Install LemonLDAP::NG SSO/IAM on Nethserver

looks like the these guys https://www.authelia.com/

Have now added OIDC and Ldap support.

1 Like

Also this should be updated with these:

Single-Sign On - Synapse (matrix-org.github.io)

Looks like OIDC is in beta according to their docs:
image

25 posts were split to a new topic: LemonLDAP::NG and multiple LDAP servers

i am Facing an Installation error

failure: repodata/repomd.xml from lemonldap-ng: [Errno 256] No more mirrors to try.
https://lemonldap-ng.org/redhat/stable//noarch/repodata/repomd.xml: [Errno -1] Error importing repomd.xml for lemonldap-ng: Damaged repomd.xml file
[root@nethserver-ad ~]# /root/lemon_config.sh
-bash: /root/lemon_config.sh: No such file or directory

what could be the problem?

Hi

Your installer-script can’t reach the server https://lemonldap-ng.org - the reason could be either DNS or routing. But I assume DNS, as you can reach that server.

Can you ping google with FQDN? www.google.com ?

yes, i am able to ping google

It’s more accurate to say that yum isn’t downloading, at least, the complete/correct repomd.xml file, and if you’d shown a few more lines of the messages, it might be more obvious why. Let’s make sure the repo file has the correct contents–what are the complete contents of /etc/yum.repos.d/lemonldap-ng.repo?

complete message

Loaded plugins: changelog, fastestmirror, langpacks, nethserver_events
nethserver-danb35-1.1.0-1.ns7.noarch.rpm                                                        |  55 kB  00:00:00
Examining /var/tmp/yum-root-igh_Yq/nethserver-danb35-1.1.0-1.ns7.noarch.rpm: nethserver-danb35-1.1.0-1.ns7.noarch
/var/tmp/yum-root-igh_Yq/nethserver-danb35-1.1.0-1.ns7.noarch.rpm: does not update installed package.
Error: Nothing to do
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1694  100  1694    0     0   5162      0 --:--:-- --:--:-- --:--:--  5164
Loaded plugins: changelog, fastestmirror, langpacks, nethserver_events
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                            |  21 kB  00:00:00
 * ce-base: mirror.freethought-internet.co.uk
 * ce-extras: mirror.freethought-internet.co.uk
 * ce-sclo-rh: mirror.freethought-internet.co.uk
 * ce-sclo-sclo: mirror.freethought-internet.co.uk
 * ce-updates: mirror.freethought-internet.co.uk
 * epel: mirror.freethought-internet.co.uk
 * nethforge: nethserver.de-labrusse.fr
 * nethserver-base: nethserver.de-labrusse.fr
 * nethserver-updates: nethserver.de-labrusse.fr
ce-base/7/x86_64/signature                                                                      |  811 B  00:00:00
ce-base/7/x86_64/signature                                                                      | 3.6 kB  00:00:00 !!!
ce-extras/7/x86_64/signature                                                                    |  811 B  00:00:00
ce-extras/7/x86_64/signature                                                                    | 2.9 kB  00:00:00 !!!
ce-sclo-rh                                                                                      | 3.0 kB  00:00:00
ce-sclo-sclo                                                                                    | 3.0 kB  00:00:00
ce-updates/7/x86_64/signature                                                                   |  811 B  00:00:00
ce-updates/7/x86_64/signature                                                                   | 2.9 kB  00:00:00 !!!
danb35/7/signature                                                                              |  230 B  00:00:00
danb35/7/signature                                                                              | 2.9 kB  00:00:00 !!!
lemonldap-ng                                                                                    |  13 kB  00:00:00
https://lemonldap-ng.org/redhat/stable//noarch/repodata/repomd.xml: [Errno -1] Error importing repomd.xml for lemonldap-ng: Damaged repomd.xml file
Trying other mirror.


 One of the configured repositories failed (LemonLDAP::NG packages),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=lemonldap-ng ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable lemonldap-ng
        or
            subscription-manager repos --disable=lemonldap-ng

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=lemonldap-ng.skip_if_unavailable=true

failure: repodata/repomd.xml from lemonldap-ng: [Errno 256] No more mirrors to try.
https://lemonldap-ng.org/redhat/stable//noarch/repodata/repomd.xml: [Errno -1] Error importing repomd.xml for lemonldap-ng: Damaged repomd.xml file
./LemonLDAP-NG.sh: line 25: /root/lemon_config.sh: No such file or directory
[lemonldap-ng]
name=LemonLDAP::NG packages
baseurl=https://lemonldap-ng.org/redhat/stable//noarch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

[lemonldap-ng-extras]
name=LemonLDAP::NG extra packages
baseurl=https://lemonldap-ng.org/redhat/extras/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

/etc/yum.repos.d/lemonldap-ng.repo

[lemonldap-ng]
name=LemonLDAP::NG packages
baseurl=https://lemonldap-ng.org/redhat/stable//noarch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

[lemonldap-ng-extras]
name=LemonLDAP::NG extra packages
baseurl=https://lemonldap-ng.org/redhat/extras/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

should be

[lemonldap-ng]
name=LemonLDAP::NG packages
baseurl=https://lemonldap-ng.org/redhat/stable/$releasever/noarch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

[lemonldap-ng-extras]
name=LemonLDAP::NG extra packages
baseurl=https://lemonldap-ng.org/redhat/extras/$releasever
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

as your running into the error that your server cannot connect to https://lemonldap-ng.org/redhat/stable//noarch
not sure why it did that but if you replace the contents in /etc/yum.repos.d/lemonldap-ng.repo with

[lemonldap-ng]
name=LemonLDAP::NG packages
baseurl=https://lemonldap-ng.org/redhat/stable/$releasever/noarch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

[lemonldap-ng-extras]
name=LemonLDAP::NG extra packages
baseurl=https://lemonldap-ng.org/redhat/extras/$releasever
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2

and run yum -y update

you should be able to the issue

curl https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 > /etc/pki/rpm-gpg/RPM-GPG-KEY-OW2 && yum -y install nethserver-lemonldap-ng --enablerepo=lemonldap-ng,lemonldap-ng-extras && ~/lemon_config.sh

that should install it

seems to have installed, as i can access the manager interface

but this came up, not sure it has no effect or not.

Complete!
Saved under number 2
[Fri Mar 18 03:10:58 2022] [LLNG:9052] [error] Apply configuration for localhost: error 500 (read timeout)
Status  : [
          {
            'localhost' => 'Error 500 (read timeout)'
          }
        ];
Saved under number 3
[Fri Mar 18 03:11:05 2022] [LLNG:11006] [error] Apply configuration for localhost: error 500 (read timeout)
Status  : [
          {
            'localhost' => 'Error 500 (read timeout)'
          }
        ];
Saved under number 4
[Fri Mar 18 03:11:12 2022] [LLNG:11040] [error] Apply configuration for localhost: error 500 (read timeout)
Status  : [
          {
            'localhost' => 'Error 500 (read timeout)'
          }
        ];
Saved under number 5
[Fri Mar 18 03:11:19 2022] [LLNG:11068] [error] Apply configuration for localhost: error 500 (read timeout)
Warnings: [
          {
            'message' => 'Portal URL should end with a /'
          }
        ];
Status  : [
          {
            'localhost' => 'Error 500 (read timeout)'
          }
        ];
Saved under number 6
[Fri Mar 18 03:11:26 2022] [LLNG:11095] [error] Apply configuration for localhost: error 500 (read timeout)
Warnings: [
          {
            'message' => 'Your version of IO::Socket::IP is too old to enforce connection timeouts on ldaps:// URLs. Use ldap+tls:// instead'
          }
        ];
Status  : [
          {
            'localhost' => 'Error 500 (read timeout)'
          }
        ];
Saved under number 7
[Fri Mar 18 03:11:32 2022] [LLNG:11132] [error] Apply configuration for localhost: error 500 (read timeout)
Warnings: [
          {
            'message' => 'Your version of IO::Socket::IP is too old to enforce connection timeouts on ldaps:// URLs. Use ldap+tls:// instead'
          }
        ];
Status  : [
          {
            'localhost' => 'Error 500 (read timeout)'
          }
        ];
Saved under number 8
[Fri Mar 18 03:11:39 2022] [LLNG:11157] [error] Apply configuration for localhost: error 500 (read timeout)
Warnings: [
          {
            'message' => 'Your version of IO::Socket::IP is too old to enforce connection timeouts on ldaps:// URLs. Use ldap+tls:// instead'
          }
        ];
Status  : [
          {
            'localhost' => 'Error 500 (read timeout)'
          }
        ];
Saved under number 9
[Fri Mar 18 03:11:46 2022] [LLNG:11196] [error] Apply configuration for localhost: error 500 (read timeout)
Warnings: [
          {
            'message' => 'Your version of IO::Socket::IP is too old to enforce connection timeouts on ldaps:// URLs. Use ldap+tls:// instead'
          }
        ];
Status  : [
          {
            'localhost' => 'Error 500 (read timeout)'
          }
        ];

ignore that it will be fixed when you configure the server

1 Like

I’ve added a new install script; you can now install LLNG by running a single command: curl https://raw.githubusercontent.com/danb35/nethserver-lemonldap-ng/master/install-llng.sh | sh

Be aware that this runs the lemon_config.sh script with all the defaults, so if you want to customize it, you should follow the previous instructions. The Wiki and GitHub README have been updated to reflect this.

4 Likes

@danb35 How do you map these 2 attributes correctly in nextcloud, making use of LLNG

i cant edit them in NC, and there are not being pulled form what entered in cockpit on phpldapadmin

I’ve got the mapping set correctly in mine take a look at my manager