seafile icon indicating copy to clipboard operation
seafile copied to clipboard

Published 20 hours ago verified publisher icon haiwen

Ldaps not working with seafile 7.0.5 64-bit, on centos 8.2

Open am4nu opened this issue 4 years ago • 5 comments

ccnet config This works HOST = ldap://ad.hostname.ca BASE=DC=ad,DC=hostname,DC=ca [email protected] PASSWORD= LOGIN_ATTR=userPrincipalName FILTER = objectClass=User USE_PAGED_RESULT = true FOLLOW_REFERRALS = false

With ldaps it doesn't, but it works with ldap. I have moved libnssutil3.so outside as mentioned in the documentation.

ccnet.log say ldap_bind failed with wrong username and password, but clearly the credential are fine as it works with ldap.

Ldap search with ssl cert config added works and can fetch all users with simple bind. The following is the cert config in the ldap-client config on the centos8.2 server. /etc/openldap/ldap.conf

SASL_NOCANON on

TLS_REQCERT demand TLS_CACERT /etc/ssl/certs/ca-bundle.crt

any help will be deeply appreciated

so, this works --> ldapsearch -x -b "DC=ad,DC=queensu,DC=ca" -H ldaps://host -D "OHDP_seafile_svc@host" -W with the above client config

am4nu avatar Oct 27 '20 18:10 am4nu

Hello, can you paste the specific ccnet logs here?

feiniks avatar Oct 28 '20 02:10 feiniks

` [10/27/20 16:03:42] user-mgr.c(300): ldap_bind failed for user [email protected]: Can't contact LDAP server. [10/27/20 16:03:42] user-mgr.c(385): Please check USER_DN and PASSWORD settings. [10/27/20 16:03:42] user-mgr.c(300): ldap_bind failed for user [email protected]: Can't contact LDAP server. [10/27/20 16:03:42] user-mgr.c(385): Please check USER_DN and PASSWORD settings. [10/27/20 16:04:10] ../common/session.c(369): Exit at Tue Oct 27 16:04:10 2020

`

am4nu avatar Oct 28 '20 18:10 am4nu

Hello, this may be a problem in the centos 8.2 system. We don't test our seafile's ldaps on centos8, so it may not be supported. We recommend that you use docker to deploy the seafile to avoid such problems.The document is here. https://download.seafile.com/published/seafile-manual/docker/deploy%20seafile%20with%20docker.md

feiniks avatar Oct 29 '20 02:10 feiniks

On CentOS 8, you need to remove the libs liblber-2.4.so.2 libldap-2.4.so.2 libsasl2.so.3 from seafile-server/seafile/lib/ dir for LDAPS to work

dani avatar Jan 06 '21 11:01 dani

I have exactly the same issue, but with Seafile 8.0.7 on Ubuntu 20.04. Using Host = ldap:// in ccnet.conf works, but ldaps:// does not. If I follow the instructions here, I get this error in the browser:

Page unavailable
Sorry, but the requested page is unavailable due to a server hiccup.

Our engineers have been notified, so check back later.

I also tried the CentOS 6 specific instruction mv libnssutil3.so disabled_libs_use_local_ones_instead/, without success. Any combination of moving the mentioned libraries out of the library search path result in the above error.

oyxnaut avatar Sep 10 '21 15:09 oyxnaut

You should change to docker. CentOS is no longer supported.

killing avatar Jan 24 '23 04:01 killing

Is this fixed for Ubuntu 20.04+?

oyxnaut avatar Jan 24 '23 10:01 oyxnaut