Hello im new,
please be kind if this ist the wrong topic
We have Penpot running in Docker and we also use LDAP for Authentication.
After Updating to latest version Penpot is not comming up.
All containers are running
Looking through the logs of the containers i find the following:
Frontend - Log is emty
Backend - several LDAP related errors:
+ exec /opt/jre/bin/java -Dim4java.useV7=true -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j2.configurationFile=log4j2.xml -XX:-OmitStackTraceInFastThrow --sun-misc-unsafe-memory-access=allow --enable-native-access=ALL-UNNAMED --enable-preview -jar penpot.jar -m app.main
[2025-07-29 09:54:54.241] E app.auth.ldap - hint="unable to connect to LDAP server (LDAP auth provider disabled)", host="ldapserver.domain.tld", port=1636
SUMMARY:
→ clojure.lang.ExceptionInfo: unable to connect to ldap server (ldap.clj:33)
→ com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to connect to server ldapserver.domain.tld:1636: IOException(LDAPException... (LDAPConnection.java:915)
→ java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server... (LDAPConnectionInternals.java:204)
→ com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to establish a connection to server ldapserver.domain.tld/IP-OF-LDAP-SERVER:163... (ConnectThread.java:287)
→ javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure (:-1)
DETAIL:
→ clojure.lang.ExceptionInfo: unable to connect to ldap server (ldap.clj:33)
at: app.auth.ldap$connect.invokeStatic(ldap.clj:33)
app.auth.ldap$connect.invoke(ldap.clj:25)
app.auth.ldap$try_connectivity.invokeStatic(ldap.clj:93)
app.auth.ldap$try_connectivity.invoke(ldap.clj:85)
app.auth.ldap$eval29136$fn__29137.invoke(ldap.clj:134)
clojure.lang.MultiFn.invoke(MultiFn.java:234)
integrant.core$try_build_action.invokeStatic(core.cljc:419)
integrant.core$try_build_action.invoke(core.cljc:418)
integrant.core$build_key.invokeStatic(core.cljc:427)
integrant.core$build_key.invoke(core.cljc:423)
clojure.core$partial$fn__5933.invoke(core.clj:2656)
clojure.core.protocols$fn__8279.invokeStatic(protocols.clj:167)
clojure.core.protocols/fn(protocols.clj:123)
clojure.core.protocols$fn__8233$G__8228__8242.invoke(protocols.clj:19)
clojure.core.protocols$seq_reduce.invokeStatic(protocols.clj:31)
clojure.core.protocols$fn__8266.invokeStatic(protocols.clj:74)
clojure.core.protocols/fn(protocols.clj:74)
clojure.core.protocols$fn__8207$G__8202__8220.invoke(protocols.clj:13)
clojure.core$reduce.invokeStatic(core.clj:6965)
clojure.core$reduce.invoke(core.clj:6947)
integrant.core$build.invokeStatic(core.cljc:453)
integrant.core$build.invoke(core.cljc:430)
integrant.core$init.invokeStatic(core.cljc:675)
integrant.core$init.invoke(core.cljc:667)
integrant.core$init.invokeStatic(core.cljc:672)
integrant.core$init.invoke(core.cljc:667)
app.main$start$fn__28974.invoke(main.clj:549)
clojure.lang.AFn.applyToHelper(AFn.java:154)
clojure.lang.AFn.applyTo(AFn.java:144)
clojure.lang.Var.alterRoot(Var.java:310)
clojure.core$alter_var_root.invokeStatic(core.clj:5563)
clojure.core$alter_var_root.doInvoke(core.clj:5558)
clojure.lang.RestFn.invoke(RestFn.java:428)
app.main$start.invokeStatic(main.clj:543)
app.main$start.invoke(main.clj:539)
app.main$_main.invokeStatic(main.clj:609)
app.main$_main.doInvoke(main.clj:601)
clojure.lang.RestFn.invoke(RestFn.java:400)
clojure.lang.AFn.applyToHelper(AFn.java:152)
clojure.lang.RestFn.applyTo(RestFn.java:135)
clojure.lang.Var.applyTo(Var.java:707)
clojure.core$apply.invokeStatic(core.clj:667)
clojure.main$main_opt.invokeStatic(main.clj:515)
clojure.main$main_opt.invoke(main.clj:511)
clojure.main$main.invokeStatic(main.clj:665)
clojure.main$main.doInvoke(main.clj:617)
clojure.lang.RestFn.applyTo(RestFn.java:140)
clojure.lang.Var.applyTo(Var.java:707)
clojure.main.main(main.java:40)
dt: {:type :restriction, :code :unable-to-connect-to-ldap, :hint "unable to connect to ldap server"}
→ com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to connect to server ldapserver.domain.tld:1636: IOException(LDAPException... (LDAPConnection.java:915)
at: com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:915)
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:802)
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:740)
com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:560)
jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(:-1)
java.lang.reflect.Constructor.newInstanceWithCaller(:-1)
java.lang.reflect.Constructor.newInstance(:-1)
clojure.lang.Reflector.invokeConstructor(Reflector.java:334)
clj_ldap.client$create_connection.invokeStatic(client.clj:188)
clj_ldap.client$create_connection.invoke(client.clj:177)
clj_ldap.client$connect_to_host.invokeStatic(client.clj:233)
clj_ldap.client$connect_to_host.invoke(client.clj:228)
clj_ldap.client$connect.invokeStatic(client.clj:522)
clj_ldap.client$connect.invoke(client.clj:490)
app.auth.ldap$connect.invokeStatic(ldap.clj:31)
app.auth.ldap$connect.invoke(ldap.clj:25)
app.auth.ldap$try_connectivity.invokeStatic(ldap.clj:93)
app.auth.ldap$try_connectivity.invoke(ldap.clj:85)
app.auth.ldap$eval29136$fn__29137.invoke(ldap.clj:134)
clojure.lang.MultiFn.invoke(MultiFn.java:234)
integrant.core$try_build_action.invokeStatic(core.cljc:419)
integrant.core$try_build_action.invoke(core.cljc:418)
integrant.core$build_key.invokeStatic(core.cljc:427)
integrant.core$build_key.invoke(core.cljc:423)
clojure.core$partial$fn__5933.invoke(core.clj:2656)
clojure.core.protocols$fn__8279.invokeStatic(protocols.clj:167)
clojure.core.protocols/fn(protocols.clj:123)
clojure.core.protocols$fn__8233$G__8228__8242.invoke(protocols.clj:19)
clojure.core.protocols$seq_reduce.invokeStatic(protocols.clj:31)
clojure.core.protocols$fn__8266.invokeStatic(protocols.clj:74)
clojure.core.protocols/fn(protocols.clj:74)
clojure.core.protocols$fn__8207$G__8202__8220.invoke(protocols.clj:13)
clojure.core$reduce.invokeStatic(core.clj:6965)
clojure.core$reduce.invoke(core.clj:6947)
integrant.core$build.invokeStatic(core.cljc:453)
integrant.core$build.invoke(core.cljc:430)
integrant.core$init.invokeStatic(core.cljc:675)
integrant.core$init.invoke(core.cljc:667)
integrant.core$init.invokeStatic(core.cljc:672)
integrant.core$init.invoke(core.cljc:667)
app.main$start$fn__28974.invoke(main.clj:549)
clojure.lang.AFn.applyToHelper(AFn.java:154)
clojure.lang.AFn.applyTo(AFn.java:144)
clojure.lang.Var.alterRoot(Var.java:310)
clojure.core$alter_var_root.invokeStatic(core.clj:5563)
clojure.core$alter_var_root.doInvoke(core.clj:5558)
clojure.lang.RestFn.invoke(RestFn.java:428)
app.main$start.invokeStatic(main.clj:543)
app.main$start.invoke(main.clj:539)
app.main$_main.invokeStatic(main.clj:609)
app.main$_main.doInvoke(main.clj:601)
clojure.lang.RestFn.invoke(RestFn.java:400)
clojure.lang.AFn.applyToHelper(AFn.java:152)
clojure.lang.RestFn.applyTo(RestFn.java:135)
clojure.lang.Var.applyTo(Var.java:707)
clojure.core$apply.invokeStatic(core.clj:667)
clojure.main$main_opt.invokeStatic(main.clj:515)
clojure.main$main_opt.invoke(main.clj:511)
clojure.main$main.invokeStatic(main.clj:665)
clojure.main$main.doInvoke(main.clj:617)
clojure.lang.RestFn.applyTo(RestFn.java:140)
clojure.lang.Var.applyTo(Var.java:707)
clojure.main.main(main.java:40)
→ java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server... (LDAPConnectionInternals.java:204)
at: com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:204)
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:904)
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:802)
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:740)
com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:560)
jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(:-1)
java.lang.reflect.Constructor.newInstanceWithCaller(:-1)
java.lang.reflect.Constructor.newInstance(:-1)
clojure.lang.Reflector.invokeConstructor(Reflector.java:334)
clj_ldap.client$create_connection.invokeStatic(client.clj:188)
clj_ldap.client$create_connection.invoke(client.clj:177)
clj_ldap.client$connect_to_host.invokeStatic(client.clj:233)
clj_ldap.client$connect_to_host.invoke(client.clj:228)
clj_ldap.client$connect.invokeStatic(client.clj:522)
clj_ldap.client$connect.invoke(client.clj:490)
app.auth.ldap$connect.invokeStatic(ldap.clj:31)
app.auth.ldap$connect.invoke(ldap.clj:25)
app.auth.ldap$try_connectivity.invokeStatic(ldap.clj:93)
app.auth.ldap$try_connectivity.invoke(ldap.clj:85)
app.auth.ldap$eval29136$fn__29137.invoke(ldap.clj:134)
clojure.lang.MultiFn.invoke(MultiFn.java:234)
integrant.core$try_build_action.invokeStatic(core.cljc:419)
integrant.core$try_build_action.invoke(core.cljc:418)
integrant.core$build_key.invokeStatic(core.cljc:427)
integrant.core$build_key.invoke(core.cljc:423)
clojure.core$partial$fn__5933.invoke(core.clj:2656)
clojure.core.protocols$fn__8279.invokeStatic(protocols.clj:167)
clojure.core.protocols/fn(protocols.clj:123)
clojure.core.protocols$fn__8233$G__8228__8242.invoke(protocols.clj:19)
clojure.core.protocols$seq_reduce.invokeStatic(protocols.clj:31)
clojure.core.protocols$fn__8266.invokeStatic(protocols.clj:74)
clojure.core.protocols/fn(protocols.clj:74)
clojure.core.protocols$fn__8207$G__8202__8220.invoke(protocols.clj:13)
clojure.core$reduce.invokeStatic(core.clj:6965)
clojure.core$reduce.invoke(core.clj:6947)
integrant.core$build.invokeStatic(core.cljc:453)
integrant.core$build.invoke(core.cljc:430)
integrant.core$init.invokeStatic(core.cljc:675)
integrant.core$init.invoke(core.cljc:667)
integrant.core$init.invokeStatic(core.cljc:672)
integrant.core$init.invoke(core.cljc:667)
app.main$start$fn__28974.invoke(main.clj:549)
clojure.lang.AFn.applyToHelper(AFn.java:154)
clojure.lang.AFn.applyTo(AFn.java:144)
clojure.lang.Var.alterRoot(Var.java:310)
clojure.core$alter_var_root.invokeStatic(core.clj:5563)
clojure.core$alter_var_root.doInvoke(core.clj:5558)
clojure.lang.RestFn.invoke(RestFn.java:428)
app.main$start.invokeStatic(main.clj:543)
app.main$start.invoke(main.clj:539)
app.main$_main.invokeStatic(main.clj:609)
app.main$_main.doInvoke(main.clj:601)
clojure.lang.RestFn.invoke(RestFn.java:400)
clojure.lang.AFn.applyToHelper(AFn.java:152)
clojure.lang.RestFn.applyTo(RestFn.java:135)
clojure.lang.Var.applyTo(Var.java:707)
clojure.core$apply.invokeStatic(core.clj:667)
clojure.main$main_opt.invokeStatic(main.clj:515)
clojure.main$main_opt.invoke(main.clj:511)
clojure.main$main.invokeStatic(main.clj:665)
clojure.main$main.doInvoke(main.clj:617)
clojure.lang.RestFn.applyTo(RestFn.java:140)
clojure.lang.Var.applyTo(Var.java:707)
clojure.main.main(main.java:40)
→ com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to establish a connection to server ldapserver.domain.tld/IP-OF-LDAP-SERVER:163... (ConnectThread.java:287)
at: com.unboundid.ldap.sdk.ConnectThread.getConnectedSocket(ConnectThread.java:287)
com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:185)
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:904)
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:802)
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:740)
com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:560)
jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(:-1)
java.lang.reflect.Constructor.newInstanceWithCaller(:-1)
java.lang.reflect.Constructor.newInstance(:-1)
clojure.lang.Reflector.invokeConstructor(Reflector.java:334)
clj_ldap.client$create_connection.invokeStatic(client.clj:188)
clj_ldap.client$create_connection.invoke(client.clj:177)
clj_ldap.client$connect_to_host.invokeStatic(client.clj:233)
clj_ldap.client$connect_to_host.invoke(client.clj:228)
clj_ldap.client$connect.invokeStatic(client.clj:522)
clj_ldap.client$connect.invoke(client.clj:490)
app.auth.ldap$connect.invokeStatic(ldap.clj:31)
app.auth.ldap$connect.invoke(ldap.clj:25)
app.auth.ldap$try_connectivity.invokeStatic(ldap.clj:93)
app.auth.ldap$try_connectivity.invoke(ldap.clj:85)
app.auth.ldap$eval29136$fn__29137.invoke(ldap.clj:134)
clojure.lang.MultiFn.invoke(MultiFn.java:234)
integrant.core$try_build_action.invokeStatic(core.cljc:419)
integrant.core$try_build_action.invoke(core.cljc:418)
integrant.core$build_key.invokeStatic(core.cljc:427)
integrant.core$build_key.invoke(core.cljc:423)
clojure.core$partial$fn__5933.invoke(core.clj:2656)
clojure.core.protocols$fn__8279.invokeStatic(protocols.clj:167)
clojure.core.protocols/fn(protocols.clj:123)
clojure.core.protocols$fn__8233$G__8228__8242.invoke(protocols.clj:19)
clojure.core.protocols$seq_reduce.invokeStatic(protocols.clj:31)
clojure.core.protocols$fn__8266.invokeStatic(protocols.clj:74)
clojure.core.protocols/fn(protocols.clj:74)
clojure.core.protocols$fn__8207$G__8202__8220.invoke(protocols.clj:13)
clojure.core$reduce.invokeStatic(core.clj:6965)
clojure.core$reduce.invoke(core.clj:6947)
integrant.core$build.invokeStatic(core.cljc:453)
integrant.core$build.invoke(core.cljc:430)
integrant.core$init.invokeStatic(core.cljc:675)
integrant.core$init.invoke(core.cljc:667)
integrant.core$init.invokeStatic(core.cljc:672)
integrant.core$init.invoke(core.cljc:667)
app.main$start$fn__28974.invoke(main.clj:549)
clojure.lang.AFn.applyToHelper(AFn.java:154)
clojure.lang.AFn.applyTo(AFn.java:144)
clojure.lang.Var.alterRoot(Var.java:310)
clojure.core$alter_var_root.invokeStatic(core.clj:5563)
clojure.core$alter_var_root.doInvoke(core.clj:5558)
clojure.lang.RestFn.invoke(RestFn.java:428)
app.main$start.invokeStatic(main.clj:543)
app.main$start.invoke(main.clj:539)
app.main$_main.invokeStatic(main.clj:609)
app.main$_main.doInvoke(main.clj:601)
clojure.lang.RestFn.invoke(RestFn.java:400)
clojure.lang.AFn.applyToHelper(AFn.java:152)
clojure.lang.RestFn.applyTo(RestFn.java:135)
clojure.lang.Var.applyTo(Var.java:707)
clojure.core$apply.invokeStatic(core.clj:667)
clojure.main$main_opt.invokeStatic(main.clj:515)
clojure.main$main_opt.invoke(main.clj:511)
clojure.main$main.invokeStatic(main.clj:665)
clojure.main$main.doInvoke(main.clj:617)
clojure.lang.RestFn.applyTo(RestFn.java:140)
clojure.lang.Var.applyTo(Var.java:707)
clojure.main.main(main.java:40)
→ javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure (:-1)
at: sun.security.ssl.Alert.createSSLException(:-1)
sun.security.ssl.Alert.createSSLException(:-1)
sun.security.ssl.TransportContext.fatal(:-1)
sun.security.ssl.Alert$AlertConsumer.consume(:-1)
sun.security.ssl.TransportContext.dispatch(:-1)
sun.security.ssl.SSLTransport.decode(:-1)
sun.security.ssl.SSLSocketImpl.decode(:-1)
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(:-1)
sun.security.ssl.SSLSocketImpl.startHandshake(:-1)
sun.security.ssl.SSLSocketImpl.startHandshake(:-1)
com.unboundid.util.ssl.SetEnabledProtocolsAndCipherSuitesSocket.startHandshake(SetEnabledProtocolsAndCipherSuitesSocket.java:926)
com.unboundid.ldap.sdk.ConnectThread.run(ConnectThread.java:173)
[2025-07-29 09:54:54.253] I app.metrics - action="initialize metrics"
[2025-07-29 09:54:54.274] I app.db - hint="initialize connection pool", name="main", uri="postgresql://penpot-postgres/penpot", read-only=false, credentials=true, min-size=0, max-size=60
[2025-07-29 09:54:54.315] I app.migrations - hint="running migrations", module=:app.migrations/migrations
[2025-07-29 09:54:54.560] I app.worker.executor - hint="executor started"
[2025-07-29 09:54:54.565] I app.redis - hint="initialize redis resources", uri="redis://penpot-redis/0", io-threads=3, worker-threads=3
[2025-07-29 09:54:54.762] I app.msgbus - hint="initialize msgbus", buffer-size=128
[2025-07-29 09:54:55.638] I app.http - hint="starting http server", port=6060, host="0.0.0.0"
[2025-07-29 09:54:55.654] I io.undertow - starting server: Undertow - 2.3.18.Final
[2025-07-29 09:54:55.659] I org.xnio - XNIO version 3.8.16.Final
[2025-07-29 09:54:55.663] I org.xnio.nio - XNIO NIO Implementation Version 3.8.16.Final
[2025-07-29 09:54:55.705] I org.jboss.threads - JBoss Threads version 3.5.0.Final
[2025-07-29 09:54:55.762] I app.loggers.database - hint="initializing database error persistence"
[2025-07-29 09:54:55.766] I app.storage.tmp - hint="started tmp cleaner", default-min-age="1h"
[2025-07-29 09:54:55.772] I app.worker - hint="registry initialized", tasks=15
[2025-07-29 09:54:55.775] I app.worker.cron - hint="started", tasks=7
[2025-07-29 09:54:55.785] I app.worker.dispatcher - hint="started"
[2025-07-29 09:54:55.786] I app.worker.executor - hint="monitor started", name="default"
[2025-07-29 09:54:55.792] I app.worker.runner - hint="started", id=0, queue="webhooks"
[2025-07-29 09:54:55.792] I app.worker.runner - hint="started", id=0, queue="default"
[2025-07-29 09:54:55.798] I app.srepl - hint="initializing repl server", name="prepl", port=6063, host="localhost"
[2025-07-29 09:54:55.805] I app.main - hint="welcome to penpot", flags="backend-openapi-doc,dashboard-templates-section,google-fonts-provider,exporter-svgo,backend-api-doc,backend-svgo,export-file-v3,onboarding,backend-worker,smtp,component-thumbnails,prepl-server,login-with-ldap,frontend-svgo", worker?=true, version="2.8.0"
the postgres gets ready but then gets 3 x “unexpected EOF on client connection with an open transaction”
redis and exporter get ready and connected
Im suspecting an The LDAP Error to cause the Problem.
And it seems to be an issue with tls-handshake, probably the self-signed certificate but how do i tell penpot not to care about that?
