Webtop with external LDAP?

I tried to setup Webtop with external LDAP configured but got an error:

Enqueued anchor job 100 postgres.service/start.
DELETE 1
DELETE 1
INSERT 0 1
INSERT 0 1
DELETE 1
DELETE 1
INSERT 0 1
INSERT 0 1
DELETE 1
INSERT 0 1
bash: -c: line 1: unexpected EOF while looking for matching `"'
bash: -c: line 2: syntax error: unexpected end of file
Traceback (most recent call last):
  File "/home/webtop1/.config/actions/configure-module/20config", line 265, in <module>
    domain_setup(mail_domain, user_domain)
  File "/home/webtop1/.config/actions/configure-module/20config", line 19, in domain_setup
    user_domain_password = subprocess.check_output(['podman', 'run', '--rm', os.environ["WEBTOP_WEBAPP_IMAGE"], 'bash', '-c', "echo -n " + user_domain["bind_password"] + " | java -classpath /usr/share/webtop/ WebtopPassEncode"], text=True).splitlines().pop()
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 466, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['podman', 'run', '--rm', 'ghcr.io/nethserver/webtop-webapp:1.0.15', 'bash', '-c', 'echo -n ********** | java -classpath /usr/share/webtop/ WebtopPassEncode']' returned non-zero exit status 2.

OK, I changed the bind password. Now I use a password without special characters and the configuration was saved…

I still can logon with user admin/admin but not with a AD Domain User.

tested on a remote ldap account without TLS, I cannot reproduce the issue

create an AD on NS7
set to do not ask for encryption

bind to this AD on NS8 without TLS on port 389
install mail, webtop, imapsync

I can use the domain page and the mailboxes page, and the imapsync page, I can login with ldap users to webtop

If I remove the custom template I did on NS7 and I restart the nsdc, then I cannot browse remotely the users on all pages

1 Like

What special characters could potentially trigger the bug? Please tell us more so we can test them!

I suppose. Could you confirm

1 Like

I had to logon as Webtop-admin and write the bind-password agn because I changed it as NS8-cluster-admin just for testing for another app…

Webtop works now, I am able to login with AD user…

@davidep

this issue is reproducible, a bind password with a " and you break webtop but I am not sure that only webtop is touched, maybe other app could be broken too: tested with BindTestPassword"

Enqueued anchor job 47 postgres.service/start.
Enqueued auxiliary job 63 apache.service/start.
Enqueued auxiliary job 60 webapp.service/start.
Enqueued auxiliary job 61 z-push.service/start.
Enqueued auxiliary job 59 webtop.service/start.
Enqueued auxiliary job 62 webdav.service/start.
DELETE 0
INSERT 0 1
DELETE 0
INSERT 0 1
DELETE 1
INSERT 0 1
DELETE 1
DELETE 1
INSERT 0 1
INSERT 0 1
DELETE 1
DELETE 1
INSERT 0 1
INSERT 0 1
DELETE 1
INSERT 0 1
bash: -c: line 1: unexpected EOF while looking for matching `"'
bash: -c: line 2: syntax error: unexpected end of file
Traceback (most recent call last):
  File "/home/webtop1/.config/actions/configure-module/20config", line 265, in <module>
    domain_setup(mail_domain, user_domain)
  File "/home/webtop1/.config/actions/configure-module/20config", line 19, in domain_setup
    user_domain_password = subprocess.check_output(['podman', 'run', '--rm', os.environ["WEBTOP_WEBAPP_IMAGE"], 'bash', '-c', "echo -n " + user_domain["bind_password"] + " | java -classpath /usr/share/webtop/ WebtopPassEncode"], text=True).splitlines().pop()
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/subprocess.py", line 466, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['podman', 'run', '--rm', 'ghcr.io/nethserver/webtop-webapp:1.0.19', 'bash', '-c', 'echo -n BindTestPassword" | java -classpath /usr/share/webtop/ WebtopPassEncode']' returned non-zero exit status 2.
4 Likes