s))'

Although I get good results using ldapsearch, ldapwhoami and ansible-semaphore return

ldap_parse_result: Protocol error (2)
        additional info: 1.3.6.1.4.1.4203.1.11.3 not supported

Anyone knows what's going on?

Thanks!

nebulon

Is it possible to put semaphore into some debug mode to get more detailed error output? The error as such is very generic.

TomsFreitas

@nebulon No, that's one of the major problems with semaphore. This issue is probably not related to cloudron itself, the post is like a last resort for me.

girish

@TomsFreitas an idea is to then check cloudron server logs.

LDAP logs are suppressed by default. For this:

• Edit /etc/systemd/system/box.service
• Find the Environment= line. Change "DEBUG=box:*,connect-lastmile,-box:ldap" to "DEBUG=box:*,connect-lastmile"
• systemctl daemon-reload
• systemctl restart box

Now, maybe something appears in /home/yellowtent/platformdata/logs/box.log .