starred/lldap-lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-04-25 08:15:52 +03:00
Code Issues 101 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1053] [BUG] False positive warning on key_file with LDAPS #378

New issue
Closed
opened 2026-02-27 08:16:57 +03:00 by kerem · 3 comments
kerem commented 2026-02-27 08:16:57 +03:00
Owner
Copy link

Originally created by @oscarcarlsson on GitHub (Dec 4, 2024).
Original GitHub issue: https://github.com/lldap/lldap/issues/1053

Describe the bug

I'm getting a false positive warning message regarding use of key_file in my LDAPS configuration. It's a warning regarding using both key_seed and key_file (which is from the main section of the configuration) which is not relevant for the key_file configuration under the [ldaps_options].

To Reproduce

My configuration:

ldap_host = "idp.example.com"
ldap_port = 3890

http_host = "127.0.0.1"
http_port = 17170
http_url = "http://localhost:17170"

jwt_secret = "abcde"
key_seed = "abcde"

ldap_base_dn = "dc=example,dc=com"

ldap_user_dn = "admin"
ldap_user_email = "lldap@example.com"
ldap_user_pass = "abcde"
force_reset_admin_password = false

database_url = "sqlite:///var/lib/lldap/users.db?mode=rwc"

[smtp_options]

[ldaps_options]
enabled=true
port=6360
key_file="/etc/step-ca/certs/server.key"
cert_file="/etc/step-ca/certs/server.crt"

Expected behavior

No error message.

Logs

verbose=false below but the warning is on the third line:

Dec 04 09:26:28 idp systemd[1]: Started lldap.service - Nitnelave LLDAP.
Dec 04 09:26:28 idp lldap[21478]: Loading configuration from /etc/lldap/lldap_config.toml
Dec 04 09:26:28 idp lldap[21478]: WARNING: A key_seed was given, we will ignore the key_file and generate one from the seed! Set key_file to an empty string in the config to silence this message.
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614733535+00:00  INFO     i [info]: starting 1 workers
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614745805+00:00  INFO     i [info]: Actix runtime found; starting in Actix runtime
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614755355+00:00  INFO     i [info]: starting service: "ldap", workers: 1, listening on: 192.168.0.100:3890
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614759155+00:00  INFO     i [info]: starting service: "ldaps", workers: 1, listening on: 192.168.0.100:6360
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614762535+00:00  INFO     i [info]: starting service: "http", workers: 1, listening on: 127.0.0.1:17170
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.607383217+00:00  INFO     set_up_server [ 7.40ms | 100.00% ]
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.607395647+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.6.1
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.610458725+00:00  INFO     ┝━ i [info]: Starting the LDAP server on port 3890
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.613422273+00:00  INFO     ┝━ i [info]: Starting the LDAPS server on port 6360
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614648087+00:00  INFO     ┕━ i [info]: Starting the API/web server on port 17170
Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.615807321+00:00  INFO     i [info]: DB Cleanup Cron started

Additional context

N/A

Originally created by @oscarcarlsson on GitHub (Dec 4, 2024). Original GitHub issue: https://github.com/lldap/lldap/issues/1053 **Describe the bug** I'm getting a false positive warning message regarding use of `key_file` in my LDAPS configuration. It's a warning regarding using both `key_seed` and `key_file` (which is from the main section of the configuration) which is not relevant for the `key_file` configuration under the `[ldaps_options]`. **To Reproduce** My configuration: ```toml ldap_host = "idp.example.com" ldap_port = 3890 http_host = "127.0.0.1" http_port = 17170 http_url = "http://localhost:17170" jwt_secret = "abcde" key_seed = "abcde" ldap_base_dn = "dc=example,dc=com" ldap_user_dn = "admin" ldap_user_email = "lldap@example.com" ldap_user_pass = "abcde" force_reset_admin_password = false database_url = "sqlite:///var/lib/lldap/users.db?mode=rwc" [smtp_options] [ldaps_options] enabled=true port=6360 key_file="/etc/step-ca/certs/server.key" cert_file="/etc/step-ca/certs/server.crt" ``` **Expected behavior** No error message. **Logs** `verbose=false` below but the warning is on the third line: ``` Dec 04 09:26:28 idp systemd[1]: Started lldap.service - Nitnelave LLDAP. Dec 04 09:26:28 idp lldap[21478]: Loading configuration from /etc/lldap/lldap_config.toml Dec 04 09:26:28 idp lldap[21478]: WARNING: A key_seed was given, we will ignore the key_file and generate one from the seed! Set key_file to an empty string in the config to silence this message. Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614733535+00:00 INFO i [info]: starting 1 workers Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614745805+00:00 INFO i [info]: Actix runtime found; starting in Actix runtime Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614755355+00:00 INFO i [info]: starting service: "ldap", workers: 1, listening on: 192.168.0.100:3890 Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614759155+00:00 INFO i [info]: starting service: "ldaps", workers: 1, listening on: 192.168.0.100:6360 Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614762535+00:00 INFO i [info]: starting service: "http", workers: 1, listening on: 127.0.0.1:17170 Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.607383217+00:00 INFO set_up_server [ 7.40ms | 100.00% ] Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.607395647+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.6.1 Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.610458725+00:00 INFO ┝━ i [info]: Starting the LDAP server on port 3890 Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.613422273+00:00 INFO ┝━ i [info]: Starting the LDAPS server on port 6360 Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.614648087+00:00 INFO ┕━ i [info]: Starting the API/web server on port 17170 Dec 04 09:26:28 idp lldap[21478]: 2024-12-04T08:26:28.615807321+00:00 INFO i [info]: DB Cleanup Cron started ``` **Additional context** N/A
kerem 2026-02-27 08:16:57 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-27 08:16:58 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 4, 2024):

key_file has a default value (to know where to put the key by default). Have you tried doing what the error message says?
"Set key_file to an empty string in the config to silence this message."

<!-- gh-comment-id:2516618122 --> @nitnelave commented on GitHub (Dec 4, 2024): `key_file` has a default value (to know where to put the key by default). Have you tried doing what the error message says? "Set key_file to an empty string in the config to silence this message."
kerem commented 2026-02-27 08:16:58 +03:00
Author
Owner
Copy link

@oscarcarlsson commented on GitHub (Dec 4, 2024):

Yes, that silences the warning. But the warning is not relevant when setting key_file under the ldaps section :)

<!-- gh-comment-id:2516708507 --> @oscarcarlsson commented on GitHub (Dec 4, 2024): Yes, that silences the warning. But the warning is not relevant when setting `key_file` under the ldaps section :)
kerem commented 2026-02-27 08:16:58 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Dec 4, 2024):

Unless I'm very mistaken, this has nothing to do with the ldaps section: it's complaining about the implicit key_file=server_key (or whatever default value) at the top level.

The idea is that if you didn't set a key_seed to start with, it'll create a key file with that value. If you then set a key_seed because you heard that it's better, it'll read that over the file and all the passwords will be unreadable; hence the warning.

<!-- gh-comment-id:2517227284 --> @nitnelave commented on GitHub (Dec 4, 2024): Unless I'm _very_ mistaken, this has nothing to do with the ldaps section: it's complaining about the _implicit_ `key_file=server_key` (or whatever default value) at the top level. The idea is that if you didn't set a key_seed to start with, it'll create a key file with that value. If you then set a key_seed because you heard that it's better, it'll read that over the file and all the passwords will be unreadable; hence the warning.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/github_actions/codecov/codecov-action-6
copilot/fix-equality-filters-list-attributes
dependabot/github_actions/docker/build-push-action-7
dependabot/github_actions/docker/metadata-action-6
dependabot/github_actions/docker/setup-buildx-action-4
dependabot/github_actions/docker/login-action-4
copilot/update-download-artifact-action
copilot/fix-opensuse-warnings
copilot/fix-1268
copilot/fix-727
copilot/fix-898
copilot/fix-1256
copilot/fix-1251
copilot/fix-1249
copilot/fix-1206
user-attribute-form
user-ui
group-ui
server-user-attribute-schema
crates
haveibeenpwned
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.0.1
Labels
Clear labels   
backend

   
blocked

   
bug

   
cleanup

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
frontend

   
github_actions

   
good first issue

   
help wanted

   
help wanted

   
integration

   
invalid

   
ldap

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
rust

   
rust

   
tests

   
wontfix
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/lldap-lldap#378
No description provided.