Phpldapadmin not accessible using FQDN

NethServer Version: 7.9.2009
Module: phpldapadmin
Hi, I have just installed phpldapadmin as per the instructions at phpldapadmin [NethServer Wiki]. The minor issue I have picked up is, if i go to https://my_ip/phpldapadmin it works fine, I can log in, but if I use the link in Cockpit Applications, it goes to https://FQDN/phpldapadmin/ and I get the errors:
Deprecated : Required parameter $data follows optional parameter $subitem in /usr/share/phpldapadmin/lib/functions.php on line 931

Fatal error : Array and string offset access syntax with curly braces is no longer supported in /usr/share/phpldapadmin/lib/functions.php on line 1641
Could anyone perhaps clarify why this is happening please?

Hi

It’s probably due to the fact that the FQDN can’t be correctly reached…
If you add in NethServers FQDN in NethServers DNS along with it’s IP, it will probably work - your PC / Notebook will need to use NethServers DNS.

→ Using NethServers AD, it is almost mandatory to use NethServers DNS!

A similiar thing happens with the App “Report”, which can be installed from Cockpit Software Center. This App requires https access with a correct SSL cert, so it will NOT work using IP alone, as using IP does not get you a correct SSL cert.

My 2 cents
Andy

Another option is that your server is using a higher php version than the one provided by default and since phpLDAPadmin on EPEL is “old” it does not fully support more current php versions (hence the deprecation notice).

Some of those issues could be fixed by using a more recent phpLDAPadmin version (that means finding some repository that has a newer rpm packaged version or packaging it ourselves from sources… or a custom/separate install from source instead of using the EPEL rpm, but then you miss the ‘nethserver magic’).

EDIT:

ok, but then I guess it shall happen regardless of using an IP or a FQDN.

@Andy_Wismer Ok, that sounds like a plan, but I just want to ask, will setting any DNS entries in Nethserver not interfere with my ISPs DNS entries, or are they separate from each other? I know I said I understand the workings of DNS however, when it comes to “internal” vs “external” I do get a bit confused.

Hi Mark

Essentially, internal and external DNS are relativ simple to comprehend.
The main guideline is:

The internal DNS can resolve all internal and external queries concerning your domain (name) and all queries regarding internal IP (PTR / Reverse Lookup).

The external DNS can only resolve external IPs and names. Your external IP? sure. But nothing internal! (Need to know basis, does the internet or anyone there need to use this?)

Example

An internal server, like your NethServer would need an entry on both DNS, if intended eg for mail, which must be reachable internally and externally. The internal DNS returns the internal (correct) IP, the external returns the external IP of your gateway.

Internal DNS and External do not at all interfere with each other (Typos in names / IPs aside!).

Errors are also simple to solve: if externally it works, but not internally, the internal DNS needs an entry. The other way is also valid, if it works internally, but not externally, the external DNS is missing an entry (Or your router needs a port-forwarding entry!).

Hope that’s understandable!

My 2 cents
Andy

@Andy_Wismer 100% Understandable, thank you! I will go about setting up internal DNS then.

1 Like

@markdewet

Another advantage is less timeouts due to non or wrong resolution of hosts…

If the internal DNS has no relevant entry, but the external can resolve a name or IP, that value will be returned. Example: Google / Facebook. The internal DNS will resolve both correctly.
If you want to block eg Facebook, just make an entry for facebook.com, pointing to localhost or whatever you want. You can point to a virtual host with a simple webpage saying Facebook access is not allowed here…
A benefit: You get nice statistics, who tried to access Facebook when eg AWstats is installed!

:slight_smile:

@Andy_Wismer Yes I know AWStats, I will be installing it soon.

@dnutan Hi, thanks, however, as I mentioned, it’s not a critical issue, I can access using IP address no problem, so will just live with that for now.

@Andy_Wismer Hi, I have a quick qustion regarding DNS in Nethserver. I looked at adding DNS entries via Cockpit, however, I am a little baffled. How does one specify a specific (A or MX or such ) record using the DNS page in Cockpit? Or is there a different way?

Hi

NethServers DNS can’t handle CNAMEs (Aliases) or MX, except for itself.
A Records are possible, but that’s about it.
Another (large) shortcoming is PTR records. Reverse Lookups aren’t correct when several A hosts refer the same IP… :frowning:

One of the reasons I use my OPNsense as DNS and NethServer also. This way AD works without hassles.

I’d like to see NethServer 8.x support Unbound or BIND (Or both!).

:slight_smile:

My 2 cents
Andy

Ah Ok, is OPNsense installed on your Nethserver or is a separate box?

OPNsense is mostly a seperate box. I tend to use PCEngines APU4d4 for most cases.
I do have 3 cases where OPNsense is running as a VM in Proxmox, but these cases are hosted environments, without the option to add in an OPNsense box (Or VERY expensive…).

I use OPNsense as main firewall, VPN Gateway and also for DNS / DHCP.
It’s nice to have Internet when (rarely) NethServer has an issue, and you’ld like to check the NethServer Forum for a fix… :slight_smile:
OPNsense is like NethServer, really rock solid! (Also free to use), and includes HA / Failover.
Not just WAN Failover but also full firewall box failover, useing 2 or more OPNsense boxes. These can be any combination of real / virtual boxes!