PartKeepr icon indicating copy to clipboard operation
PartKeepr copied to clipboard

Published 20 hours ago verified publisher icon partkeepr

Partkeepr Error because of LDAP Setup/Config Changes

Open cgsecret opened this issue 4 years ago • 1 comments

Hi,

i am failing to setup LDAP for Partkeepr and somehow managed to get an Internal Server Error. Im pretty sure that it is a mistake on user level since i am very unsure about my LDAP config.

Here is the error i get if I try to login with an LDAP Account:

Critical Error

Details
==================================
The server returned a response which we were not able to interpret.

Request
==================================
GET http://partkeepr.local/api/system_notices?_dc=1599660073675

Response Status Code
==================================
500

Response
==================================
An Exception was thrown while handling: Internal Server Error

Server Configuration
==================================
doctrine_orm_version: 2.5.4
doctrine_dbal_version: 2.5.2
doctrine_common_version: 2.6.0-DEV
php_version: 7.1.33
auto_start_session: true
maxUploadSize: 2097152
isOctoPartAvailable: false
availableImageFormats: JPG,GIF,PNG
max_users: unlimited
authentication_provider: PartKeepr.Auth.WSSEAuthenticationProvider
tip_of_the_day_uri: https://partkeepr.org/tips/%s
password_change: true
patreonStatus: 
defaultGridPresets: []

Here is my config.yml:

imports:
    - { resource: parameters.php }
    - { resource: security.yml }
    - { resource: partkeepr.yml }
    - { resource: config_framework.yml }
    - { resource: config_doctrine.yml }
    - { resource: config_fos_user.yml }
    - { resource: config_dunglas.yml }
#    - { resource: config_ldap.yml }
    - { resource: config_partkeepr.yml }
    - { resource: config_filesystem.yml }

fos_rest:
    body_listener: true
    format_listener: true
    param_fetcher_listener: force
    service:
        exception_handler: "partkeepr.exceptionwrapper"
    format_listener:
        rules:
            - priorities: [json, xml]
            - fallback_format: json
    view:
        default_engine: php
        formats:
            json: true
            xml: true
        templating_formats:
            html: false
        view_response_listener: true



sensio_framework_extra:
    view:    { annotations: false }
    router:  { annotations: true }

# Assetic Configuration
assetic:
    debug:          %kernel.debug%
    use_controller: false
    bundles:        [ PartKeeprFrontendBundle, PartKeeprMobileFrontendBundle ]
    #java: /usr/bin/java
    filters:
        cssrewrite: ~
        #closure:
        #    jar: %kernel.root_dir%/Resources/java/compiler.jar
        #yui_css:
        #    jar: %kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar

twig:
    exception_controller: 'FOS\RestBundle\Controller\ExceptionController::showAction'

dunglas_api:
    title:       "PartKeepr"
    description: "The PartKeepr REST API"
    collection:
        pagination:
            items_per_page:
                client_can_change: true

sprite_generator:
    sprites:
        fugue16:
            inDir: %kernel.root_dir%/../vendor/brainbits/fugue-icons-bundle/src/Brainbits/FugueIconsBundle/Resources/public/icons/fugue/16/
            outImage: %kernel.root_dir%/../web/spritesheets/fugue-16.png
            outCss: %kernel.root_dir%/../web/spritesheets/fugue-16.css
            relativeImagePath: ./
            padding: 5
            spriteClass: fugue-icon
            cssFormat: css
            imagePositioning: min-image
            imageGenerator: gd2
        partkeepr:
            inDir: %kernel.root_dir%/../src/PartKeepr/FrontendBundle/Resources/public/images/icons/
            outImage: %kernel.root_dir%/../web/spritesheets/partkeepr.png
            outCss: %kernel.root_dir%/../web/spritesheets/partkeepr.css
            relativeImagePath: ./
            padding: 5
            spriteClass: partkeepr-icon
            cssFormat: css
            imagePositioning: min-image
            imageGenerator: gd2

fr3d_ldap:
    driver:
        host:                   10.0.0.2
        port:                   389
        username:               admin
        password:               adminpassword
        bindRequiresDn:         true
        baseDn:                 dc=example, dc=com 
        accountFilterFormat:    (&(uid=%s))
        optReferrals:           false
        useSsl:                 false
        useStartTls:            "%fr3d_ldap.driver.useStartTls%"
        accountCanonicalForm:   "%fr3d_ldap.driver.accountCanonicalForm%"
        accountDomainName:      "%fr3d_ldap.driver.accountDomainName%"
        accountDomainNameShort: "%fr3d_ldap.driver.accountDomainNameShort%"
    user:
        baseDn: ou=users, dc=example, dc=com
        filter: (&(ObjectClass=Person))

services:
    serializer.normalizer.custom:
        class: Symfony\Component\Serializer\Normalizer\ObjectNormalizer
        arguments:
            - "@serializer.mapping.class_metadata_factory"
            - null
            - "@serializer.property_accessor"
        tags:
            - { name: serializer.normalizer, priority: -1 }
        calls:
            - method: "setCircularReferenceLimit"
              arguments: [ [ 5 ] ]

My OpenLDAP Setup looks something like this:

For the binduser

DN: cn=admin,dc=example,dc=com
ObjectClass=organizationalRole
ObjectClass=simpleSecurityObject 
userPassword

DN: uid=exampleUser,ou=users,dc=example,dc=com
...
ObjectClass=Person

Any help regarding the error or the config would be welcome!

Thanks cgsecret

cgsecret avatar Sep 09 '20 14:09 cgsecret

I would recommend against using LDAP to be honest. You will have no ACL whatsoever and any SSO options are not much more than dirty hacks.

It would be much better to get actual multi-user support in future updates of the framework and coupling to an authentication provider with OIDC or SAML.

dromer avatar Dec 26 '20 05:12 dromer