nginx-ldap-auth icon indicating copy to clipboard operation
nginx-ldap-auth copied to clipboard
verified publisher icon nginxinc

Successfully installed the nginx-ldap-auth module but errors when i execute

Open 3linkceo opened this issue 1 year ago • 4 comments

Does anyone know how to debug this. I am trying to setup nginx to authenticate using LDAP and installed the nginx-ldap-auth perl moudule but getting these errors:

nginx-ldap-auth settings

Traceback (most recent call last): File "/opt/.venv/python-env/bin/nginx-ldap-auth", line 8, in sys.exit(main()) File "/opt/.venv/python-env/lib64/python3.9/site-packages/nginx_ldap_auth/main.py", line 7, in main from .cli import cli File "/opt/.venv/python-env/lib64/python3.9/site-packages/nginx_ldap_auth/cli/init.py", line 2, in from .server import * # noqa:F403,F401 File "/opt/.venv/python-env/lib64/python3.9/site-packages/nginx_ldap_auth/cli/server.py", line 11, in settings = Settings() File "/opt/.venv/python-env/lib64/python3.9/site-packages/pydantic_settings/main.py", line 84, in init super().init( File "/opt/.venv/python-env/lib64/python3.9/site-packages/pydantic/main.py", line 176, in init self.pydantic_validator.validate_python(data, self_instance=self) pydantic_core._pydantic_core.ValidationError: 5 validation errors for Settings secret_key Field required [type=missing, input_value={}, input_type=dict] For further information visit https://errors.pydantic.dev/2.7/v/missing ldap_uri Field required [type=missing, input_value={}, input_type=dict] For further information visit https://errors.pydantic.dev/2.7/v/missing ldap_binddn Field required [type=missing, input_value={}, input_type=dict] For further information visit https://errors.pydantic.dev/2.7/v/missing ldap_password Field required [type=missing, input_value={}, input_type=dict] For further information visit https://errors.pydantic.dev/2.7/v/missing ldap_basedn Field required [type=missing, input_value={}, input_type=dict] For further information visit https://errors.pydantic.dev/2.7/v/missing

3linkceo avatar Jun 03 '24 15:06 3linkceo

I've encountered this problem testing LDAP authentication using the python module as well (https://github.com/caltechads/nginx-ldap-auth-service). I've created an issue there in case the problem is with the python module.

Unable to start: ValidationError: 5 validation errors for Settings

Did you find any solutions?

JustGitting avatar Feb 10 '25 23:02 JustGitting

You need to export some environment variables into your shell before running the server. See here https://nginx-ldap-auth-service.readthedocs.io/en/latest/configuration.html#environment. The error means that the server can't find those environment variables.

cmalek avatar Feb 10 '25 23:02 cmalek

Thanks @cmalek,

I'm calling the module by supervisord (https://supervisord.org/) to daemonize the module and I've configured it to use the environment settings (--env-file) passed as follows:

[program:nginx-ldap-auth-service]
command=/usr/local/bin/nginx-ldap-auth --env-file /etc/nginx-ldap-auth-service/nginx-ldap-auth-service.env
directory=/tmp
childlogdir=/var/log/nginx-ldap-auth-service
stdout_logfile=/var/log/nginx-ldap-auth-service/stdout.log
stdout_logfile_maxbytes=1MB
redirect_stderr=true
user=nobody
autostart=true
autorestart=true
redirect_stderr=true

supervisord is passing the file to the module according to the logs:

systemd[1]: Started Supervisor process control system for UNIX.
supervisord[969]: 2025-02-11 20:12:12,907 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in the config file.  If you intend to run as root>
supervisord[969]: 2025-02-11 20:12:12,909 INFO Included extra file "/etc/supervisor/conf.d/nginx-ldap-auth-service.conf" during parsing
supervisord[969]: 2025-02-11 20:12:12,917 INFO RPC interface 'supervisor' initialized
supervisord[969]: 2025-02-11 20:12:12,917 CRIT Server 'unix_http_server' running without any HTTP authentication checking
supervisord[969]: 2025-02-11 20:12:12,917 INFO supervisord started with pid 969
supervisord[969]: 2025-02-11 20:12:13,923 INFO spawned: 'nginx-ldap-auth-service' with pid 1211
supervisord[969]: 2025-02-11 20:12:14,928 INFO success: nginx-ldap-auth-service entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
supervisord[969]: 2025-02-11 20:12:16,127 INFO exited: nginx-ldap-auth-service (exit status 1; not expected)
supervisord[969]: 2025-02-11 20:12:17,131 INFO spawned: 'nginx-ldap-auth-service' with pid 1306

I'll do some more digging to see why the env file is not being passed to the module.

JustGitting avatar Feb 11 '25 00:02 JustGitting

Ugh, what it actually is is that I pass the value of that --env-file flag into the uvicorn startup, but uvicorn doesn't accept an --env-file flag.

The relevant bit is in nginx_ldap_auth.cli.server.start

Try passing them in with with supervisor.conf config instead of using --env-file and I'll remove that flag.

See: https://stackoverflow.com/questions/12900402/supervisor-and-environment-variables

cmalek avatar Feb 11 '25 00:02 cmalek