NS8 - not able to create user for domain

denis.robel · March 12, 2023, 7:50am

NethServer Version: NS8
Module: OpenLdap

When I create provider for a domain I’m not able to create any user or group for this domain.
Error is something went wrong.

My Provider is OpenLdap internal…

Are there any hints to fix this problem? Without domain users a server is useless…

{
  "context": {
    "action": "list-domain-groups",
    "data": {
      "domain": "mydomain.de"
    },
    "extra": {
      "eventId": "c3dcfdff-d5bd-49ce-aed6-c70bcd392809",
      "isNotificationHidden": true,
      "title": "List domain groups"
    },
    "id": "3447c571-d8e9-485e-a838-db181aeda2b8",
    "parent": "",
    "queue": "cluster/tasks",
    "timestamp": "2023-03-12T08:53:28.359834008Z",
    "user": "admin"
  },
  "status": "aborted",
  "progress": 0,
  "subTasks": [],
  "validated": false,
  "result": {
    "error": "Traceback (most recent call last):\n  File \"/var/lib/nethserver/cluster/actions/list-domain-groups/50list_groups\", line 33, in <module>\n    groups = Ldapclient.factory(**domain).list_groups()\n  File \"/usr/local/agent/pypkg/agent/ldapclient/__init__.py\", line 31, in factory\n    return LdapclientRfc2307(**kwargs)\n  File \"/usr/local/agent/pypkg/agent/ldapclient/base.py\", line 37, in __init__\n    self.ldapconn = ldap3.Connection(self.ldapsrv,\n  File \"/usr/local/agent/pyenv/lib/python3.9/site-packages/ldap3/core/connection.py\", line 363, in __init__\n    self._do_auto_bind()\n  File \"/usr/local/agent/pyenv/lib/python3.9/site-packages/ldap3/core/connection.py\", line 387, in _do_auto_bind\n    self.open(read_server_info=False)\n  File \"/usr/local/agent/pyenv/lib/python3.9/site-packages/ldap3/strategy/sync.py\", line 57, in open\n    BaseStrategy.open(self, reset_usage, read_server_info)\n  File \"/usr/local/agent/pyenv/lib/python3.9/site-packages/ldap3/strategy/base.py\", line 146, in open\n    raise exception_history[0][0]\nldap3.core.exceptions.LDAPSocketOpenError: socket connection error while opening: [Errno 111] Connection refused\n",
    "exit_code": 1,
    "file": "cluster/task/3447c571-d8e9-485e-a838-db181aeda2b8",
    "output": ""
  }
}

LayLow · March 12, 2023, 1:19pm

Welcome back!

A description of you setup domains/providers, leader/helpers could help.

denis.robel · March 12, 2023, 1:35pm

ok I try to describe:

My test system is
NS8 on Debian11 on a hosted server (vps)
1 node
1 domain
as provider for authentication 1 created internal openldap
Until here all is working as expected. During the install process there was no error.

Now I should able to add any user or group. But there is no possibility to add them, no button or something else.
When I go to users and groups the system try to list the existing groups an run into this error:

socket connection error while opening: [Errno 111] Connection refused

It seems the ldap server is not readable from the module.

giacomo · March 13, 2023, 9:54am

This is quite strange.
Could you please try on RockyLinux?

Also, if this is not a very recent installation, please redo it.
We are still in alpha stage and we just released some breaking changes on this part.

denis.robel · March 13, 2023, 9:57am

I did it yet with the same result…

giacomo · March 13, 2023, 10:02am

Thank you for your patience.
We already have some tests for this part, but we will try to improve it and re-test the whole part before the beta release.

denis.robel · March 13, 2023, 10:09am

no problem.

I tested it before I set up a productive server with ns7 for my interest.

When NS8 become beta I’ll test it again. I need mailserver, nextcloud, ejabber and virtual hosts.
For one project I made it with containers too but manual configuration. It was tricky thats why I was flashed by NS8 roadmap.
My last contact to NS I had as the first ports on raspi growed up…

The container solution is a big step forward for flexibility!