starred/lldap-lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-04-25 08:15:52 +03:00
Code Issues 101 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #756] [BUG] LLDAP stuck in restart loop with UNIQUE constraint failures on fresh sqlite install - lldap exited code 132 #277

New issue
Closed
opened 2026-02-27 08:16:19 +03:00 by kerem · 18 comments
kerem commented 2026-02-27 08:16:19 +03:00
Owner
Copy link

Originally created by @tylerpace on GitHub (Dec 10, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/756

Describe the bug
lldap v0.5.0 is stuck in a restart loop on a fresh install due to failed UNIQUE database constraints in sqlite.

To Reproduce
For context, I tried to upgrade from 0.4.3 to 0.5.0 and got the expected UNIQUE constraint error on emails that I had shared across different users. I updated the emails directly in users.db using sqlite3 but lldap continued to restart with failed UNIQUE constraints.

So, I started with a fresh v0.5.0 install with a clean data directory with the following docker compose specification:

  lldap:
    container_name: lldap
    image: lldap/lldap:v0.5.0
    restart: unless-stopped
    environment:
      TZ: ${TZ}
      UID: ${PUID}
      GID: ${PGID}
      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
      LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS}
      LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN}
    volumes:
      - ${DOCKER_DIR}/lldap:/data

lldap continues to get stuck in a restart loop with this output:

Loading configuration from /data/lldap_config.toml
2023-12-10T22:18:02.298303464+00:00  INFO     set_up_server [ 1.21ms | 100.00% ]
2023-12-10T22:18:02.298319013+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.5.0
2023-12-10T22:18:02.305599549+00:00  WARN     ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password
2023-12-10T22:18:02.306208556+00:00  ERROR    ┕━ 🚨 [error]:  | error: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`
2023-12-10T22:18:02.306269670+00:00  ERROR    🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email: error returned from database: (code: 2067) UNIQUE constraint failed: users.email
2023-12-10T22:18:02.306326767+00:00  INFO     i [info]: End.

I stopped lldap and manually updated the admin email via sqlite3 with this command:

update users set email = 'name@domain.com' where user_id = 'admin';

Then, I restarted lldap and got stuck in a similar restart loop due to a failed UNIQUE constrains on users.user_id. The following output will loop every few seconds.

Loading configuration from /data/lldap_config.toml
2023-12-10T22:24:48.328008495+00:00  INFO     set_up_server [ 1.37ms | 100.00% ]
2023-12-10T22:24:48.328020708+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.5.0
2023-12-10T22:24:48.333270604+00:00  WARN     ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password
2023-12-10T22:24:48.333914867+00:00  ERROR    ┕━ 🚨 [error]:  | error: Database error: `Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id`
2023-12-10T22:24:48.333964970+00:00  ERROR    🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id`: Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id
2023-12-10T22:24:48.334002630+00:00  INFO     i [info]: End.

Expected behavior
I expect lldap to instantiate with a default admin account that I can use to login and to complete my configuration.

Additional context
I can't get 0.4.3 to work on a fresh install either. lldap immediately falls into a restart loop even though logs appear to be successful. The following output will loop every few seconds.

> Setup permissions..
> Starting lldap..

Loading configuration from /data/lldap_config.toml
2023-12-10T22:37:21.478722792+00:00  INFO     set_up_server [ 1.11ms | 100.00% ]
2023-12-10T22:37:21.478731288+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.4.3
2023-12-10T22:37:21.482793217+00:00  INFO     ┝━ i [info]: Starting the LDAP server on port 3890
2023-12-10T22:37:21.484134880+00:00  INFO     ┕━ i [info]: Starting the API/web server on port 17170
2023-12-10T22:37:21.484198849+00:00  INFO     i [info]: starting 1 workers
2023-12-10T22:37:21.484202095+00:00  INFO     i [info]: Actix runtime found; starting in Actix runtime
Originally created by @tylerpace on GitHub (Dec 10, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/756 **Describe the bug** `lldap` v0.5.0 is stuck in a restart loop on a fresh install due to failed UNIQUE database constraints in sqlite. **To Reproduce** For context, I tried to upgrade from 0.4.3 to 0.5.0 and got the expected UNIQUE constraint error on emails that I had shared across different users. I updated the emails directly in `users.db` using `sqlite3` but `lldap` continued to restart with failed UNIQUE constraints. So, I started with a fresh v0.5.0 install with a clean data directory with the following `docker compose` specification: ``` lldap: container_name: lldap image: lldap/lldap:v0.5.0 restart: unless-stopped environment: TZ: ${TZ} UID: ${PUID} GID: ${PGID} LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET} LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS} LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN} volumes: - ${DOCKER_DIR}/lldap:/data ``` `lldap` continues to get stuck in a restart loop with this output: ``` Loading configuration from /data/lldap_config.toml 2023-12-10T22:18:02.298303464+00:00 INFO set_up_server [ 1.21ms | 100.00% ] 2023-12-10T22:18:02.298319013+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.5.0 2023-12-10T22:18:02.305599549+00:00 WARN ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password 2023-12-10T22:18:02.306208556+00:00 ERROR ┕━ 🚨 [error]: | error: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email` 2023-12-10T22:18:02.306269670+00:00 ERROR 🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email: error returned from database: (code: 2067) UNIQUE constraint failed: users.email 2023-12-10T22:18:02.306326767+00:00 INFO i [info]: End. ``` I stopped `lldap` and manually updated the `admin` email via `sqlite3` with this command: ``` update users set email = 'name@domain.com' where user_id = 'admin'; ``` Then, I restarted `lldap` and got stuck in a similar restart loop due to a failed UNIQUE constrains on `users.user_id`. The following output will loop every few seconds. ``` Loading configuration from /data/lldap_config.toml 2023-12-10T22:24:48.328008495+00:00 INFO set_up_server [ 1.37ms | 100.00% ] 2023-12-10T22:24:48.328020708+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.5.0 2023-12-10T22:24:48.333270604+00:00 WARN ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password 2023-12-10T22:24:48.333914867+00:00 ERROR ┕━ 🚨 [error]: | error: Database error: `Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id` 2023-12-10T22:24:48.333964970+00:00 ERROR 🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id`: Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id 2023-12-10T22:24:48.334002630+00:00 INFO i [info]: End. ``` **Expected behavior** I expect `lldap` to instantiate with a default admin account that I can use to login and to complete my configuration. **Additional context** I can't get 0.4.3 to work on a fresh install either. `lldap` immediately falls into a restart loop even though logs appear to be successful. The following output will loop every few seconds. ``` > Setup permissions.. > Starting lldap.. Loading configuration from /data/lldap_config.toml 2023-12-10T22:37:21.478722792+00:00 INFO set_up_server [ 1.11ms | 100.00% ] 2023-12-10T22:37:21.478731288+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.4.3 2023-12-10T22:37:21.482793217+00:00 INFO ┝━ i [info]: Starting the LDAP server on port 3890 2023-12-10T22:37:21.484134880+00:00 INFO ┕━ i [info]: Starting the API/web server on port 17170 2023-12-10T22:37:21.484198849+00:00 INFO i [info]: starting 1 workers 2023-12-10T22:37:21.484202095+00:00 INFO i [info]: Actix runtime found; starting in Actix runtime ```
kerem 2026-02-27 08:16:19 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-27 08:16:20 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 11, 2023):

Something seems wrong here: normally, before doing the migration, we check
whether there are duplicate emails and we refuse to upgrade (or is that
only on latest and it hasn't been released?)
It's failing when trying to create the admin user, which doesn't come with
an email. But why is it trying to create an admin user? It should only do
that if there are no users in the lldap_admin group. And certainly, it
should work with an empty database (it's tested on every commit).

Can you:

  • provide the verbose logs (verbose = true in the config)
  • provide the user list (SELECT user_id, email FROM users;)
  • list the members of lldap_admin (SELECT user_id FROM memberships WHERE group_id = 0;)

You can also join Discord and ask over there to try to debug interactively,
we'll post the results back here.

On Sun, 10 Dec 2023, 23:41 Tyler Pace, @.***> wrote:

Describe the bug
lldap v0.5.0 is stuck in a restart loop on a fresh install due to failed
UNIQUE database constraints in sqlite.

To Reproduce
For context, I tried to upgrade from 0.4.3 to 0.5.0 and got the expected
UNIQUE constraint error on emails that I had shared across different users.
I updated the emails directly in users.db using sqlite3 but lldap
continued to restart with failed UNIQUE constraints.

So, I started with a fresh v0.5.0 install with a clean data directory with
the following docker compose specification:

lldap:
container_name: lldap
image: lldap/lldap:v0.5.0
restart: unless-stopped
environment:
TZ: ${TZ}
UID: ${PUID}
GID: ${PGID}
LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS}
LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN}
volumes:
- ${DOCKER_DIR}/lldap:/data

lldap continues to get stuck in a restart loop with this output:

Loading configuration from /data/lldap_config.toml
2023-12-10T22:18:02.298303464+00:00 INFO set_up_server [ 1.21ms | 100.00% ]
2023-12-10T22:18:02.298319013+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.5.0
2023-12-10T22:18:02.305599549+00:00 WARN ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password
2023-12-10T22:18:02.306208556+00:00 ERROR ┕━ 🚨 [error]: | error: Database error: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email
2023-12-10T22:18:02.306269670+00:00 ERROR 🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email: error returned from database: (code: 2067) UNIQUE constraint failed: users.email
2023-12-10T22:18:02.306326767+00:00 INFO i [info]: End.

I stopped lldap and manually updated the admin email via sqlite3 with
this command:

update users set email = @.***' where user_id = 'admin';

Then, I restarted lldap and got stuck in a similar restart loop due to a
failed UNIQUE constrains on users.user_id. The following output will loop
every few seconds.

Loading configuration from /data/lldap_config.toml
2023-12-10T22:24:48.328008495+00:00 INFO set_up_server [ 1.37ms | 100.00% ]
2023-12-10T22:24:48.328020708+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.5.0
2023-12-10T22:24:48.333270604+00:00 WARN ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password
2023-12-10T22:24:48.333914867+00:00 ERROR ┕━ 🚨 [error]: | error: Database error: Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id
2023-12-10T22:24:48.333964970+00:00 ERROR 🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id: Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id
2023-12-10T22:24:48.334002630+00:00 INFO i [info]: End.

Expected behavior
I expect lldap to instantiate with a default admin account that I can use
to login and to complete my configuration.

Additional context
I can't get 0.4.3 to work on a fresh install either. lldap immediately
falls into a restart loop even though logs appear to be successful. The
following output will loop every few seconds.

Setup permissions..
Starting lldap..

Loading configuration from /data/lldap_config.toml
2023-12-10T22:37:21.478722792+00:00 INFO set_up_server [ 1.11ms | 100.00% ]
2023-12-10T22:37:21.478731288+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.4.3
2023-12-10T22:37:21.482793217+00:00 INFO ┝━ i [info]: Starting the LDAP server on port 3890
2023-12-10T22:37:21.484134880+00:00 INFO ┕━ i [info]: Starting the API/web server on port 17170
2023-12-10T22:37:21.484198849+00:00 INFO i [info]: starting 1 workers
2023-12-10T22:37:21.484202095+00:00 INFO i [info]: Actix runtime found; starting in Actix runtime


Reply to this email directly, view it on GitHub
https://github.com/lldap/lldap/issues/756, or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAGCPWIQW47HS6RP7QGB25DYIY3CFAVCNFSM6AAAAABAO4H7XOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAZTINJWGUZDQNQ
.
You are receiving this because you are subscribed to this thread.Message
ID: @.***>

<!-- gh-comment-id:1849345220 --> @nitnelave commented on GitHub (Dec 11, 2023): Something seems wrong here: normally, before doing the migration, we check whether there are duplicate emails and we refuse to upgrade (or is that only on latest and it hasn't been released?) It's failing when trying to create the admin user, which doesn't come with an email. But why is it trying to create an admin user? It should only do that if there are no users in the lldap_admin group. And certainly, it should work with an empty database (it's tested on every commit). Can you: - provide the verbose logs (verbose = true in the config) - provide the user list (`SELECT user_id, email FROM users;`) - list the members of lldap_admin (`SELECT user_id FROM memberships WHERE group_id = 0;`) You can also join Discord and ask over there to try to debug interactively, we'll post the results back here. On Sun, 10 Dec 2023, 23:41 Tyler Pace, ***@***.***> wrote: > *Describe the bug* > lldap v0.5.0 is stuck in a restart loop on a fresh install due to failed > UNIQUE database constraints in sqlite. > > *To Reproduce* > For context, I tried to upgrade from 0.4.3 to 0.5.0 and got the expected > UNIQUE constraint error on emails that I had shared across different users. > I updated the emails directly in users.db using sqlite3 but lldap > continued to restart with failed UNIQUE constraints. > > So, I started with a fresh v0.5.0 install with a clean data directory with > the following docker compose specification: > > lldap: > container_name: lldap > image: lldap/lldap:v0.5.0 > restart: unless-stopped > environment: > TZ: ${TZ} > UID: ${PUID} > GID: ${PGID} > LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET} > LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS} > LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN} > volumes: > - ${DOCKER_DIR}/lldap:/data > > lldap continues to get stuck in a restart loop with this output: > > Loading configuration from /data/lldap_config.toml > 2023-12-10T22:18:02.298303464+00:00 INFO set_up_server [ 1.21ms | 100.00% ] > 2023-12-10T22:18:02.298319013+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.5.0 > 2023-12-10T22:18:02.305599549+00:00 WARN ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password > 2023-12-10T22:18:02.306208556+00:00 ERROR ┕━ 🚨 [error]: | error: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email` > 2023-12-10T22:18:02.306269670+00:00 ERROR 🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email: error returned from database: (code: 2067) UNIQUE constraint failed: users.email > 2023-12-10T22:18:02.306326767+00:00 INFO i [info]: End. > > I stopped lldap and manually updated the admin email via sqlite3 with > this command: > > update users set email = ***@***.***' where user_id = 'admin'; > > Then, I restarted lldap and got stuck in a similar restart loop due to a > failed UNIQUE constrains on users.user_id. The following output will loop > every few seconds. > > Loading configuration from /data/lldap_config.toml > 2023-12-10T22:24:48.328008495+00:00 INFO set_up_server [ 1.37ms | 100.00% ] > 2023-12-10T22:24:48.328020708+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.5.0 > 2023-12-10T22:24:48.333270604+00:00 WARN ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password > 2023-12-10T22:24:48.333914867+00:00 ERROR ┕━ 🚨 [error]: | error: Database error: `Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id` > 2023-12-10T22:24:48.333964970+00:00 ERROR 🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id`: Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id > 2023-12-10T22:24:48.334002630+00:00 INFO i [info]: End. > > *Expected behavior* > I expect lldap to instantiate with a default admin account that I can use > to login and to complete my configuration. > > *Additional context* > I can't get 0.4.3 to work on a fresh install either. lldap immediately > falls into a restart loop even though logs appear to be successful. The > following output will loop every few seconds. > > > Setup permissions.. > > Starting lldap.. > > Loading configuration from /data/lldap_config.toml > 2023-12-10T22:37:21.478722792+00:00 INFO set_up_server [ 1.11ms | 100.00% ] > 2023-12-10T22:37:21.478731288+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.4.3 > 2023-12-10T22:37:21.482793217+00:00 INFO ┝━ i [info]: Starting the LDAP server on port 3890 > 2023-12-10T22:37:21.484134880+00:00 INFO ┕━ i [info]: Starting the API/web server on port 17170 > 2023-12-10T22:37:21.484198849+00:00 INFO i [info]: starting 1 workers > 2023-12-10T22:37:21.484202095+00:00 INFO i [info]: Actix runtime found; starting in Actix runtime > > — > Reply to this email directly, view it on GitHub > <https://github.com/lldap/lldap/issues/756>, or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAGCPWIQW47HS6RP7QGB25DYIY3CFAVCNFSM6AAAAABAO4H7XOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAZTINJWGUZDQNQ> > . > You are receiving this because you are subscribed to this thread.Message > ID: ***@***.***> >
kerem commented 2026-02-27 08:16:20 +03:00
Author
Owner
Copy link

@tylerpace commented on GitHub (Dec 13, 2023):

Verbose log output from lldap 0.5.0 with a fresh install (empty /data directory).

> Setup permissions..
> Starting lldap..

Loading configuration from /data/lldap_config.toml
Configuration: Configuration {
    ldap_host: "0.0.0.0",
    ldap_port: 3890,
    http_host: "0.0.0.0",
    http_port: 17170,
    jwt_secret: ***SECRET***,
    ldap_base_dn: "dc=mydomain,dc=net",
    ldap_user_dn: UserId(
        "admin",
    ),
    ldap_user_email: "",
    ldap_user_pass: ***SECRET***,
    database_url: "sqlite:///data/users.db?mode=rwc",
    ignored_user_attributes: [],
    ignored_group_attributes: [],
    verbose: true,
    key_file: "/data/private_key",
    key_seed: None,
    smtp_options: MailOptions {
        enable_password_reset: false,
        from: None,
        reply_to: None,
        server: "localhost",
        port: 587,
        user: "",
        password: ***SECRET***,
        smtp_encryption: Tls,
        tls_required: None,
    },
    ldaps_options: LdapsOptions {
        enabled: false,
        port: 6360,
        cert_file: "cert.pem",
        key_file: "key.pem",
    },
    http_url: Url {
        scheme: "http",
        cannot_be_a_base: false,
        username: "",
        password: None,
        host: Some(
            Domain(
                "localhost",
            ),
        ),
        port: None,
        path: "/",
        query: None,
        fragment: None,
    },
    server_setup: None,
}
2023-12-13T21:05:17.125183439+00:00  INFO     set_up_server [ 1.58ms | 15.53% / 100.00% ]
2023-12-13T21:05:17.125197947+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.5.0
2023-12-13T21:05:17.125685596+00:00  DEBUG    ┝━ get_schema_version [ 77.3µs | 4.89% ]
2023-12-13T21:05:17.126603889+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: Some(SchemaVersion(5))
2023-12-13T21:05:17.126627002+00:00  DEBUG    ┝━ list_groups [ 364µs | 23.04% ] filters: Some(DisplayName("lldap_admin"))
2023-12-13T21:05:17.128725726+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [Group { id: GroupId(1), display_name: "lldap_admin", creation_date: 2023-12-13T21:05:12.828061965, uuid: Uuid("a0217d78-0fdf-37f8-9e2c-1bca6daab8fd"), users: [], attributes: [] }]
2023-12-13T21:05:17.128732228+00:00  DEBUG    ┝━ list_groups [ 249µs | 15.76% ] filters: Some(DisplayName("lldap_password_manager"))
2023-12-13T21:05:17.129571373+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [Group { id: GroupId(2), display_name: "lldap_password_manager", creation_date: 2023-12-13T21:05:12.830701057, uuid: Uuid("6a5748f1-8700-3f9e-b76a-2bf400ac4b17"), users: [], attributes: [] }]
2023-12-13T21:05:17.129576412+00:00  DEBUG    ┝━ list_groups [ 184µs | 11.65% ] filters: Some(DisplayName("lldap_strict_readonly"))
2023-12-13T21:05:17.130364643+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [Group { id: GroupId(3), display_name: "lldap_strict_readonly", creation_date: 2023-12-13T21:05:12.833115129, uuid: Uuid("d2291864-6400-310d-ba5e-76eae69a9d17"), users: [], attributes: [] }]
2023-12-13T21:05:17.130376615+00:00  DEBUG    ┝━ list_users [ 290µs | 18.38% ] filters: Some(MemberOf("lldap_admin")) | _get_groups: false
2023-12-13T21:05:17.133956571+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: []
2023-12-13T21:05:17.133971399+00:00  WARN     ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password
2023-12-13T21:05:17.133985855+00:00  DEBUG    ┕━ create_user [ 170µs | 10.75% ] request: CreateUserRequest { user_id: UserId("admin"), email: "", display_name: Some("Administrator"), first_name: None, last_name: None, avatar: None } | user_id: "admin"
2023-12-13T21:05:17.134680201+00:00  ERROR       ┕━ 🚨 [error]:  | error: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`
2023-12-13T21:05:17.134794414+00:00  ERROR    🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email: error returned from database: (code: 2067) UNIQUE constraint failed: users.email
2023-12-13T21:05:17.134843125+00:00  INFO     i [info]: End.

The user list:

sqlite> SELECT user_id, email FROM users;
admin|

lldap_admin members:

sqlite> SELECT user_id FROM memberships WHERE
group_id = 0;
sqlite>
<!-- gh-comment-id:1854709152 --> @tylerpace commented on GitHub (Dec 13, 2023): Verbose log output from `lldap` 0.5.0 with a fresh install (empty `/data` directory). ``` > Setup permissions.. > Starting lldap.. Loading configuration from /data/lldap_config.toml Configuration: Configuration { ldap_host: "0.0.0.0", ldap_port: 3890, http_host: "0.0.0.0", http_port: 17170, jwt_secret: ***SECRET***, ldap_base_dn: "dc=mydomain,dc=net", ldap_user_dn: UserId( "admin", ), ldap_user_email: "", ldap_user_pass: ***SECRET***, database_url: "sqlite:///data/users.db?mode=rwc", ignored_user_attributes: [], ignored_group_attributes: [], verbose: true, key_file: "/data/private_key", key_seed: None, smtp_options: MailOptions { enable_password_reset: false, from: None, reply_to: None, server: "localhost", port: 587, user: "", password: ***SECRET***, smtp_encryption: Tls, tls_required: None, }, ldaps_options: LdapsOptions { enabled: false, port: 6360, cert_file: "cert.pem", key_file: "key.pem", }, http_url: Url { scheme: "http", cannot_be_a_base: false, username: "", password: None, host: Some( Domain( "localhost", ), ), port: None, path: "/", query: None, fragment: None, }, server_setup: None, } 2023-12-13T21:05:17.125183439+00:00 INFO set_up_server [ 1.58ms | 15.53% / 100.00% ] 2023-12-13T21:05:17.125197947+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.5.0 2023-12-13T21:05:17.125685596+00:00 DEBUG ┝━ get_schema_version [ 77.3µs | 4.89% ] 2023-12-13T21:05:17.126603889+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: Some(SchemaVersion(5)) 2023-12-13T21:05:17.126627002+00:00 DEBUG ┝━ list_groups [ 364µs | 23.04% ] filters: Some(DisplayName("lldap_admin")) 2023-12-13T21:05:17.128725726+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [Group { id: GroupId(1), display_name: "lldap_admin", creation_date: 2023-12-13T21:05:12.828061965, uuid: Uuid("a0217d78-0fdf-37f8-9e2c-1bca6daab8fd"), users: [], attributes: [] }] 2023-12-13T21:05:17.128732228+00:00 DEBUG ┝━ list_groups [ 249µs | 15.76% ] filters: Some(DisplayName("lldap_password_manager")) 2023-12-13T21:05:17.129571373+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [Group { id: GroupId(2), display_name: "lldap_password_manager", creation_date: 2023-12-13T21:05:12.830701057, uuid: Uuid("6a5748f1-8700-3f9e-b76a-2bf400ac4b17"), users: [], attributes: [] }] 2023-12-13T21:05:17.129576412+00:00 DEBUG ┝━ list_groups [ 184µs | 11.65% ] filters: Some(DisplayName("lldap_strict_readonly")) 2023-12-13T21:05:17.130364643+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [Group { id: GroupId(3), display_name: "lldap_strict_readonly", creation_date: 2023-12-13T21:05:12.833115129, uuid: Uuid("d2291864-6400-310d-ba5e-76eae69a9d17"), users: [], attributes: [] }] 2023-12-13T21:05:17.130376615+00:00 DEBUG ┝━ list_users [ 290µs | 18.38% ] filters: Some(MemberOf("lldap_admin")) | _get_groups: false 2023-12-13T21:05:17.133956571+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [] 2023-12-13T21:05:17.133971399+00:00 WARN ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password 2023-12-13T21:05:17.133985855+00:00 DEBUG ┕━ create_user [ 170µs | 10.75% ] request: CreateUserRequest { user_id: UserId("admin"), email: "", display_name: Some("Administrator"), first_name: None, last_name: None, avatar: None } | user_id: "admin" 2023-12-13T21:05:17.134680201+00:00 ERROR ┕━ 🚨 [error]: | error: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email` 2023-12-13T21:05:17.134794414+00:00 ERROR 🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email: error returned from database: (code: 2067) UNIQUE constraint failed: users.email 2023-12-13T21:05:17.134843125+00:00 INFO i [info]: End. ``` The user list: ``` sqlite> SELECT user_id, email FROM users; admin| ``` lldap_admin members: ``` sqlite> SELECT user_id FROM memberships WHERE group_id = 0; sqlite> ```
kerem commented 2026-02-27 08:16:20 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 13, 2023):

There's something weird, that cannot be the logs from a fresh install with an empty data directory: the database already exists (you can see that no migration was done, it directly returned the latest schema version).

I'm guessing that there is an issue, and you're not looking at the correct /data directory. Can you post the LLDAP section of your docker compose?

That, or it's not actually the very first logs you get after deleting the DB, only the second time you start the service.

<!-- gh-comment-id:1854719835 --> @nitnelave commented on GitHub (Dec 13, 2023): There's something weird, that cannot be the logs from a fresh install with an empty data directory: the database already exists (you can see that no migration was done, it directly returned the latest schema version). I'm guessing that there is an issue, and you're not looking at the correct /data directory. Can you post the LLDAP section of your docker compose? That, or it's not actually the very first logs you get after deleting the DB, only the second time you start the service.
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@tylerpace commented on GitHub (Dec 13, 2023):

My compose specification for lldap.

  lldap:
    container_name: lldap
    image: lldap/lldap:v0.5.0
    restart: unless-stopped
    environment:
      TZ: ${TZ}
      UID: ${PUID}
      GID: ${PGID}
      LLDAP_VERBOSE: true
      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
      LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS}
      LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN}
    volumes:
      - ${DOCKER_DIR}/lldap:/data

${DOCKER_DIR}/lldap is completely empty at startup. I'm rming after every attempt as part of this troubleshooting.

But, you raise a good point -- I was grabbing the most recent copy of the lldap logs by mistake. The restart cycle happens almost instantly so it's hard to capture the initial startup from docker logs. However, I pipe all my container logs to grafana and took a look over there to see if I can find the first execution of lldap.

Here's a lldap log export from grafana that covers the initial startup and subsequent restarts. It looks like lldap starts and silently fails (?) and then gets stuck in the loop caused by the UNIQUE constraint.

lldap_v050_startup.txt
Same logs in a Github Gist

<!-- gh-comment-id:1854869376 --> @tylerpace commented on GitHub (Dec 13, 2023): My `compose` specification for `lldap`. ``` lldap: container_name: lldap image: lldap/lldap:v0.5.0 restart: unless-stopped environment: TZ: ${TZ} UID: ${PUID} GID: ${PGID} LLDAP_VERBOSE: true LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET} LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS} LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN} volumes: - ${DOCKER_DIR}/lldap:/data ``` `${DOCKER_DIR}/lldap` is completely empty at startup. I'm `rm`ing after every attempt as part of this troubleshooting. But, you raise a good point -- I was grabbing the most recent copy of the `lldap` logs by mistake. The restart cycle happens almost instantly so it's hard to capture the initial startup from `docker logs`. However, I pipe all my container logs to grafana and took a look over there to see if I can find the first execution of `lldap`. Here's a `lldap` log export from grafana that covers the initial startup and subsequent restarts. It looks like `lldap` starts and silently fails (?) and then gets stuck in the loop caused by the `UNIQUE` constraint. [lldap_v050_startup.txt](https://github.com/lldap/lldap/files/13666751/lldap_v050_startup.txt) Same logs in a [Github Gist](https://gist.github.com/tylerpace/935f52b90f9600f1681dedfb47d147ea)
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@martadinata666 commented on GitHub (Dec 14, 2023):

Is this work if using volume?

  lldap:
    container_name: lldap
    image: lldap/lldap:v0.5.0
    restart: unless-stopped
    environment:
      TZ: ${TZ}
      UID: ${PUID}
      GID: ${PGID}
      LLDAP_VERBOSE: true
      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
      LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS}
      LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN}
    volumes:
      - lldap-data:/data

volumes:
  lldap-data:

And about the command, docker compose up and docker compose down -v (will wipe the volume also, just ensuring it empty. Is the ${DOCKER_DIR}/lldap on remote mounts such as nfs, smb?

<!-- gh-comment-id:1854980747 --> @martadinata666 commented on GitHub (Dec 14, 2023): Is this work if using volume? ``` lldap: container_name: lldap image: lldap/lldap:v0.5.0 restart: unless-stopped environment: TZ: ${TZ} UID: ${PUID} GID: ${PGID} LLDAP_VERBOSE: true LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET} LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS} LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN} volumes: - lldap-data:/data volumes: lldap-data: ``` And about the command, `docker compose up` and `docker compose down -v` (will wipe the volume also, just ensuring it empty. Is the `${DOCKER_DIR}/lldap` on remote mounts such as nfs, smb?
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 14, 2023):

Interesting! Maybe you can remove the "restart: unless-stopped" from compose? That way you'd only get the first start.

I think grafana only captured stdout, but docker will also give you stderr. Or can you get that in grafana as well?
I feel like there was a panic before it finished the "setting up server" part and didn't get to log anything.

<!-- gh-comment-id:1855059120 --> @nitnelave commented on GitHub (Dec 14, 2023): Interesting! Maybe you can remove the "restart: unless-stopped" from compose? That way you'd only get the first start. I think grafana only captured stdout, but docker will also give you stderr. Or can you get that in grafana as well? I feel like there was a panic before it finished the "setting up server" part and didn't get to log anything.
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@tylerpace commented on GitHub (Dec 14, 2023):

@martadinata666 I modified my compose to start with a fresh volume and appear to be in the same restart loop.

Here's the initial output from docker compose up:

> sudo docker compose up
[+] Running 2/0
 ✔ Volume "auth_lldap-data"  Created                                                                                                                                0.0s 
 ✔ Container lldap           Created                                                                                                                                0.0s 
Attaching to lldap
lldap  | [entrypoint] Copying the default config to /data/lldap_config.toml
lldap  | [entrypoint] Edit this file to configure LLDAP.
lldap  | > Setup permissions..
lldap  | > Starting lldap..
lldap  | 
lldap  | Loading configuration from /data/lldap_config.toml
lldap  | Configuration: Configuration {
lldap  |     ldap_host: "0.0.0.0",
lldap  |     ldap_port: 3890,
lldap  |     http_host: "0.0.0.0",
lldap  |     http_port: 17170,
lldap  |     jwt_secret: ***SECRET***,
lldap  |     ldap_base_dn: "dc=mydomain,dc=net",
lldap  |     ldap_user_dn: UserId(
lldap  |         "admin",
lldap  |     ),
lldap  |     ldap_user_email: "",
lldap  |     ldap_user_pass: ***SECRET***,
lldap  |     database_url: "sqlite:///data/users.db?mode=rwc",
lldap  |     ignored_user_attributes: [],
lldap  |     ignored_group_attributes: [],
lldap  |     verbose: true,
lldap  |     key_file: "/data/private_key",
lldap  |     key_seed: None,
lldap  |     smtp_options: MailOptions {
lldap  |         enable_password_reset: false,
lldap  |         from: None,
lldap  |         reply_to: None,
lldap  |         server: "localhost",
lldap  |         port: 587,
lldap  |         user: "",
lldap  |         password: ***SECRET***,
lldap  |         smtp_encryption: Tls,
lldap  |         tls_required: None,
lldap  |     },
lldap  |     ldaps_options: LdapsOptions {
lldap  |         enabled: false,
lldap  |         port: 6360,
lldap  |         cert_file: "cert.pem",
lldap  |         key_file: "key.pem",
lldap  |     },
lldap  |     http_url: Url {
lldap  |         scheme: "http",
lldap  |         cannot_be_a_base: false,
lldap  |         username: "",
lldap  |         password: None,
lldap  |         host: Some(
lldap  |             Domain(
lldap  |                 "localhost",
lldap  |             ),
lldap  |         ),
lldap  |         port: None,
lldap  |         path: "/",
lldap  |         query: None,
lldap  |         fragment: None,
lldap  |     },
lldap  |     server_setup: None,
lldap  | }
lldap exited with code 0

But, checking docker logs lldap and grafana show the same restart cycle ending in the UNIQUE constraint problem.

My docker volumes are hosted via NFS via TrueNAS. I know it's not ideal to run sqlite dbs on NFS, but this setup ran fine for a long while on v0.4.x and now I can't even rollback to that version family. I can try a setup without sqlite, but probably not until middle of next week.

@nitnelave Progress! I removed restart: unless-stopped and got a new exit code of 132.

> sudo docker compose up     
[+] Running 2/0
 ✔ Volume "auth_lldap-data"  Created                                                                                                                                0.0s 
 ✔ Container lldap           Created                                                                                                                                0.0s 
Attaching to lldap
lldap  | [entrypoint] Copying the default config to /data/lldap_config.toml
lldap  | [entrypoint] Edit this file to configure LLDAP.
lldap  | > Setup permissions..
lldap  | > Starting lldap..
lldap  | 
lldap  | Loading configuration from /data/lldap_config.toml
lldap  | Configuration: Configuration {
lldap  |     ldap_host: "0.0.0.0",
lldap  |     ldap_port: 3890,
lldap  |     http_host: "0.0.0.0",
lldap  |     http_port: 17170,
lldap  |     jwt_secret: ***SECRET***,
lldap  |     ldap_base_dn: "dc=mydomain,dc=net",
lldap  |     ldap_user_dn: UserId(
lldap  |         "admin",
lldap  |     ),
lldap  |     ldap_user_email: "",
lldap  |     ldap_user_pass: ***SECRET***,
lldap  |     database_url: "sqlite:///data/users.db?mode=rwc",
lldap  |     ignored_user_attributes: [],
lldap  |     ignored_group_attributes: [],
lldap  |     verbose: true,
lldap  |     key_file: "/data/private_key",
lldap  |     key_seed: None,
lldap  |     smtp_options: MailOptions {
lldap  |         enable_password_reset: false,
lldap  |         from: None,
lldap  |         reply_to: None,
lldap  |         server: "localhost",
lldap  |         port: 587,
lldap  |         user: "",
lldap  |         password: ***SECRET***,
lldap  |         smtp_encryption: Tls,
lldap  |         tls_required: None,
lldap  |     },
lldap  |     ldaps_options: LdapsOptions {
lldap  |         enabled: false,
lldap  |         port: 6360,
lldap  |         cert_file: "cert.pem",
lldap  |         key_file: "key.pem",
lldap  |     },
lldap  |     http_url: Url {
lldap  |         scheme: "http",
lldap  |         cannot_be_a_base: false,
lldap  |         username: "",
lldap  |         password: None,
lldap  |         host: Some(
lldap  |             Domain(
lldap  |                 "localhost",
lldap  |             ),
lldap  |         ),
lldap  |         port: None,
lldap  |         path: "/",
lldap  |         query: None,
lldap  |         fragment: None,
lldap  |     },
lldap  |     server_setup: None,
lldap  | }
lldap exited with code 132

Thank you both for the troubleshooting help!

<!-- gh-comment-id:1856528916 --> @tylerpace commented on GitHub (Dec 14, 2023): @martadinata666 I modified my `compose` to start with a fresh volume and appear to be in the same restart loop. Here's the initial output from `docker compose up`: ``` > sudo docker compose up [+] Running 2/0 ✔ Volume "auth_lldap-data" Created 0.0s ✔ Container lldap Created 0.0s Attaching to lldap lldap | [entrypoint] Copying the default config to /data/lldap_config.toml lldap | [entrypoint] Edit this file to configure LLDAP. lldap | > Setup permissions.. lldap | > Starting lldap.. lldap | lldap | Loading configuration from /data/lldap_config.toml lldap | Configuration: Configuration { lldap | ldap_host: "0.0.0.0", lldap | ldap_port: 3890, lldap | http_host: "0.0.0.0", lldap | http_port: 17170, lldap | jwt_secret: ***SECRET***, lldap | ldap_base_dn: "dc=mydomain,dc=net", lldap | ldap_user_dn: UserId( lldap | "admin", lldap | ), lldap | ldap_user_email: "", lldap | ldap_user_pass: ***SECRET***, lldap | database_url: "sqlite:///data/users.db?mode=rwc", lldap | ignored_user_attributes: [], lldap | ignored_group_attributes: [], lldap | verbose: true, lldap | key_file: "/data/private_key", lldap | key_seed: None, lldap | smtp_options: MailOptions { lldap | enable_password_reset: false, lldap | from: None, lldap | reply_to: None, lldap | server: "localhost", lldap | port: 587, lldap | user: "", lldap | password: ***SECRET***, lldap | smtp_encryption: Tls, lldap | tls_required: None, lldap | }, lldap | ldaps_options: LdapsOptions { lldap | enabled: false, lldap | port: 6360, lldap | cert_file: "cert.pem", lldap | key_file: "key.pem", lldap | }, lldap | http_url: Url { lldap | scheme: "http", lldap | cannot_be_a_base: false, lldap | username: "", lldap | password: None, lldap | host: Some( lldap | Domain( lldap | "localhost", lldap | ), lldap | ), lldap | port: None, lldap | path: "/", lldap | query: None, lldap | fragment: None, lldap | }, lldap | server_setup: None, lldap | } lldap exited with code 0 ``` But, checking `docker logs lldap` and grafana show the same restart cycle ending in the `UNIQUE` constraint problem. My docker volumes are hosted via NFS via TrueNAS. I know it's not ideal to run sqlite dbs on NFS, but this setup ran fine for a long while on v0.4.x and now I can't even rollback to that version family. I can try a setup without sqlite, but probably not until middle of next week. @nitnelave Progress! I removed `restart: unless-stopped` and got a new exit code of `132`. ``` > sudo docker compose up [+] Running 2/0 ✔ Volume "auth_lldap-data" Created 0.0s ✔ Container lldap Created 0.0s Attaching to lldap lldap | [entrypoint] Copying the default config to /data/lldap_config.toml lldap | [entrypoint] Edit this file to configure LLDAP. lldap | > Setup permissions.. lldap | > Starting lldap.. lldap | lldap | Loading configuration from /data/lldap_config.toml lldap | Configuration: Configuration { lldap | ldap_host: "0.0.0.0", lldap | ldap_port: 3890, lldap | http_host: "0.0.0.0", lldap | http_port: 17170, lldap | jwt_secret: ***SECRET***, lldap | ldap_base_dn: "dc=mydomain,dc=net", lldap | ldap_user_dn: UserId( lldap | "admin", lldap | ), lldap | ldap_user_email: "", lldap | ldap_user_pass: ***SECRET***, lldap | database_url: "sqlite:///data/users.db?mode=rwc", lldap | ignored_user_attributes: [], lldap | ignored_group_attributes: [], lldap | verbose: true, lldap | key_file: "/data/private_key", lldap | key_seed: None, lldap | smtp_options: MailOptions { lldap | enable_password_reset: false, lldap | from: None, lldap | reply_to: None, lldap | server: "localhost", lldap | port: 587, lldap | user: "", lldap | password: ***SECRET***, lldap | smtp_encryption: Tls, lldap | tls_required: None, lldap | }, lldap | ldaps_options: LdapsOptions { lldap | enabled: false, lldap | port: 6360, lldap | cert_file: "cert.pem", lldap | key_file: "key.pem", lldap | }, lldap | http_url: Url { lldap | scheme: "http", lldap | cannot_be_a_base: false, lldap | username: "", lldap | password: None, lldap | host: Some( lldap | Domain( lldap | "localhost", lldap | ), lldap | ), lldap | port: None, lldap | path: "/", lldap | query: None, lldap | fragment: None, lldap | }, lldap | server_setup: None, lldap | } lldap exited with code 132 ``` Thank you both for the troubleshooting help!
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 14, 2023):

132? That's illegal instruction (unless you have a weird Linux). That would indeed stop the program in it's tracks with no hope of logging, to stderr or stdout.
What is your cpu/architecture? And which docker image were you using?

A potential way forward would be to recompile lldap yourself (which is very easy with cargo, check the readme). If you compile it on the machine itself, it shouldn't generate illegal instructions.

Let's see if it solves the problem (you should be able to just copy the new binary into the container and restart it).

<!-- gh-comment-id:1856535244 --> @nitnelave commented on GitHub (Dec 14, 2023): 132? That's illegal instruction (unless you have a weird Linux). That would indeed stop the program in it's tracks with no hope of logging, to stderr or stdout. What is your cpu/architecture? And which docker image were you using? A potential way forward would be to recompile lldap yourself (which is very easy with cargo, check the readme). If you compile it on the machine itself, it shouldn't generate illegal instructions. Let's see if it solves the problem (you should be able to just copy the new binary into the container and restart it).
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@tylerpace commented on GitHub (Dec 14, 2023):

@martadinata666 To clarify my earlier comment about NFS.

My normal process is to host persistent docker volumes on NFS, but in your test case using the lldap-data volume that volume is hosted directly on my docker host. My docker host is ubuntu server virtualized on TrueNAS using a zvol for storage.

<!-- gh-comment-id:1856537788 --> @tylerpace commented on GitHub (Dec 14, 2023): @martadinata666 To clarify my earlier comment about NFS. My normal process is to host persistent docker volumes on NFS, _but_ in your test case using the `lldap-data` volume that volume is hosted directly on my docker host. My docker host is ubuntu server virtualized on TrueNAS using a zvol for storage.
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 14, 2023):

What's the output of uname -a and cat /proc/cpuinfo (you can truncate to just one core)?

<!-- gh-comment-id:1856547019 --> @nitnelave commented on GitHub (Dec 14, 2023): What's the output of `uname -a` and ` cat /proc/cpuinfo` (you can truncate to just one core)?
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@tylerpace commented on GitHub (Dec 14, 2023):

@nitnelave I'm running virtualized Ubuntu on TrueNAS with Host CPU mode (AMD Ryzen).

lldap worked great for months on this setup. It all went south when I first tried to upgrade to v0.5.0 and I've been stuck in this restart loop every since. There have been no changes to server HW or the ubuntu virtualization settings, just the normal course of ubuntu OS updates, updates to other containers, etc.

OS info:

> lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.3 LTS
Release:	22.04
Codename:	jammy

CPU info:

> lscpu
Architecture:            x86_64
  CPU op-mode(s):        32-bit, 64-bit
  Address sizes:         40 bits physical, 48 bits virtual
  Byte Order:            Little Endian
CPU(s):                  8
  On-line CPU(s) list:   0-7
Vendor ID:               AuthenticAMD
  Model name:            AMD EPYC-Rome Processor
    CPU family:          23
    Model:               49
    Thread(s) per core:  2
    Core(s) per socket:  4
    Socket(s):           1
    Stepping:            0
    BogoMIPS:            7785.34
    Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext
                         fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic
                          movbe popcnt tsc_deadline_timer aes f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowpr
                         efetch osvw topoext perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid rdseed ad
                         x smap clflushopt clwb sha_ni clzero xsaveerptr wbnoinvd arat umip ospke rdpid fsrm arch_capabilities
Virtualization features:
  Hypervisor vendor:     KVM
  Virtualization type:   full
Caches (sum of all):
  L1d:                   128 KiB (4 instances)
  L1i:                   128 KiB (4 instances)
  L2:                    2 MiB (4 instances)
  L3:                    16 MiB (1 instance)
NUMA:
  NUMA node(s):          1
  NUMA node0 CPU(s):     0-7
Vulnerabilities:
  Gather data sampling:  Not affected
  Itlb multihit:         Not affected
  L1tf:                  Not affected
  Mds:                   Not affected
  Meltdown:              Not affected
  Mmio stale data:       Not affected
  Retbleed:              Mitigation; untrained return thunk; SMT enabled with STIBP protection
  Spec rstack overflow:  Mitigation; safe RET
  Spec store bypass:     Mitigation; Speculative Store Bypass disabled via prctl and seccomp
  Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:            Mitigation; Retpolines, IBPB conditional, STIBP always-on, RSB filling, PBRSB-eIBRS Not affected
  Srbds:                 Not affected
  Tsx async abort:       Not affected

Docker info:

Client: Docker Engine - Community
 Version:    24.0.7
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.21.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 50
  Running: 49
  Paused: 0
  Stopped: 1
 Images: 94
 Server Version: 24.0.7
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 61f9fd88f79f081d64d6fa3bb1a0dc71ec870523
 runc version: v1.1.9-0-gccaecfc
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-89-generic
 Operating System: Ubuntu 22.04.3 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.61GiB
 Name: **REMOVED**
 ID: **REMOVED**
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Container info:

> sudo docker inspect lldap | jq '.[0].Config.Labels'
{
  "com.docker.compose.config-hash": "e027b1be1bf62ec73579ee5736a8a82a02763620529bd2530e7af7eab8a350b3",
  "com.docker.compose.container-number": "1",
  "com.docker.compose.depends_on": "",
  "com.docker.compose.image": "sha256:e92dcf81c7792530df5bb73405a2839e0efaa7a26eac436db74aba0d6f852d8e",
  "com.docker.compose.oneoff": "False",
  "com.docker.compose.project": "auth",
  "com.docker.compose.project.config_files": "**REMOVED**/auth/docker-compose.yml",
  "com.docker.compose.project.working_dir": "**REMOVED**/auth",
  "com.docker.compose.service": "lldap",
  "com.docker.compose.version": "2.21.0",
  "org.opencontainers.image.created": "2023-09-14T18:55:41.163Z",
  "org.opencontainers.image.description": "Light LDAP implementation",
  "org.opencontainers.image.licenses": "GPL-3.0",
  "org.opencontainers.image.revision": "6f04530700cbe00e979c84483a8310b1339e9d6e",
  "org.opencontainers.image.source": "https://github.com/lldap/lldap",
  "org.opencontainers.image.title": "lldap",
  "org.opencontainers.image.url": "https://github.com/lldap/lldap",
  "org.opencontainers.image.version": "v0.5.0-alpine"
}
<!-- gh-comment-id:1856569430 --> @tylerpace commented on GitHub (Dec 14, 2023): @nitnelave I'm running virtualized Ubuntu on TrueNAS with `Host` CPU mode (AMD Ryzen). `lldap` worked great for months on this setup. It all went south when I first tried to upgrade to v0.5.0 and I've been stuck in this restart loop every since. There have been no changes to server HW or the ubuntu virtualization settings, just the normal course of ubuntu OS updates, updates to other containers, etc. OS info: ``` > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.3 LTS Release: 22.04 Codename: jammy ``` CPU info: ``` > lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Address sizes: 40 bits physical, 48 bits virtual Byte Order: Little Endian CPU(s): 8 On-line CPU(s) list: 0-7 Vendor ID: AuthenticAMD Model name: AMD EPYC-Rome Processor CPU family: 23 Model: 49 Thread(s) per core: 2 Core(s) per socket: 4 Socket(s): 1 Stepping: 0 BogoMIPS: 7785.34 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowpr efetch osvw topoext perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid rdseed ad x smap clflushopt clwb sha_ni clzero xsaveerptr wbnoinvd arat umip ospke rdpid fsrm arch_capabilities Virtualization features: Hypervisor vendor: KVM Virtualization type: full Caches (sum of all): L1d: 128 KiB (4 instances) L1i: 128 KiB (4 instances) L2: 2 MiB (4 instances) L3: 16 MiB (1 instance) NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0-7 Vulnerabilities: Gather data sampling: Not affected Itlb multihit: Not affected L1tf: Not affected Mds: Not affected Meltdown: Not affected Mmio stale data: Not affected Retbleed: Mitigation; untrained return thunk; SMT enabled with STIBP protection Spec rstack overflow: Mitigation; safe RET Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Spectre v2: Mitigation; Retpolines, IBPB conditional, STIBP always-on, RSB filling, PBRSB-eIBRS Not affected Srbds: Not affected Tsx async abort: Not affected ``` Docker info: ```> sudo docker info Client: Docker Engine - Community Version: 24.0.7 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.11.2 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.21.0 Path: /usr/libexec/docker/cli-plugins/docker-compose Server: Containers: 50 Running: 49 Paused: 0 Stopped: 1 Images: 94 Server Version: 24.0.7 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: 61f9fd88f79f081d64d6fa3bb1a0dc71ec870523 runc version: v1.1.9-0-gccaecfc init version: de40ad0 Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 5.15.0-89-generic Operating System: Ubuntu 22.04.3 LTS OSType: linux Architecture: x86_64 CPUs: 8 Total Memory: 15.61GiB Name: **REMOVED** ID: **REMOVED** Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false ``` Container info: ``` > sudo docker inspect lldap | jq '.[0].Config.Labels' { "com.docker.compose.config-hash": "e027b1be1bf62ec73579ee5736a8a82a02763620529bd2530e7af7eab8a350b3", "com.docker.compose.container-number": "1", "com.docker.compose.depends_on": "", "com.docker.compose.image": "sha256:e92dcf81c7792530df5bb73405a2839e0efaa7a26eac436db74aba0d6f852d8e", "com.docker.compose.oneoff": "False", "com.docker.compose.project": "auth", "com.docker.compose.project.config_files": "**REMOVED**/auth/docker-compose.yml", "com.docker.compose.project.working_dir": "**REMOVED**/auth", "com.docker.compose.service": "lldap", "com.docker.compose.version": "2.21.0", "org.opencontainers.image.created": "2023-09-14T18:55:41.163Z", "org.opencontainers.image.description": "Light LDAP implementation", "org.opencontainers.image.licenses": "GPL-3.0", "org.opencontainers.image.revision": "6f04530700cbe00e979c84483a8310b1339e9d6e", "org.opencontainers.image.source": "https://github.com/lldap/lldap", "org.opencontainers.image.title": "lldap", "org.opencontainers.image.url": "https://github.com/lldap/lldap", "org.opencontainers.image.version": "v0.5.0-alpine" } ```
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@tylerpace commented on GitHub (Dec 14, 2023):

> uname -a
Linux **REMOVED** 5.15.0-89-generic #99-Ubuntu SMP Mon Oct 30 20:42:41 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

> cat /proc/cpuinfo
processor	: 0
vendor_id	: AuthenticAMD
cpu family	: 23
model		: 49
model name	: AMD EPYC-Rome Processor
stepping	: 0
microcode	: 0x1000065
cpu MHz		: 3892.674
cache size	: 512 KB
physical id	: 0
siblings	: 8
core id		: 0
cpu cores	: 4
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid rdseed adx smap clflushopt clwb sha_ni clzero xsaveerptr wbnoinvd arat umip ospke rdpid fsrm arch_capabilities
bugs		: sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed smt_rsb srso
bogomips	: 7785.34
TLB size	: 1024 4K pages
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:
<!-- gh-comment-id:1856571938 --> @tylerpace commented on GitHub (Dec 14, 2023): ``` > uname -a Linux **REMOVED** 5.15.0-89-generic #99-Ubuntu SMP Mon Oct 30 20:42:41 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux ``` ``` > cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 23 model : 49 model name : AMD EPYC-Rome Processor stepping : 0 microcode : 0x1000065 cpu MHz : 3892.674 cache size : 512 KB physical id : 0 siblings : 8 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid rdseed adx smap clflushopt clwb sha_ni clzero xsaveerptr wbnoinvd arat umip ospke rdpid fsrm arch_capabilities bugs : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed smt_rsb srso bogomips : 7785.34 TLB size : 1024 4K pages clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: ```
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 14, 2023):

You could try the non-alpine container, but I'm not sure it'd change anything.

Actually if you could get a coredump, we could see where the invalid instruction is and try to see if there's anything specific to the dependency that we could change.

<!-- gh-comment-id:1856574515 --> @nitnelave commented on GitHub (Dec 14, 2023): You could try the non-alpine container, but I'm not sure it'd change anything. Actually if you could get a coredump, we could see where the invalid instruction is and try to see if there's anything specific to the dependency that we could change.
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 14, 2023):

Note that given the state of the DB after the crash, it's almost certainly in the crypto operations to set the password.

@martadinata666 v4 to v5, could it be due to the libc change? I remember something about musl, did we change anything with the Alpine container?

<!-- gh-comment-id:1856754604 --> @nitnelave commented on GitHub (Dec 14, 2023): Note that given the state of the DB after the crash, it's almost certainly in the crypto operations to set the password. @martadinata666 v4 to v5, could it be due to the libc change? I remember something about musl, did we change anything with the Alpine container?
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 14, 2023):

Could be relevant: https://gitlab.torproject.org/tpo/core/arti/-/issues/571

Note that SIGILL can also occur when panicking while processing a panic.

<!-- gh-comment-id:1856768518 --> @nitnelave commented on GitHub (Dec 14, 2023): Could be relevant: https://gitlab.torproject.org/tpo/core/arti/-/issues/571 Note that SIGILL can also occur when panicking while processing a panic.
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@martadinata666 commented on GitHub (Dec 15, 2023):

Oh interesting, 132 is about missing cpu instructions. Mostly avx or sse. Thus used by some cryptography/random number generation.

1st let's rule out a VM issue or a Host issue:

  1. Run the docker image on host. I predicted this will run fine
  2. Try setting up the VM using passthrough CPU settings, this way all CPU features on host will pass on VM.
<!-- gh-comment-id:1857122696 --> @martadinata666 commented on GitHub (Dec 15, 2023): Oh interesting, 132 is about missing cpu instructions. Mostly `avx` or `sse`. Thus used by some cryptography/random number generation. 1st let's rule out a VM issue or a Host issue: 1. Run the docker image on host. `I predicted this will run fine` 2. Try setting up the VM using passthrough CPU settings, this way all CPU features on host will pass on VM.
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@tylerpace commented on GitHub (Dec 15, 2023):

FYI I'll be AFK until Tuesday of next week. I don't want you to think that I've ghosted you after all the support.

I'll take a swing at the latest suggestions upon my return.

<!-- gh-comment-id:1858242577 --> @tylerpace commented on GitHub (Dec 15, 2023): FYI I'll be AFK until Tuesday of next week. I don't want you to think that I've ghosted you after all the support. I'll take a swing at the latest suggestions upon my return.
kerem commented 2026-02-27 08:16:21 +03:00
Author
Owner
Copy link

@tylerpace commented on GitHub (Dec 19, 2023):

Good news, it appears the issue was related to my virtualization settings in TrueNAS.

Changing CPU Mode from Host Model to Host Passthrough resolved the 132 exit code which allowed for the proper initialization of the user database and prevented the UNIQUE constraint cycle on future runs.

Thanks for the troubleshooting!

<!-- gh-comment-id:1863457325 --> @tylerpace commented on GitHub (Dec 19, 2023): Good news, it appears the issue was related to my virtualization settings in TrueNAS. Changing `CPU Mode` from `Host Model` to `Host Passthrough` resolved the `132` exit code which allowed for the proper initialization of the user database and prevented the `UNIQUE` constraint cycle on future runs. Thanks for the troubleshooting!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/github_actions/codecov/codecov-action-6
copilot/fix-equality-filters-list-attributes
dependabot/github_actions/docker/build-push-action-7
dependabot/github_actions/docker/metadata-action-6
dependabot/github_actions/docker/setup-buildx-action-4
dependabot/github_actions/docker/login-action-4
copilot/update-download-artifact-action
copilot/fix-opensuse-warnings
copilot/fix-1268
copilot/fix-727
copilot/fix-898
copilot/fix-1256
copilot/fix-1251
copilot/fix-1249
copilot/fix-1206
user-attribute-form
user-ui
group-ui
server-user-attribute-schema
crates
haveibeenpwned
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.0.1
Labels
Clear labels   
backend

   
blocked

   
bug

   
cleanup

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
frontend

   
github_actions

   
good first issue

   
help wanted

   
help wanted

   
integration

   
invalid

   
ldap

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
rust

   
rust

   
tests

   
wontfix
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/lldap-lldap#277
No description provided.