LAM cannot connect to Server

stephdl · November 4, 2024, 6:07pm

where is the ad, it is not remote ?

capote · November 4, 2024, 6:18pm

no, local on the same single node

stephdl · November 4, 2024, 9:11pm

could you install please for testing, you can remove or let the old lam

add-module ghcr.io/stephdl/lam:overwriteldap

go after to link the lam module to the account provider

capote · November 4, 2024, 9:38pm

I did it.
The same error occurs:
That’s the default configuration.

# journalctl -f _UID=$(id -u lam3)
Nov 04 22:35:38 daho-ns8 lam[53588]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:21:35:37 +0000] "GET /lam/templates/lib/extra/jodit/jodit.js HTTP/1.1" 200 276006 "https://lam.home.dargels.de/lam/templates/config/confmain.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"
Nov 04 22:35:38 daho-ns8 lam[53588]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:21:35:38 +0000] "GET /lam/pwa_worker.js HTTP/1.1" 200 1073 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"
Nov 04 22:35:43 daho-ns8 lam[53588]: 10.0.2.100:80 ::1 - - [04/Nov/2024:21:35:43 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.62 (Debian) OpenSSL/3.0.14 (internal dummy connection)"
Nov 04 22:37:06 daho-ns8 lam[53588]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:21:37:06 +0000] "POST /lam/templates/config/confmain.php HTTP/1.1" 302 969 "https://lam.home.dargels.de/lam/templates/config/confmain.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"
Nov 04 22:37:06 daho-ns8 lam[53588]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:21:37:06 +0000] "GET /lam/templates/login.php HTTP/1.1" 200 3126 "https://lam.home.dargels.de/lam/templates/config/confmain.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"
Nov 04 22:37:06 daho-ns8 lam[53588]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:21:37:06 +0000] "GET /lam/templates/manifest.php HTTP/1.1" 200 1211 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"
Nov 04 22:37:07 daho-ns8 lam[53588]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:21:37:07 +0000] "GET /lam/pwa_worker.js HTTP/1.1" 200 1073 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"
Nov 04 22:37:17 daho-ns8 lam[53588]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:21:37:17 +0000] "POST /lam/templates/login.php HTTP/1.1" 403 7323 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"
Nov 04 22:37:17 daho-ns8 lam[53588]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:21:37:17 +0000] "GET /lam/templates/manifest.php HTTP/1.1" 200 1211 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"
Nov 04 22:37:18 daho-ns8 lam[53588]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:21:37:18 +0000] "GET /lam/pwa_worker.js HTTP/1.1" 200 1073 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"

~# runagent -m lam3 cat discovery_ldap.env
LDAP_PORT=20001
LDAP_USER=ldapservice@ad-ns8.home.dargels.de
LDAP_HOST=127.0.0.1
LDAP_PASS=VnQWC/-880AKTxn89pla+XdvCfMw.XRV
LDAP_SCHEMA=ad
LDAP_BASE=DC=ad-ns8,DC=home,DC=dargels,DC=de

stephdl · November 4, 2024, 10:23pm

Write manually, no clues what is occuring on your server I cannot reproduce

ldap://accountprovider:20001

capote · November 4, 2024, 11:57pm

Yes, I did it rapidly.
The error persists.

stephdl · November 5, 2024, 8:20am

remove all lam module, try to reinstall

remove-module --no-preserve lam3
add-module ghcr.io/stephdl/lam:overwriteldap

Please you should help a developer by gathering any informations you could find

for example I need I think the journal of the installation

journalctl > dump_journal

cat /home/lam3/.config/state/environment
cat /home/lam3/.config/state/discovery_ldap.env
cat /home/lam3/.config/state/lam-config/lam.conf
cat /home/lam3/.config/state/lam-config/config.cfg

once installed try to check in the lam config what you have, if it is not good, try to save again the form

capote · November 5, 2024, 9:58am

I removed it:

:~# runagent -m lam3 cat discovery_ldap.env
LDAP_PORT=20001
LDAP_USER=ldapservice@ad-ns8.home.dargels.de
LDAP_HOST=127.0.0.1
LDAP_PASS=VnQWC/-880AKTxn89pla+XdvCfMw.XRV
LDAP_SCHEMA=ad
LDAP_BASE=DC=ad-ns8,DC=home,DC=dargels,DC=de
root@daho-ns8:~# remove-module --no-preserve lam3
<7>podman rmi --ignore 408e58913527ae295ff1499032169387cc338d055239259202f07240bc559cf1
{}

I reinstalled and configurated it:

~# cat /home/lam4/.config/state/environment
IMAGE_DIGEST=sha256:c097cd140d3eff8107a05575a9571d1411ef629b192081820ed28ca290c30032
IMAGE_ID=e60767be2d9d61cb937c2f9cb3e6d6cf8d34a2026a228c7c3e9215e9490af190
IMAGE_REOPODIGEST=ghcr.io/stephdl/lam@sha256:c097cd140d3eff8107a05575a9571d1411ef629b192081820ed28ca290c30032
IMAGE_URL=ghcr.io/stephdl/lam:overwriteldap
LAM_IMAGE=ghcr.io/ldapaccountmanager/lam:8.9
LAM_LICENSE=
LAM_LOGIN_METHOD=list
LDAP_ADMIN_USERS=admin
LDAP_DOMAIN=ad-ns8.home.dargels.de
MODULE_ID=lam4
MODULE_UUID=1669259d-984b-4619-a694-6556e83399c9
NODE_ID=1
TCP_PORT=20000
TCP_PORTS=20000
TRAEFIK_HOST=lam.home.dargels.de
TRAEFIK_HTTP2HTTPS=True
TRAEFIK_LETS_ENCRYPT=True

~# cat /home/lam4/.config/state/discovery_ldap.env
LDAP_PORT=20001
LDAP_USER=ldapservice@ad-ns8.home.dargels.de
LDAP_HOST=127.0.0.1
LDAP_PASS=VnQWC/-880AKTxn89pla+XdvCfMw.XRV
LDAP_SCHEMA=ad
LDAP_BASE=DC=ad-ns8,DC=home,DC=dargels,DC=de

~# cat /home/lam4/.config/state/lam-config/lam.conf: File not found

~# cat /home/lam4/.config/state/lam-config/lam.conf

ServerURL: ldap://accountprovider:20001

serverDisplayName: ad-ns8.home.dargels.de

useTLS: no

followReferrals: false

pagedResults: false

referentialIntegrityOverlay: false

hidePasswordPromptForExpiredPasswords: false

Passwd: {SSHA}3irB6JbX8hrfOE9Bv0kC8MhB7p8= r42VpA==

Admins: CN=admin,CN=Users,DC=ad-ns8,DC=home,DC=dargels,DC=de

defaultLanguage: en_US.utf8

timeZone: UTC

scriptPath:

scriptServer:

scriptRights: 750

scriptUserName:

scriptSSHKey:

scriptSSHKeyPassword:

searchLimit: 0

activeTypes: user,group,host

accessLevel: 100

loginMethod: list

loginSearchSuffix: DC=ad-ns8,DC=home,DC=dargels,DC=de

loginSearchFilter: sAMAccountName=%USER%

loginSearchDN: cn=ldapservice,CN=Users,DC=ad-ns8,DC=home,DC=dargels,DC=de

loginSearchPassword: VnQWC/-880AKTxn89pla+XdvCfMw.XRV

httpAuthentication: false

lamProMailFrom: noreply@example.com

lamProMailReplyTo:

lamProMailSubject: Your password was reset

lamProMailIsHTML: false

lamProMailAllowAlternateAddress: true

lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+

jobsBindPassword:

jobsBindUser:

jobsDatabase: SQLite

jobsDBHost:

jobsDBPort:

jobsDBUser:

jobsDBPassword:

jobsDBName:

jobToken: wNXi1FWsAgG02Wr5CWoM

pwdResetAllowSpecificPassword: true

pwdResetAllowScreenPassword: true

pwdResetForcePasswordChange: true

pwdResetDefaultPasswordOutput: 2

twoFactorAuthentication: none

twoFactorAuthenticationURL: https://localhost

twoFactorAuthenticationClientId:

twoFactorAuthenticationSecretKey:

twoFactorAuthenticationDomain:

twoFactorAuthenticationInsecure:

twoFactorAuthenticationLabel:

twoFactorAuthenticationOptional:

twoFactorAuthenticationCaption:

twoFactorAuthenticationAttribute: uid

twoFactorAllowToRememberDevice: false

twoFactorRememberDeviceDuration: 28800

twoFactorRememberDevicePassword: M.gIZEISM-zJOLAWOnKrfJdEi68lvC

hideDnPart: CN=Users,DC=ad-ns8,DC=home,DC=dargels,DC=de

pwdPolicyMinLength:

pwdPolicyMinLowercase:

pwdPolicyMinUppercase:

pwdPolicyMinNumeric:

pwdPolicyMinSymbolic:
modules: windowsGroup_hidemail: false
modules: windowsGroup_hidemanagedBy: false
modules: windowsGroup_hidemsSFU30Name: true
modules: windowsGroup_hidemsSFU30NisDomain: true
modules: windowsUser_displayGroups: CN
modules: windowsUser_hidebusinessCategory: true
modules: windowsUser_hidecarLicense: true
modules: windowsUser_hidecompany: true
modules: windowsUser_hidedepartment: true
modules: windowsUser_hidedepartmentNumber: true
modules: windowsUser_hidedescription: false
modules: windowsUser_hidedisplayName: false
modules: windowsUser_hidemail: false
modules: windowsUser_hideotherMailbox: false
modules: windowsUser_hideemployeeNumber: true
modules: windowsUser_hideemployeeType: true
modules: windowsUser_hidefacsimileTelephoneNumber: false
modules: windowsUser_hidehomeDirectory: false
modules: windowsUser_hidehomeDrive: false
modules: windowsUser_hideinitials: false
modules: windowsUser_hidetitle: true
modules: windowsUser_hidelastLogonTimestamp: false
modules: windowsUser_hidepwdLastSet: false
modules: windowsUser_hidel: false
modules: windowsUser_hidescriptPath: false
modules: windowsUser_hidemanager: true
modules: windowsUser_hidemobile: false
modules: windowsUser_hidemsSFU30NisDomain: true
modules: windowsUser_hidemsSFU30Name: true
modules: windowsUser_hidephysicalDeliveryOfficeName: false
modules: windowsUser_hideo: true
modules: windowsUser_hideou: true
modules: windowsUser_hideotherMobile: true
modules: windowsUser_hideotherPager: true
modules: windowsUser_hideotherTelephone: false
modules: windowsUser_hideurl: false
modules: windowsUser_hidepager: true
modules: windowsUser_hidejpegPhoto: true
modules: windowsUser_hidepostOfficeBox: false
modules: windowsUser_hidepostalCode: false
modules: windowsUser_hideprofilePath: false
modules: windowsUser_hideproxyAddresses: true
modules: windowsUser_hideRequireSmartcard: false
modules: windowsUser_hidest: false
modules: windowsUser_hidestreetAddress: false
modules: windowsUser_hidetelephoneNumber: false
modules: windowsUser_hidesAMAccountName: true
modules: windowsUser_hidewWWHomePage: false
modules: windowsUser_hideWorkstations: false
types: suffix_user: DC=ad-ns8,DC=home,DC=dargels,DC=de
types: attr_user: #cn;#displayName
types: modules_user: windowsUser
types: suffix_group: DC=ad-ns8,DC=home,DC=dargels,DC=de
types: attr_group: #cn;#description;#member
types: modules_group: windowsGroup
types: suffix_host: DC=ad-ns8,DC=home,DC=dargels,DC=de
types: attr_host: #cn;#description
types: suffix_smbDomain: DC=ad-ns8,DC=home,DC=dargels,DC=de
types: attr_smbDomain: #sambaDomainName;#sambaSID
types: modules_host: windowsHost
tools: treeViewSuffix: DC=ad-ns8,DC=home,DC=dargels,DC=de
tools: tool_hide_toolFileUpload: false
tools: tool_hide_ImportExport: false
tools: tool_hide_toolMultiEdit: false
tools: tool_hide_toolOUEditor: false
tools: tool_hide_toolPDFEditor: false
tools: tool_hide_toolProfileEditor: false
tools: tool_hide_toolSchemaBrowser: false
tools: tool_hide_toolServerInformation: false
tools: tool_hide_toolTests: false
tools: tool_hide_TreeViewTool: false

~# cat /home/lam4/.config/state/lam-config/config.cfg
password: {SSHA}og9MdeYRopbiWGb+jY+q58rZcIk= Nn87oA==
default: lam
logLevel: 4
logDestination: SYSLOG
configDatabaseType: files
configDatabaseServer:
configDatabasePort:
configDatabaseName:
configDatabaseUser:
configDatabasePassword:
license:
sessionTimeout: 30
hideLoginErrorDetails: false
allowedHosts:
allowedHostsSelfService:
passwordMinLength: 0
passwordMinUpper: 0
passwordMinLower: 0
passwordMinNumeric: 0
passwordMinSymbol: 0
passwordMinClasses: 0
checkedRulesCount: -1
passwordMustNotContain3Chars: false
passwordMustNotContainUser: false
externalPwdCheckUrl:
errorReporting: default
licenseEmailFrom:
licenseEmailTo:
licenseEmailDateSent:
licenseWarningType:
mailServer:
mailUser:
mailPassword:
mailEncryption:
mailAttribute: mail
mailBackupAttribute: passwordselfresetbackupmail

I started LAM initially:
The error persists:

grafik1368×1058 62.1 KB
I opened the profile

grafik2154×676 60.4 KB
I changed the profile

grafik2172×624 63.2 KB

6.1. I tried port 20001 also

the error persists

I will send you the journal dump link with private message.

stephdl · November 5, 2024, 3:25pm

that is fun, you have the good configuration like expected, but when you browse to the lam software you have

what we must use is

ldap://accountprovider:20001

you cannot connect directly to a ldap

are you sure you are connecting to the good LAM ?

capote · November 5, 2024, 3:43pm

Yes, I have no better one

stephdl · November 5, 2024, 6:02pm

ldap://accountprovider:20001

capote · November 5, 2024, 7:57pm

Now I have even understood that is not meant to be a variable that I have to replace with my specific AD provider, but the necessary entry.

Now the account provider is found at login, but supposedly the credentials are wrong. I have therefore authorized a second admin user in a second line in the LAM settings.

However, when saving the settings, this is not transferred to the profile, so I have added the profile manually.

But even with the second user it is not possible to log in.

However, both users work in every other context.