[GH-ISSUE #505] 0.4.2 won't start in Safari (docker image) #184

New issue

Closed

opened 2026-02-27 08:15:44 +03:00 by kerem · 18 comments

kerem commented 2026-02-27 08:15:44 +03:00

Owner

Copy link

Originally created by @bart268 on GitHub (Mar 27, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/505

I upgraded from 0.4.1 to 0.4.2, after this LDAP and Web Interface won't start for me. Downgrading to 0.4.1 and everything is working again.
Running this using docker compose, right now using the "image: nitnelave/lldap:v0.4.1".

Starting 0.4.1 is showing this logging:
Setup permissions..
Starting lldap..

Loading configuration from /data/lldap_config.toml
2023-03-27T17:42:15.019508521+00:00 INFO set_up_server [ 2.12ms | 100.00% ]
2023-03-27T17:42:15.019538644+00:00 INFO ┝━ ｉ [info]: Starting LLDAP version 0.4.1
2023-03-27T17:42:15.030860201+00:00 INFO ┝━ ｉ [info]: Starting the LDAP server on port 3890
2023-03-27T17:42:15.034345442+00:00 INFO ┕━ ｉ [info]: Starting the API/web server on port 17170
2023-03-27T17:42:15.034719186+00:00 INFO ｉ [info]: Starting 1 workers | log.target: "actix_server::builder" | log.module_path: "actix_server::builder" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-server-2.0.0-beta.5/src/builder.rs" | log.line: 281
2023-03-27T17:42:15.035099867+00:00 INFO ｉ [info]: Starting "ldap" service on 0.0.0.0:3890 | log.target: "actix_server::builder" | log.module_path: "actix_server::builder" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-server-2.0.0-beta.5/src/builder.rs" | log.line: 296
2023-03-27T17:42:15.035268249+00:00 INFO ｉ [info]: Starting "http" service on 0.0.0.0:17170 | log.target: "actix_server::builder" | log.module_path: "actix_server::builder" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-server-2.0.0-beta.5/src/builder.rs" | log.line: 296
2023-03-27T17:42:15.035494339+00:00 INFO ｉ [info]: DB Cleanup Cron started
2023-03-27T17:43:00.525304561+00:00 INFO HTTP request [ 16.2µs | 100.00% ]
2023-03-27T17:43:00.525311012+00:00 INFO ┝━ ｉ [info]: | uri: /
2023-03-27T17:43:00.525332563+00:00 INFO ┕━ ｉ [info]: | status_code: 404
2023-03-27T17:43:00.704929560+00:00 INFO HTTP request [ 155µs | 100.00% ]
2023-03-27T17:43:00.704935571+00:00 INFO ┝━ ｉ [info]: | uri: /
2023-03-27T17:43:00.705091946+00:00 INFO ┕━ ｉ [info]: | status_code: 200

Starting 0.4.2 is only showing this logging:
ldap-docker-lldap-1 | > Setup permissions..
ldap-docker-lldap-1 | > Starting lldap..
ldap-docker-lldap-1 |
ldap-docker-lldap-1 | Loading configuration from /data/lldap_config.toml
ldap-docker-lldap-1 | 2023-03-27T17:38:42.800325707+00:00 INFO set_up_server [ 1.62ms | 100.00% ]
ldap-docker-lldap-1 | 2023-03-27T17:38:42.800334827+00:00 INFO ┝━ ｉ [info]: Starting LLDAP version 0.4.2
ldap-docker-lldap-1 | 2023-03-27T17:38:42.803710790+00:00 INFO ┝━ ｉ [info]: Starting the LDAP server on port 3890
ldap-docker-lldap-1 | 2023-03-27T17:38:42.804550144+00:00 INFO ┕━ ｉ [info]: Starting the API/web server on port 17170
ldap-docker-lldap-1 | 2023-03-27T17:38:42.805081434+00:00 INFO ｉ [info]: starting 1 workers
ldap-docker-lldap-1 | 2023-03-27T17:38:42.805423622+00:00 INFO ｉ [info]: Actix runtime found; starting in Actix runtime
ldap-docker-lldap-1 | 2023-03-27T17:38:42.806473704+00:00 INFO ｉ [info]: DB Cleanup Cron started
ldap-docker-lldap-1 | 2023-03-27T17:39:12.852146791+00:00 INFO LDAP session [ 134µs | 58.99% / 100.00% ]
ldap-docker-lldap-1 | 2023-03-27T17:39:12.852210127+00:00 INFO ┕━ LDAP request [ 54.9µs | 41.01% ]

Unfortunately I don't have any more logging. Checked the latest changelog but didn't see any major changes which would need a change in config.

Originally created by @bart268 on GitHub (Mar 27, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/505 I upgraded from 0.4.1 to 0.4.2, after this LDAP and Web Interface won't start for me. Downgrading to 0.4.1 and everything is working again. Running this using docker compose, right now using the "image: nitnelave/lldap:v0.4.1". **Starting 0.4.1 is showing this logging:** Setup permissions.. Starting lldap.. Loading configuration from /data/lldap_config.toml 2023-03-27T17:42:15.019508521+00:00 INFO set_up_server [ 2.12ms | 100.00% ] 2023-03-27T17:42:15.019538644+00:00 INFO ┝━ ｉ [info]: Starting LLDAP version 0.4.1 2023-03-27T17:42:15.030860201+00:00 INFO ┝━ ｉ [info]: Starting the LDAP server on port 3890 2023-03-27T17:42:15.034345442+00:00 INFO ┕━ ｉ [info]: Starting the API/web server on port 17170 2023-03-27T17:42:15.034719186+00:00 INFO ｉ [info]: Starting 1 workers | log.target: "actix_server::builder" | log.module_path: "actix_server::builder" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-server-2.0.0-beta.5/src/builder.rs" | log.line: 281 2023-03-27T17:42:15.035099867+00:00 INFO ｉ [info]: Starting "ldap" service on 0.0.0.0:3890 | log.target: "actix_server::builder" | log.module_path: "actix_server::builder" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-server-2.0.0-beta.5/src/builder.rs" | log.line: 296 2023-03-27T17:42:15.035268249+00:00 INFO ｉ [info]: Starting "http" service on 0.0.0.0:17170 | log.target: "actix_server::builder" | log.module_path: "actix_server::builder" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-server-2.0.0-beta.5/src/builder.rs" | log.line: 296 2023-03-27T17:42:15.035494339+00:00 INFO ｉ [info]: DB Cleanup Cron started 2023-03-27T17:43:00.525304561+00:00 INFO HTTP request [ 16.2µs | 100.00% ] 2023-03-27T17:43:00.525311012+00:00 INFO ┝━ ｉ [info]: | uri: / 2023-03-27T17:43:00.525332563+00:00 INFO ┕━ ｉ [info]: | status_code: 404 2023-03-27T17:43:00.704929560+00:00 INFO HTTP request [ 155µs | 100.00% ] 2023-03-27T17:43:00.704935571+00:00 INFO ┝━ ｉ [info]: | uri: / 2023-03-27T17:43:00.705091946+00:00 INFO ┕━ ｉ [info]: | status_code: 200 **Starting 0.4.2 is only showing this logging:** ldap-docker-lldap-1 | > Setup permissions.. ldap-docker-lldap-1 | > Starting lldap.. ldap-docker-lldap-1 | ldap-docker-lldap-1 | Loading configuration from /data/lldap_config.toml ldap-docker-lldap-1 | 2023-03-27T17:38:42.800325707+00:00 INFO set_up_server [ 1.62ms | 100.00% ] ldap-docker-lldap-1 | 2023-03-27T17:38:42.800334827+00:00 INFO ┝━ ｉ [info]: Starting LLDAP version 0.4.2 ldap-docker-lldap-1 | 2023-03-27T17:38:42.803710790+00:00 INFO ┝━ ｉ [info]: Starting the LDAP server on port 3890 ldap-docker-lldap-1 | 2023-03-27T17:38:42.804550144+00:00 INFO ┕━ ｉ [info]: Starting the API/web server on port 17170 ldap-docker-lldap-1 | 2023-03-27T17:38:42.805081434+00:00 INFO ｉ [info]: starting 1 workers ldap-docker-lldap-1 | 2023-03-27T17:38:42.805423622+00:00 INFO ｉ [info]: Actix runtime found; starting in Actix runtime ldap-docker-lldap-1 | 2023-03-27T17:38:42.806473704+00:00 INFO ｉ [info]: DB Cleanup Cron started ldap-docker-lldap-1 | 2023-03-27T17:39:12.852146791+00:00 INFO LDAP session [ 134µs | 58.99% / 100.00% ] ldap-docker-lldap-1 | 2023-03-27T17:39:12.852210127+00:00 INFO ┕━ LDAP request [ 54.9µs | 41.01% ] Unfortunately I don't have any more logging. Checked the latest changelog but didn't see any major changes which would need a change in config.

kerem 2026-02-27 08:15:44 +03:00

• closed this issue
• added the
  bug
  backend
  labels

kerem commented 2026-02-27 08:15:45 +03:00

Author

Owner

Copy link

@bart268 commented on GitHub (Mar 27, 2023):

It seem to work in Firefox. Both Safari and Edge are not working, also it seems my radius server isn't reading the ldap groups anymore which could be because of this change: Identify groups with "cn" instead of "uid" in memberOf field.

<!-- gh-comment-id:1485628083 --> @bart268 commented on GitHub (Mar 27, 2023): It seem to work in Firefox. Both Safari and Edge are not working, also it seems my radius server isn't reading the ldap groups anymore which could be because of this change: Identify groups with "cn" instead of "uid" in memberOf field.

kerem commented 2026-02-27 08:15:45 +03:00

Author

Owner

Copy link

@pixelrazor commented on GitHub (Mar 27, 2023):

I wonder if your browser is caching anything? maybe try a force refresh or using incognito to test. I d on't know what you mean by radius server - do you have something concrete i/we can look into?

<!-- gh-comment-id:1485644178 --> @pixelrazor commented on GitHub (Mar 27, 2023): I wonder if your browser is caching anything? maybe try a force refresh or using incognito to test. I d on't know what you mean by radius server - do you have something concrete i/we can look into?

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@bart268 commented on GitHub (Mar 27, 2023):

I am using a radius server (for wireless authentication) which reads the ldap groups. In 0.4.1 it was reading the groups using uid=,etc (my bad). I now changed this to cn=,etc and is working now.

I also tried the browser in incognito mode, this just gives me a blank page. Fortunately working in Firefox and love the dark mode 🙂 Will try to figure out why it's working in some cases.

<!-- gh-comment-id:1485670752 --> @bart268 commented on GitHub (Mar 27, 2023): I am using a radius server (for wireless authentication) which reads the ldap groups. In 0.4.1 it was reading the groups using uid=<group name>,etc (my bad). I now changed this to cn=<group name>,etc and is working now. I also tried the browser in incognito mode, this just gives me a blank page. Fortunately working in Firefox and love the dark mode 🙂 Will try to figure out why it's working in some cases.

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@pixelrazor commented on GitHub (Mar 27, 2023):

If you open the networking tab in your browser tools, i'd be intrested to know what requests are happening/failing when you are having those issues

<!-- gh-comment-id:1485690589 --> @pixelrazor commented on GitHub (Mar 27, 2023): If you open the networking tab in your browser tools, i'd be intrested to know what requests are happening/failing when you are having those issues

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@bart268 commented on GitHub (Mar 27, 2023):

Getting this error in the console tab

[Error] Unhandled Promise Rejection: CompileError: WebAssembly.Module doesn't parse at byte 0: module doesn't start with '\0asm'
(anonymous function) (main.js:3)
asyncFunctionResume
(anonymous function)
promiseReactionJobWithoutPromise
promiseReactionJob

<!-- gh-comment-id:1485692881 --> @bart268 commented on GitHub (Mar 27, 2023): Getting this error in the console tab [Error] Unhandled Promise Rejection: CompileError: WebAssembly.Module doesn't parse at byte 0: module doesn't start with '\0asm' (anonymous function) (main.js:3) asyncFunctionResume (anonymous function) promiseReactionJobWithoutPromise promiseReactionJob

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 27, 2023):

It might be something to do with decompression? Before we served the WASM payload raw, now it's gzipped. Does the response come with the header "content-encoding: gzip"? You can see that in the network tab, for the WASM request (I don't remember the file name right now)

<!-- gh-comment-id:1485701556 --> @nitnelave commented on GitHub (Mar 27, 2023): It might be something to do with decompression? Before we served the WASM payload raw, now it's gzipped. Does the response come with the header "content-encoding: gzip"? You can see that in the network tab, for the WASM request (I don't remember the file name right now)

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@bart268 commented on GitHub (Mar 27, 2023):

Content-Encoding: gzip
Content-Disposition: attachment; filename="lldap_app_bg.wasm.gz"

<!-- gh-comment-id:1485708895 --> @bart268 commented on GitHub (Mar 27, 2023): Content-Encoding: gzip Content-Disposition: attachment; filename="lldap_app_bg.wasm.gz"

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 27, 2023):

I just tried on edge on windows, it worked for me. I don't have a Mac to
test safari, but on an ipad safari it indeed doesn't work. I can't really
debug it from there, though.
Can you check if the response looks good? Is the content-length 717769?
Can you download it and check that it's a valid gzip file, starting with
'\0asm' ?

On Mon, 27 Mar 2023, 21:00 Bart, @.***> wrote:

Content-Encoding: gzip
Content-Disposition: attachment; filename="lldap_app_bg.wasm.gz"

—
Reply to this email directly, view it on GitHub
https://github.com/nitnelave/lldap/issues/505#issuecomment-1485708895,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAGCPWIWIULUXERNWUKDQ53W6HPV3ANCNFSM6AAAAAAWJPASR4
.
You are receiving this because you commented.Message ID:
@.***>

<!-- gh-comment-id:1485792886 --> @nitnelave commented on GitHub (Mar 27, 2023): I just tried on edge on windows, it worked for me. I don't have a Mac to test safari, but on an ipad safari it indeed doesn't work. I can't really debug it from there, though. Can you check if the response looks good? Is the content-length 717769? Can you download it and check that it's a valid gzip file, starting with '\0asm' ? On Mon, 27 Mar 2023, 21:00 Bart, ***@***.***> wrote: > Content-Encoding: gzip > Content-Disposition: attachment; filename="lldap_app_bg.wasm.gz" > > — > Reply to this email directly, view it on GitHub > <https://github.com/nitnelave/lldap/issues/505#issuecomment-1485708895>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAGCPWIWIULUXERNWUKDQ53W6HPV3ANCNFSM6AAAAAAWJPASR4> > . > You are receiving this because you commented.Message ID: > ***@***.***> >

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@pixelrazor commented on GitHub (Mar 27, 2023):

FWIW, i ran this in the docker container of :0.4.2

bash-5.1# gzip -d -c lldap_app_bg.wasm.gz | hexdump -C -n 8
00000000  00 61 73 6d 01 00 00 00                           |.asm....|

I'm going to try to see what we get via http next. If You wanted to try @bart268 and let us know what you see, the command should be curl -s --compressed https://your.domain/pkg/lldap_app_bg.wasm | hexdump -C -n 8

Edit: ran this against the new image

curl -s --compressed 192.168.1.2:17171/pkg/lldap_app_bg.wasm | hexdump -C -n 8
00000000  00 61 73 6d 01 00 00 00                           |.asm....|

<!-- gh-comment-id:1485810633 --> @pixelrazor commented on GitHub (Mar 27, 2023): FWIW, i ran this in the docker container of :0.4.2 ``` bash-5.1# gzip -d -c lldap_app_bg.wasm.gz | hexdump -C -n 8 00000000 00 61 73 6d 01 00 00 00 |.asm....| ``` I'm going to try to see what we get via http next. If You wanted to try @bart268 and let us know what you see, the command should be `curl -s --compressed https://your.domain/pkg/lldap_app_bg.wasm | hexdump -C -n 8` Edit: ran this against the new image ``` curl -s --compressed 192.168.1.2:17171/pkg/lldap_app_bg.wasm | hexdump -C -n 8 00000000 00 61 73 6d 01 00 00 00 |.asm....| ```

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@bart268 commented on GitHub (Mar 27, 2023):

It indead seems to be an issue with safari (and probably some local cache issues with edge browser, this seems to be working now)

curl -s --compressed http://ip/pkg/lldap_app_bg.wasm | hexdump -C -n 8
00000000 00 61 73 6d 01 00 00 00 |.asm....|
00000008

<!-- gh-comment-id:1485816650 --> @bart268 commented on GitHub (Mar 27, 2023): It indead seems to be an issue with safari (and probably some local cache issues with edge browser, this seems to be working now) curl -s --compressed http://ip/pkg/lldap_app_bg.wasm | hexdump -C -n 8 00000000 00 61 73 6d 01 00 00 00 |.asm....| 00000008

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@pixelrazor commented on GitHub (Mar 27, 2023):

Looking into the links in this question seems to show that safari has typically had bugs with wasm

<!-- gh-comment-id:1485820451 --> @pixelrazor commented on GitHub (Mar 27, 2023): Looking into the links in [this](https://stackoverflow.com/questions/73859750/webassembly-wasm-unhandled-promise-rejection-runtimeerror-on-safari) question seems to show that safari has typically had bugs with wasm

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 28, 2023):

Hmm, maybe we need to send the payload uncompressed for safari? We could do that, detect in JS the browser, and request the uncompressed WASM if it's safari. I don't have a test environment, though, could I ask you to test a PR for me once I prepare it?

Btw, @bart268 do you think you could share a sample radius config? In addition to helping others with radius servers, it helps me to see which features are used by integration: I actually looked whether any config was using memberof with groups to see if the change would break anything, but didn't find anything. With a checked in radius config, I would have been able to highlight that as a breaking change in the release.

<!-- gh-comment-id:1486579724 --> @nitnelave commented on GitHub (Mar 28, 2023): Hmm, maybe we need to send the payload uncompressed for safari? We could do that, detect in JS the browser, and request the uncompressed WASM if it's safari. I don't have a test environment, though, could I ask you to test a PR for me once I prepare it? Btw, @bart268 do you think you could share a sample radius config? In addition to helping others with radius servers, it helps me to see which features are used by integration: I actually looked whether any config was using `memberof` with groups to see if the change would break anything, but didn't find anything. With a checked in radius config, I would have been able to highlight that as a breaking change in the release.

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 28, 2023):

@bart268 can you try #507 ? Build+run locally, test on iOS/MacOS with all browsers. I tried it with iOS but I don't have a Mac to test.

<!-- gh-comment-id:1486667871 --> @nitnelave commented on GitHub (Mar 28, 2023): @bart268 can you try #507 ? Build+run locally, test on iOS/MacOS with all browsers. I tried it with iOS but I don't have a Mac to test.

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@bart268 commented on GitHub (Mar 28, 2023):

Happy to help, I will test if you have a PR available.

About the freeradius config, I use the following config to place MAC addresses in different VLAN's on the same wireless network. Not saying this is the best way to fix this but it's working for me. Not sure if all this config should be part of this post but here it is anyway :)

• First part of the authentication is the wireless PSK, after this I do a check on MAC address and LDAP group membership.
• If a MAC address is found in LLDAP it reads the group membership. This is configured in the file "sites-enabled\ssid-name"
  • In 0.4.1 the name returned was "uid=ssid-name-group1,ou=groups,dc=example,dc=com" to I filteren on that.
  • In 0.4.2 the name returned is "cn=ssid-name-group1,ou=groups,dc=example,dc=com", so uid changed to cn. After changing this in the file "sites-enabled\ssid-name" it's working again.
• If a MAC adress is not found in LLDAP, I will return VLAN22 which is basically the guest VLAN.

file: mods-enabled\ldap

ldap {
   server = '<lldap ip>'
   port = 3890
   base_dn = 'DC=example,DC=com'
   identity = 'UID=admin,OU=people,DC=example,DC=com'
   password = <admin password>
   
   update {
     reply:memberOf                  += 'memberOf'
   }

   user {
      base_dn = "${..base_dn}"
      filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
   }

}


file: mods-enabled\files

files file-ssid-name {
                key = "%{Calling-Station-ID}"
                usersfile = ${confdir}/macaddress_ssid-name
}

file: macaddress_ssid-name

DEFAULT Auth-Type := Accept

file: dictionary

ATTRIBUTE memberOf 3000 string

file: sites-enabled\ssid-name

server ssid-name {
        listen {
                type = auth
                ipaddr = *
                port = 18112
        }

post-auth {
        if (&reply:memberOf =~ /cn=ssid-name-group1,ou=groups,dc=example,dc=com/) {
                update reply {
                        Tunnel-Type = VLAN,
                        Tunnel-Medium-Type = IEEE-802,
                        Tunnel-Private-Group-Id = 20
				}
		}
		if (&reply:memberOf =~ /cn=ssid-name-group2,ou=groups,dc=example,dc=com/) {
                update reply {
                        Tunnel-Type = VLAN,
                        Tunnel-Medium-Type = IEEE-802,
                        Tunnel-Private-Group-Id = 21
                }
        }
		else {
                update reply {
                        Tunnel-Type = VLAN,
                        Tunnel-Medium-Type = IEEE-802,
                        Tunnel-Private-Group-Id = 22
                }
        }
}
authorize {
        preprocess
        ldap

        # If cleaning up the Calling-Station-Id...
        rewrite_calling_station_id
 
        # Now check against the authorized_macs file
        file-ssid-name
 
        if (!ok) {
                # No match was found, so reject
                reject
        }
        else {
                # The MAC address was found, so update Auth-Type
                # to accept this auth.
                update control {
                        Auth-Type := Accept
                }
        }
}
}

<!-- gh-comment-id:1486706980 --> @bart268 commented on GitHub (Mar 28, 2023): Happy to help, I will test if you have a PR available. About the freeradius config, I use the following config to place MAC addresses in different VLAN's on the same wireless network. Not saying this is the best way to fix this but it's working for me. Not sure if all this config should be part of this post but here it is anyway :) - First part of the authentication is the wireless PSK, after this I do a check on MAC address and LDAP group membership. - If a MAC address is found in LLDAP it reads the group membership. This is configured in the file "sites-enabled\ssid-name" - In 0.4.1 the name returned was "uid=ssid-name-group1,ou=groups,dc=example,dc=com" to I filteren on that. - In 0.4.2 the name returned is "cn=ssid-name-group1,ou=groups,dc=example,dc=com", so uid changed to cn. After changing this in the file "sites-enabled\ssid-name" it's working again. - If a MAC adress is not found in LLDAP, I will return VLAN22 which is basically the guest VLAN. file: mods-enabled\ldap ``` ldap { server = '<lldap ip>' port = 3890 base_dn = 'DC=example,DC=com' identity = 'UID=admin,OU=people,DC=example,DC=com' password = <admin password> update { reply:memberOf += 'memberOf' } user { base_dn = "${..base_dn}" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" } } file: mods-enabled\files files file-ssid-name { key = "%{Calling-Station-ID}" usersfile = ${confdir}/macaddress_ssid-name } ``` file: macaddress_ssid-name ``` DEFAULT Auth-Type := Accept ``` file: dictionary ``` ATTRIBUTE memberOf 3000 string ``` file: sites-enabled\ssid-name ``` server ssid-name { listen { type = auth ipaddr = * port = 18112 } post-auth { if (&reply:memberOf =~ /cn=ssid-name-group1,ou=groups,dc=example,dc=com/) { update reply { Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 20 } } if (&reply:memberOf =~ /cn=ssid-name-group2,ou=groups,dc=example,dc=com/) { update reply { Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 21 } } else { update reply { Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 22 } } } authorize { preprocess ldap # If cleaning up the Calling-Station-Id... rewrite_calling_station_id # Now check against the authorized_macs file file-ssid-name if (!ok) { # No match was found, so reject reject } else { # The MAC address was found, so update Auth-Type # to accept this auth. update control { Auth-Type := Accept } } } } ```

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 28, 2023):

Thanks for the config! I think I'll just add the ldap mod file, the rest is more usage-specific.

Regarding the PR, I have #507 that should work, can you give it a try?

<!-- gh-comment-id:1486732955 --> @nitnelave commented on GitHub (Mar 28, 2023): Thanks for the config! I think I'll just add the ldap mod file, the rest is more usage-specific. Regarding the PR, I have #507 that should work, can you give it a try?

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@bart268 commented on GitHub (Mar 28, 2023):

You should also add the dictionary file to use "memberOf". And part of the file "sites-enabled\ssid-name" which will actually read the membership.

I will build the new lldap but can only test in a few hours. Not really working with github everyday, should I run "git clone -b safari https://github.com/nitnelave/lldap.git" to get the right build and than compile?

<!-- gh-comment-id:1486790539 --> @bart268 commented on GitHub (Mar 28, 2023): You should also add the dictionary file to use "memberOf". And part of the file "sites-enabled\ssid-name" which will actually read the membership. I will build the new lldap but can only test in a few hours. Not really working with github everyday, should I run "git clone -b safari https://github.com/nitnelave/lldap.git" to get the right build and than compile?

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 28, 2023):

Yes. You should be able to do:

git clone -b safari https://github.com/nitnelave/lldap.git
cd lldap
./app/build.sh
cargo run -- run

And you'll have an instance running on http://localhost:17170

If you don't have it already, a little cargo install wasm-pack can help (see https://github.com/nitnelave/lldap#from-source).

<!-- gh-comment-id:1486795198 --> @nitnelave commented on GitHub (Mar 28, 2023): Yes. You should be able to do: ```shell git clone -b safari https://github.com/nitnelave/lldap.git cd lldap ./app/build.sh cargo run -- run ``` And you'll have an instance running on http://localhost:17170 If you don't have it already, a little `cargo install wasm-pack` can help (see https://github.com/nitnelave/lldap#from-source).

kerem commented 2026-02-27 08:15:46 +03:00

Author

Owner

Copy link

@bart268 commented on GitHub (Mar 28, 2023):

I just build a new docker image, can confirm this build is working. Thanks!

<!-- gh-comment-id:1487119130 --> @bart268 commented on GitHub (Mar 28, 2023): I just build a new docker image, can confirm this build is working. Thanks!

kerem referenced this issue 2026-02-27 08:18:07 +03:00

[PR #184] [CLOSED] ldap: generate uuid attribute #597

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/github_actions/codecov/codecov-action-6

copilot/fix-equality-filters-list-attributes

dependabot/github_actions/docker/build-push-action-7

dependabot/github_actions/docker/metadata-action-6

dependabot/github_actions/docker/setup-buildx-action-4

dependabot/github_actions/docker/login-action-4

copilot/update-download-artifact-action

copilot/fix-opensuse-warnings

copilot/fix-1268

copilot/fix-727

copilot/fix-898

copilot/fix-1256

copilot/fix-1251

copilot/fix-1249

copilot/fix-1206

user-attribute-form

user-ui

group-ui

server-user-attribute-schema

crates

haveibeenpwned

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

v0.0.1

Labels

Clear labels   

backend

  

blocked

  

bug

  

cleanup

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

frontend

  

github_actions

  

good first issue

  

help wanted

  

help wanted

  

integration

  

invalid

  

ldap

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

rust

  

rust

  

tests

  

wontfix

No labels

backend

blocked

bug

cleanup

dependencies

docker

documentation

duplicate

enhancement

enhancement

frontend

github_actions

good first issue

help wanted

help wanted

integration

invalid

ldap

pull-request

question

rust

rust

tests

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/lldap-lldap#184

No description provided.