Hello, I am new to penpot and trying to configure a self hosting environment. I am using a VM. I have an LDAP server running on the host and I used Podman to run penpot. This is the error I get when I try to login with LDAP.
I update the docker-compose.yaml as such
Frontend
- PENPOT_FLAGS=enable-registration enable-login-with-ldap
Backend
PENPOT_FLAGS=enable-registration enable-login-with-ldap disable-email-verification enable-smtp enable-prepl-server - PENPOT_LDAP_HOST=10.211.55.3 - PENPOT_LDAP_PORT=389 - PENPOT_LDAP_SSL=false - PENPOT_LDAP_STARTTLS=false - PENPOT_LDAP_BASE_DN=dc=world,dc=srv - PENPOT_LDAP_BIND_DN=cn=Manager,dc=srv,dc=world - PENPOT_LDAP_BIND_PASSWORD=1234 - PENPOT_LDAP_USER_QUERY=uid=:mail - PENPOT_LDAP_ATTRS_USERNAME=uid - PENPOT_LDAP_ATTRS_EMAIL=mail
This is the backend logs when I try to login with ldap user bob@mail.com and password 1234:
DETAIL:
at: com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3946)
com.unboundid.ldap.sdk.AbstractConnectionPool.search(AbstractConnectionPool.java:2142)
jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
java.lang.reflect.Method.invoke(Method.java:577)
clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:102)
clj_ldap.client$search_results.invokeStatic(client.clj:389)
clj_ldap.client$search_results.invoke(client.clj:378)
clj_ldap.client$search.invokeStatic(client.clj:759)
clj_ldap.client$search.invoke(client.clj:753)
app.auth.ldap$search_user.invokeStatic(ldap.clj:52)
app.auth.ldap$search_user.invoke(ldap.clj:43)
app.auth.ldap$retrieve_user.invokeStatic(ldap.clj:56)
app.auth.ldap$retrieve_user.invoke(ldap.clj:54)
app.auth.ldap$authenticate.invokeStatic(ldap.clj:73)
app.auth.ldap$authenticate.invoke(ldap.clj:69)
app.rpc.commands.ldap$sm$login_with_ldap.invokeStatic(ldap.clj:48)
app.rpc.commands.ldap$sm$login_with_ldap.invoke(ldap.clj:37)
clojure.lang.AFn.applyToHelper(AFn.java:156)
clojure.lang.AFn.applyTo(AFn.java:144)
clojure.lang.AFunction$1.doInvoke(AFunction.java:31)
clojure.lang.RestFn.invoke(RestFn.java:421)
app.rpc$wrap_dispatch$fn__46515$fn__46516.invoke(rpc.clj:198)
promesa.exec$wrap_bindings$fn__5316.invoke(exec.cljc:163)
promesa.util.Supplier.get(util.cljc:34)
java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1760)
java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)
I ran the ldapwhoami and ldapsearch on the server for bob@mail.com
[root@localhost docker-penpot]# ldapwhoami -D uid=bob@mail.com,ou=People,dc=srv,dc=world -w 1234
dn:uid=bob@mail.com,ou=People,dc=srv,dc=world
[root@localhost docker-penpot]# ldapsearch -x -b dc=srv,dc=world -D "cn=Manager,dc=srv,dc=world" -w 1234 uid=bob@mail.com
extended LDIF
# LDAPv3
# base <dc=srv,dc=world> with scope subtree
# filter: uid=bob@mail.com
# requesting: ALL
# bob@mail.com, People, srv.world
dn: uid=bob@mail.com,ou=People,dc=srv,dc=world
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: AlmaLinux
sn: Linux
userPassword:: e1NTSEF9bktXTm9Qdi9YTWNCRStTL1FxUGJ5ay80N2tlOVZuZ2I=
loginShell: /bin/bash
uidNumber: 2005
gidNumber: 2005
homeDirectory: /home/bob
uid: bob@mail.com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Is there a way I can see what values are used in the backend container for the ldap authentication.
Do I need to register a new account for LDAP users?
