starred/lldap-lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-04-25 16:25:55 +03:00
Code Issues 101 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1095] Unable to login to web ui as admin #396

New issue
Closed
opened 2026-02-27 08:17:04 +03:00 by kerem · 2 comments
kerem commented 2026-02-27 08:17:04 +03:00
Owner
Copy link

Originally created by @crypticscribe on GitHub (Feb 3, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1095

Describe the bug
I'm unable to login to the web UI as the admin user after spinning up the docker container, creating the volume, and customizing the config files.

My docker-compose.yml

version: "3"

volumes:
  lldap-data:
    driver: local

services:
  lldap:
    image: lldap/lldap:stable
    ports:
      # For LDAP, not recommended to expose, see Usage section.
      - "389:389"
      # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
      - "636:636"
      # For the web front-end
      - "80:80"
    volumes:
      - "lldap-data:/data"
      # Alternatively, you can mount a local folder
      # - "./lldap_data:/data"
    environment:
      - UID=1004
      - GID=1004
      - TZ=America/New_York
      - LLDAP_JWT_SECRET=********
      - LLDAP_KEY_SEED=********
      - LLDAP_LDAP_BASE_DN=dc=auth,dc=priv,dc=domain,dc=com
      - LLDAP_LDAP_USER_PASS=password
      # If using LDAPS, set enabled true and configure cert and key path
      - LLDAP_LDAPS_OPTIONS__ENABLED=true
      - LLDAP_LDAPS_OPTIONS__CERT_FILE=/data/privdomain.pem
      - LLDAP_LDAPS_OPTIONS__KEY_FILE=/data/privdomain.key
      # You can also set a different database:
      # - LLDAP_DATABASE_URL=mysql://mysql-user:password@mysql-server/my-database
      # - LLDAP_DATABASE_URL=postgres://postgres-user:password@postgres-server/my-database
      # If using SMTP, set the following variables
      - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=true
      - LLDAP_SMTP_OPTIONS__SERVER=mail.priv.domain.com
      - LLDAP_SMTP_OPTIONS__PORT=465 # Check your smtp providor's documentation for this setting
      - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=TLS # How the connection is encrypted, either "NONE" (no encryption, port 25), "TLS" (sometimes called SSL, port 465) or "STARTTLS" (sometimes called TLS, port 587).
      - LLDAP_SMTP_OPTIONS__USER=services@mail.priv.domain.com # The SMTP user, usually your email address
      - LLDAP_SMTP_OPTIONS__PASSWORD=******** # The SMTP password
      - LLDAP_SMTP_OPTIONS__FROM=no-reply <services@mail.priv.domain.com> # The header field, optional: how the sender appears in the email. The first is a free-form name, followed by an email between <>.
      - LLDAP_SMTP_OPTIONS__TO=admin <user@mail.priv.domain.com> # Same for reply-to, optional.

My lldap_config.toml

## Default configuration for Docker.
## All the values can be overridden through environment variables, prefixed
## with "LLDAP_". For instance, "ldap_port" can be overridden with the
## "LLDAP_LDAP_PORT" variable.

## Tune the logging to be more verbose by setting this to be true.
## You can set it with the LLDAP_VERBOSE environment variable.
verbose=true

## The host address that the LDAP server will be bound to.
## To enable IPv6 support, simply switch "ldap_host" to "::":
## To only allow connections from localhost (if you want to restrict to local self-hosted services),
## change it to "127.0.0.1" ("::1" in case of IPv6).
## If LLDAP server is running in docker, set it to "0.0.0.0" ("::" for IPv6) to allow connections
## originating from outside the container.
ldap_host = "0.0.0.0"

## The port on which to have the LDAP server.
ldap_port = 389

## The host address that the HTTP server will be bound to.
## To enable IPv6 support, simply switch "http_host" to "::".
## To only allow connections from localhost (if you want to restrict to local self-hosted services),
## change it to "127.0.0.1" ("::1" in case of IPv6).
## If LLDAP server is running in docker, set it to "0.0.0.0" ("::" for IPv6) to allow connections
## originating from outside the container.
http_host = "0.0.0.0"

## The port on which to have the HTTP server, for user login and
## administration.
#http_port = 17170
http_port = 80

## The public URL of the server, for password reset links.
http_url = "http://auth.priv.domain.com"

## The path to the front-end assets (relative to the working directory).
assets_path = "./app"

## Random secret for JWT signature.
## This secret should be random, and should be shared with application
## servers that need to consume the JWTs.
## Changing this secret will invalidate all user sessions and require
## them to re-login.
## You should probably set it through the LLDAP_JWT_SECRET environment
## variable from a secret ".env" file.
## This can also be set from a file's contents by specifying the file path
## in the LLDAP_JWT_SECRET_FILE environment variable
## You can generate it with (on linux):
## LC_ALL=C tr -dc 'A-Za-z0-9!#%&'\''()*+,-./:;<=>?@[\]^_{|}~' </dev/urandom | head -c 32; echo ''
jwt_secret = "********"

## Base DN for LDAP.
## This is usually your domain name, and is used as a
## namespace for your users. The choice is arbitrary, but will be needed
## to configure the LDAP integration with other services.
## The sample value is for "example.com", but you can extend it with as
## many "dc" as you want, and you don't actually need to own the domain
## name.
ldap_base_dn = "dc=auth,dc=priv,dc=domain,dc=com"

## Admin username.
## For the LDAP interface, a value of "admin" here will create the LDAP
## user "cn=admin,ou=people,dc=example,dc=com" (with the base DN above).
## For the administration interface, this is the username.
ldap_user_dn = "admin"

## Admin email.
## Email for the admin account. It is only used when initially creating
## the admin user, and can safely be omitted.
ldap_user_email = "user@mail.priv.domain.com"

## Admin password.
## Password for the admin account, both for the LDAP bind and for the
## administration interface. It is only used when initially creating
## the admin user.
## It should be minimum 8 characters long.
## You can set it with the LLDAP_LDAP_USER_PASS environment variable.
## This can also be set from a file's contents by specifying the file path
## in the LLDAP_LDAP_USER_PASS_FILE environment variable
## Note: you can create another admin user for user administration, this
## is just the default one.
ldap_user_pass = "password"

## Force reset of the admin password.
## Break glass in case of emergency: if you lost the admin password, you
## can set this to true to force a reset of the admin password to the value
## of ldap_user_pass above.
## Alternatively, you can set it to "always" to reset every time the server starts.
force_ldap_user_pass_reset = false

## Database URL.
## This encodes the type of database (SQlite, MySQL, or PostgreSQL)
## , the path, the user, password, and sometimes the mode (when
## relevant).
## Note: SQlite should come with "?mode=rwc" to create the DB
## if not present.
## Example URLs:
##  - "postgres://postgres-user:password@postgres-server/my-database"
##  - "mysql://mysql-user:password@mysql-server/my-database"
##
## This can be overridden with the LLDAP_DATABASE_URL env variable.
database_url = "sqlite:///data/users.db?mode=rwc"

## Private key file.
## Not recommended, use key_seed instead.
## Contains the secret private key used to store the passwords safely.
## Note that even with a database dump and the private key, an attacker
## would still have to perform an (expensive) brute force attack to find
## each password.
## Randomly generated on first run if it doesn't exist.
## Env variable: LLDAP_KEY_FILE
key_file = ""

## Seed to generate the server private key, see key_file above.
## This can be any random string, the recommendation is that it's at least 12
## characters long.
## Env variable: LLDAP_KEY_SEED
key_seed = "********"

## Ignored attributes.
## Some services will request attributes that are not present in LLDAP. When it
## is the case, LLDAP will warn about the attribute being unknown. If you want
## to ignore the attribute and the service works without, you can add it to this
## list to silence the warning.
#ignored_user_attributes = [ "sAMAccountName" ]
#ignored_group_attributes = [ "mail", "userPrincipalName" ]

## Options to configure SMTP parameters, to send password reset emails.
## To set these options from environment variables, use the following format
## (example with "password"): LLDAP_SMTP_OPTIONS__PASSWORD
[smtp_options]
## Whether to enabled password reset via email, from LLDAP.
#enable_password_reset=true
## The SMTP server.
#server="mail.priv.domain.com"
## The SMTP port.
#port=587
## How the connection is encrypted, either "NONE" (no encryption), "TLS" or "STARTTLS".
#smtp_encryption = "TLS"
## The SMTP user, usually your email address.
#user="services@mail.priv.domain.com"
## The SMTP password.
#password="********"
## The header field, optional: how the sender appears in the email. The first
## is a free-form name, followed by an email between <>.
#from="LLDAP Admin <services@mail.priv.domain.com>"
## Same for reply-to, optional.
#reply_to="Do not reply <noreply@localhost>"

## Options to configure LDAPS.
## To set these options from environment variables, use the following format
## (example with "port"): LLDAP_LDAPS_OPTIONS__PORT
[ldaps_options]
## Whether to enable LDAPS.
enabled=true
## Port on which to listen.
port=636
## Certificate file.
cert_file="/data/privdomain.pem"
## Certificate key file.
key_file="/data/privdomain.key"

Expected behavior
Able to login as admin

Logs
Web Logs

Image

Server Logs

$ docker-compose up
WARNING: The word variable is not set. Defaulting to a blank string.
Starting lldap_lldap_1 ... done
Attaching to lldap_lldap_1
lldap_1  | > Setup permissions..
lldap_1  | > Starting lldap..
lldap_1  | 
lldap_1  | Loading configuration from /data/lldap_config.toml
lldap_1  | Configuration: Configuration {
lldap_1  |     ldap_host: "0.0.0.0",
lldap_1  |     ldap_port: 389,
lldap_1  |     http_host: "0.0.0.0",
lldap_1  |     http_port: 80,
lldap_1  |     jwt_secret: ***SECRET***,
lldap_1  |     ldap_base_dn: "dc=example,dc=com",
lldap_1  |     ldap_user_dn: "admin",
lldap_1  |     ldap_user_email: "user@mail.priv.domain.com",
lldap_1  |     ldap_user_pass: ***SECRET***,
lldap_1  |     force_ldap_user_pass_reset: False,
lldap_1  |     force_update_private_key: false,
lldap_1  |     database_url: "sqlite:///data/users.db?mode=rwc",
lldap_1  |     ignored_user_attributes: [],
lldap_1  |     ignored_group_attributes: [],
lldap_1  |     verbose: true,
lldap_1  |     key_file: "",
lldap_1  |     key_seed: Some(
lldap_1  |         ***SECRET***,
lldap_1  |     ),
lldap_1  |     smtp_options: MailOptions {
lldap_1  |         enable_password_reset: true,
lldap_1  |         from: Some(
lldap_1  |             "no-reply <services@mail.priv.domain.com>",
lldap_1  |         ),
lldap_1  |         reply_to: Some(
lldap_1  |             "admin <user@mail.priv.domain.com>",
lldap_1  |         ),
lldap_1  |         server: "mail.priv.domain.com",
lldap_1  |         port: 465,
lldap_1  |         user: "services@mail.priv.domain.com",
lldap_1  |         password: ***SECRET***,
lldap_1  |         smtp_encryption: Tls,
lldap_1  |         ..
lldap_1  |     },
lldap_1  |     ldaps_options: LdapsOptions {
lldap_1  |         enabled: true,
lldap_1  |         port: 636,
lldap_1  |         cert_file: "/data/privdomain.pem",
lldap_1  |         key_file: "/data/privdomain.key",
lldap_1  |     },
lldap_1  |     http_url: "http://auth.priv.domain.com/",
lldap_1  |     ..
lldap_1  | }
lldap_1  | Generating the private key from the key_seed
lldap_1  | 2025-01-31T22:56:28.105780547+00:00  INFO     set_up_server [ 5.52ms | 13.66% / 100.00% ]
lldap_1  | 2025-01-31T22:56:28.105800981+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.6.1
lldap_1  | 2025-01-31T22:56:28.106591910+00:00  DEBUG    ┝━ get_schema_version [ 882µs | 15.98% ]
lldap_1  | 2025-01-31T22:56:28.107620337+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: Some(SchemaVersion(10))
lldap_1  | 2025-01-31T22:56:28.109497653+00:00  DEBUG    ┝━ list_groups [ 1.09ms | 19.78% ] filters: Some(DisplayName("lldap_admin"))
lldap_1  | 2025-01-31T22:56:28.111123366+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [Group { id: 1, display_name: "lldap_admin", creation_date: 2025-01-31T17:51:39.444137452, uuid: "a5d2d87a-8db4-3c82-aa00-1108ee1959a1", users: ["admin"], attributes: [] }]
lldap_1  | 2025-01-31T22:56:28.111132136+00:00  DEBUG    ┝━ list_groups [ 737µs | 13.35% ] filters: Some(DisplayName("lldap_password_manager"))
lldap_1  | 2025-01-31T22:56:28.112085129+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [Group { id: 2, display_name: "lldap_password_manager", creation_date: 2025-01-31T17:51:39.522608513, uuid: "2c2585b6-2641-310c-9b0f-b1be4d488586", users: [], attributes: [] }]
lldap_1  | 2025-01-31T22:56:28.112104622+00:00  DEBUG    ┝━ list_groups [ 778µs | 14.09% ] filters: Some(DisplayName("lldap_strict_readonly"))
lldap_1  | 2025-01-31T22:56:28.113168271+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [Group { id: 3, display_name: "lldap_strict_readonly", creation_date: 2025-01-31T17:51:39.731146066, uuid: "2e858e32-28f5-35dd-9de9-006e22ea4768", users: [], attributes: [] }]
lldap_1  | 2025-01-31T22:56:28.113193902+00:00  DEBUG    ┝━ list_users [ 1.09ms | 19.74% ] filters: Some(MemberOf("lldap_admin")) | _get_groups: false
lldap_1  | 2025-01-31T22:56:28.114817984+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [UserAndGroups { user: User { user_id: "admin", email: "user@mail.priv.domain.com", display_name: Some("Administrator"), creation_date: 2025-01-31T17:51:39.815509156, uuid: "34be730e-0586-347a-b1bd-39e054776ada", attributes: [] }, groups: Some([GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-01-31T17:51:39.444137452, uuid: "a5d2d87a-8db4-3c82-aa00-1108ee1959a1", attributes: [] }]) }]
lldap_1  | 2025-01-31T22:56:28.115018352+00:00  INFO     ┝━ i [info]: Starting the LDAP server on port 389
lldap_1  | 2025-01-31T22:56:28.115499310+00:00  INFO     ┝━ i [info]: Starting the LDAPS server on port 636
lldap_1  | 2025-01-31T22:56:28.115589560+00:00  DEBUG    ┝━ get_jwt_blacklist [ 187µs | 3.39% ]
lldap_1  | 2025-01-31T22:56:28.115932991+00:00  INFO     ┕━ i [info]: Starting the API/web server on port 80
lldap_1  | 2025-01-31T22:56:28.116123333+00:00  INFO     i [info]: starting 1 workers
lldap_1  | 2025-01-31T22:56:28.116132371+00:00  INFO     i [info]: Actix runtime found; starting in Actix runtime
lldap_1  | 2025-01-31T22:56:28.116149425+00:00  INFO     i [info]: starting service: "ldap", workers: 1, listening on: 0.0.0.0:389
lldap_1  | 2025-01-31T22:56:28.116157522+00:00  INFO     i [info]: starting service: "ldaps", workers: 1, listening on: 0.0.0.0:636
lldap_1  | 2025-01-31T22:56:28.116167083+00:00  INFO     i [info]: starting service: "http", workers: 1, listening on: 0.0.0.0:80
lldap_1  | 2025-01-31T22:56:28.118397704+00:00  INFO     i [info]: DB Cleanup Cron started
lldap_1  | 2025-01-31T22:56:58.153894482+00:00  INFO     i [info]: LDAP session start: 930b44f7-9b35-4d46-8590-7a185e2eb5c4
lldap_1  | 2025-01-31T22:56:58.153978938+00:00  INFO     LDAP request [ 212µs | 100.00% ] session_id: 930b44f7-9b35-4d46-8590-7a185e2eb5c4
lldap_1  | 2025-01-31T22:56:58.153992705+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
lldap_1  | 2025-01-31T22:56:58.153996355+00:00  DEBUG    ┝━ 🐛 [debug]: rootDSE request
lldap_1  | 2025-01-31T22:56:58.154040015+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] })
lldap_1  | 2025-01-31T22:56:58.154135437+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap_1  | 2025-01-31T22:56:58.154298781+00:00  DEBUG    🐛 [debug]: decided upon suite TLS13_AES_256_GCM_SHA384 | log.target: "rustls::server::hs" | log.module_path: "rustls::server::hs" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.20.9/src/server/hs.rs" | log.line: 382
lldap_1  | 2025-01-31T22:56:58.157367939+00:00  DEBUG    HTTP request [ 24.9µs | 100.00% ] method: "GET" | uri: "/health"
lldap_1  | 2025-01-31T22:56:58.157393785+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:56:58.157453141+00:00  INFO     i [info]: LDAP session end: 930b44f7-9b35-4d46-8590-7a185e2eb5c4
lldap_1  | 2025-01-31T22:56:58.158047868+00:00  INFO     i [info]: LDAP session start: 8d929799-efc5-441c-bbb9-0e76c5aad362
lldap_1  | 2025-01-31T22:56:58.158104622+00:00  INFO     LDAP request [ 170µs | 100.00% ] session_id: 8d929799-efc5-441c-bbb9-0e76c5aad362
lldap_1  | 2025-01-31T22:56:58.158133720+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
lldap_1  | 2025-01-31T22:56:58.158136612+00:00  DEBUG    ┝━ 🐛 [debug]: rootDSE request
lldap_1  | 2025-01-31T22:56:58.158153546+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] })
lldap_1  | 2025-01-31T22:56:58.158256015+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap_1  | 2025-01-31T22:56:58.199526546+00:00  INFO     i [info]: LDAP session end: 8d929799-efc5-441c-bbb9-0e76c5aad362
lldap_1  | 2025-01-31T22:57:28.337312777+00:00  INFO     i [info]: LDAP session start: cce72ace-40cb-4625-88c7-828b0559eb06
lldap_1  | 2025-01-31T22:57:28.337458308+00:00  INFO     LDAP request [ 218µs | 100.00% ] session_id: cce72ace-40cb-4625-88c7-828b0559eb06
lldap_1  | 2025-01-31T22:57:28.337491499+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
lldap_1  | 2025-01-31T22:57:28.337496472+00:00  DEBUG    ┝━ 🐛 [debug]: rootDSE request
lldap_1  | 2025-01-31T22:57:28.337539154+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] })
lldap_1  | 2025-01-31T22:57:28.337618469+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap_1  | 2025-01-31T22:57:28.337804221+00:00  DEBUG    🐛 [debug]: decided upon suite TLS13_AES_256_GCM_SHA384 | log.target: "rustls::server::hs" | log.module_path: "rustls::server::hs" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.20.9/src/server/hs.rs" | log.line: 382
lldap_1  | 2025-01-31T22:57:28.340983507+00:00  INFO     i [info]: LDAP session end: cce72ace-40cb-4625-88c7-828b0559eb06
lldap_1  | 2025-01-31T22:57:28.341187075+00:00  DEBUG    HTTP request [ 13.1µs | 100.00% ] method: "GET" | uri: "/health"
lldap_1  | 2025-01-31T22:57:28.341201554+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:57:28.341733024+00:00  INFO     i [info]: LDAP session start: 4097555c-a1ff-4028-904b-2b95feea2bd9
lldap_1  | 2025-01-31T22:57:28.341774126+00:00  INFO     LDAP request [ 169µs | 100.00% ] session_id: 4097555c-a1ff-4028-904b-2b95feea2bd9
lldap_1  | 2025-01-31T22:57:28.341801105+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
lldap_1  | 2025-01-31T22:57:28.341804078+00:00  DEBUG    ┝━ 🐛 [debug]: rootDSE request
lldap_1  | 2025-01-31T22:57:28.341821719+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] })
lldap_1  | 2025-01-31T22:57:28.341923267+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap_1  | 2025-01-31T22:57:28.382554364+00:00  INFO     i [info]: LDAP session end: 4097555c-a1ff-4028-904b-2b95feea2bd9
lldap_1  | 2025-01-31T22:57:48.915154319+00:00  DEBUG    HTTP request [ 67.7µs | 100.00% ] method: "GET" | uri: "/login"
lldap_1  | 2025-01-31T22:57:48.915223586+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:57:48.968807591+00:00  DEBUG    HTTP request [ 87.5µs | 100.00% ] method: "GET" | uri: "/static/main.js"
lldap_1  | 2025-01-31T22:57:48.968894924+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:57:49.014982985+00:00  DEBUG    HTTP request [ 123µs | 100.00% ] method: "GET" | uri: "/static/bootstrap.bundle.min.js.map"
lldap_1  | 2025-01-31T22:57:49.015050582+00:00  DEBUG    ┝━ 🐛 [debug]: error handling /static/bootstrap.bundle.min.js.map: No such file or directory (os error 2) | log.target: "actix_files::service" | log.module_path: "actix_files::service" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-files-0.6.6/src/service.rs" | log.line: 56
lldap_1  | 2025-01-31T22:57:49.015104347+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:57:49.157581+00:00     DEBUG    HTTP request [ 1.01ms | 0.00% / 100.00% ] method: "POST" | uri: "/auth/reset/step1/lldap_unlikely_very_long_user_name"
lldap_1  | 2025-01-31T22:57:49.157676480+00:00  DEBUG    ┝━ get_password_reset_step1 [ 1.01ms | 0.00% / 100.00% ]
lldap_1  | 2025-01-31T22:57:49.157702213+00:00  DEBUG    │  ┕━ list_users [ 1.01ms | 100.00% ] filters: Some(Or([UserId("lldap_unlikely_very_long_user_name"), Equality(Email, "lldap_unlikely_very_long_user_name")])) | _get_groups: false
lldap_1  | 2025-01-31T22:57:49.159161123+00:00  DEBUG    │     ┕━ 🐛 [debug]:  | return: []
lldap_1  | 2025-01-31T22:57:49.159203567+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:57:49.159894570+00:00  DEBUG    HTTP request [ 45.0µs | 86.93% / 100.00% ] method: "GET" | uri: "/auth/refresh"
lldap_1  | 2025-01-31T22:57:49.159903710+00:00  DEBUG    ┝━ get_refresh [ 5.89µs | 13.07% ]
lldap_1  | 2025-01-31T22:57:49.159940433+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 401
lldap_1  | 2025-01-31T22:57:49.160371234+00:00  DEBUG    HTTP request [ 44.1µs | 100.00% ] method: "GET" | uri: "/spinner.gif"
lldap_1  | 2025-01-31T22:57:49.160414648+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:57:58.669640997+00:00  INFO     i [info]: LDAP session start: 3536640e-fe58-4852-ba0f-c9ba0a1f775b
lldap_1  | 2025-01-31T22:57:58.669761203+00:00  INFO     LDAP request [ 206µs | 100.00% ] session_id: 3536640e-fe58-4852-ba0f-c9ba0a1f775b
lldap_1  | 2025-01-31T22:57:58.669794327+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
lldap_1  | 2025-01-31T22:57:58.669799915+00:00  DEBUG    ┝━ 🐛 [debug]: rootDSE request
lldap_1  | 2025-01-31T22:57:58.669840530+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] })
lldap_1  | 2025-01-31T22:57:58.669915417+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap_1  | 2025-01-31T22:57:58.670110031+00:00  DEBUG    🐛 [debug]: decided upon suite TLS13_AES_256_GCM_SHA384 | log.target: "rustls::server::hs" | log.module_path: "rustls::server::hs" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.20.9/src/server/hs.rs" | log.line: 382
lldap_1  | 2025-01-31T22:57:58.673276606+00:00  DEBUG    HTTP request [ 11.9µs | 100.00% ] method: "GET" | uri: "/health"
lldap_1  | 2025-01-31T22:57:58.673289519+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:57:58.673346937+00:00  INFO     i [info]: LDAP session end: 3536640e-fe58-4852-ba0f-c9ba0a1f775b
lldap_1  | 2025-01-31T22:57:58.673958187+00:00  INFO     i [info]: LDAP session start: 4e7a2956-d846-4a55-9a9e-ad13174c58e6
lldap_1  | 2025-01-31T22:57:58.674002817+00:00  INFO     LDAP request [ 231µs | 100.00% ] session_id: 4e7a2956-d846-4a55-9a9e-ad13174c58e6
lldap_1  | 2025-01-31T22:57:58.674033789+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
lldap_1  | 2025-01-31T22:57:58.674037012+00:00  DEBUG    ┝━ 🐛 [debug]: rootDSE request
lldap_1  | 2025-01-31T22:57:58.674060500+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] })
lldap_1  | 2025-01-31T22:57:58.674211793+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap_1  | 2025-01-31T22:57:58.715513806+00:00  INFO     i [info]: LDAP session end: 4e7a2956-d846-4a55-9a9e-ad13174c58e6
lldap_1  | 2025-01-31T22:58:11.009709747+00:00  DEBUG    HTTP request [ 1.31ms | 11.02% / 100.00% ] method: "POST" | uri: "/auth/opaque/login/start"
lldap_1  | 2025-01-31T22:58:11.009769975+00:00  DEBUG    ┝━ opaque_login_start [ 1.17ms | 1.58% / 88.98% ]
lldap_1  | 2025-01-31T22:58:11.009823397+00:00  DEBUG    │  ┕━ login_start [ 1.15ms | 60.98% / 87.39% ]
lldap_1  | 2025-01-31T22:58:11.009828310+00:00  INFO     │     ┝━ i [info]: OPAQUE login attempt for "admin"
lldap_1  | 2025-01-31T22:58:11.009832341+00:00  DEBUG    │     ┕━ get_password_file_for_user [ 347µs | 26.42% ] user_id: "admin"
lldap_1  | 2025-01-31T22:58:11.011290679+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:58:28.896590970+00:00  INFO     i [info]: LDAP session start: 18376015-77b3-4bf1-9ab3-b8a9141fad03
lldap_1  | 2025-01-31T22:58:28.896687938+00:00  INFO     LDAP request [ 235µs | 100.00% ] session_id: 18376015-77b3-4bf1-9ab3-b8a9141fad03
lldap_1  | 2025-01-31T22:58:28.896726730+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
lldap_1  | 2025-01-31T22:58:28.896732883+00:00  DEBUG    ┝━ 🐛 [debug]: rootDSE request
lldap_1  | 2025-01-31T22:58:28.896780636+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] })
lldap_1  | 2025-01-31T22:58:28.896867778+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap_1  | 2025-01-31T22:58:28.897068201+00:00  DEBUG    🐛 [debug]: decided upon suite TLS13_AES_256_GCM_SHA384 | log.target: "rustls::server::hs" | log.module_path: "rustls::server::hs" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.20.9/src/server/hs.rs" | log.line: 382
lldap_1  | 2025-01-31T22:58:28.901469782+00:00  DEBUG    HTTP request [ 15.7µs | 100.00% ] method: "GET" | uri: "/health"
lldap_1  | 2025-01-31T22:58:28.901487302+00:00  DEBUG    ┕━ 🐛 [debug]:  | status_code: 200
lldap_1  | 2025-01-31T22:58:28.901568250+00:00  INFO     i [info]: LDAP session end: 18376015-77b3-4bf1-9ab3-b8a9141fad03
lldap_1  | 2025-01-31T22:58:28.902277089+00:00  INFO     i [info]: LDAP session start: bfadba50-65c5-497e-bc18-574758f03471
lldap_1  | 2025-01-31T22:58:28.902334515+00:00  INFO     LDAP request [ 239µs | 100.00% ] session_id: bfadba50-65c5-497e-bc18-574758f03471
lldap_1  | 2025-01-31T22:58:28.902370487+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
lldap_1  | 2025-01-31T22:58:28.902375266+00:00  DEBUG    ┝━ 🐛 [debug]: rootDSE request
lldap_1  | 2025-01-31T22:58:28.902400083+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] })
lldap_1  | 2025-01-31T22:58:28.902546195+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap_1  | 2025-01-31T22:58:28.943597269+00:00  INFO     i [info]: LDAP session end: bfadba50-65c5-497e-bc18-574758f03471

Additional context
I've tried setting the password, not setting the password, forcing the password reset, and deleting the user db.

Originally created by @crypticscribe on GitHub (Feb 3, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1095 **Describe the bug** I'm unable to login to the web UI as the admin user after spinning up the docker container, creating the volume, and customizing the config files. My docker-compose.yml ``` version: "3" volumes: lldap-data: driver: local services: lldap: image: lldap/lldap:stable ports: # For LDAP, not recommended to expose, see Usage section. - "389:389" # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below - "636:636" # For the web front-end - "80:80" volumes: - "lldap-data:/data" # Alternatively, you can mount a local folder # - "./lldap_data:/data" environment: - UID=1004 - GID=1004 - TZ=America/New_York - LLDAP_JWT_SECRET=******** - LLDAP_KEY_SEED=******** - LLDAP_LDAP_BASE_DN=dc=auth,dc=priv,dc=domain,dc=com - LLDAP_LDAP_USER_PASS=password # If using LDAPS, set enabled true and configure cert and key path - LLDAP_LDAPS_OPTIONS__ENABLED=true - LLDAP_LDAPS_OPTIONS__CERT_FILE=/data/privdomain.pem - LLDAP_LDAPS_OPTIONS__KEY_FILE=/data/privdomain.key # You can also set a different database: # - LLDAP_DATABASE_URL=mysql://mysql-user:password@mysql-server/my-database # - LLDAP_DATABASE_URL=postgres://postgres-user:password@postgres-server/my-database # If using SMTP, set the following variables - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=true - LLDAP_SMTP_OPTIONS__SERVER=mail.priv.domain.com - LLDAP_SMTP_OPTIONS__PORT=465 # Check your smtp providor's documentation for this setting - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=TLS # How the connection is encrypted, either "NONE" (no encryption, port 25), "TLS" (sometimes called SSL, port 465) or "STARTTLS" (sometimes called TLS, port 587). - LLDAP_SMTP_OPTIONS__USER=services@mail.priv.domain.com # The SMTP user, usually your email address - LLDAP_SMTP_OPTIONS__PASSWORD=******** # The SMTP password - LLDAP_SMTP_OPTIONS__FROM=no-reply <services@mail.priv.domain.com> # The header field, optional: how the sender appears in the email. The first is a free-form name, followed by an email between <>. - LLDAP_SMTP_OPTIONS__TO=admin <user@mail.priv.domain.com> # Same for reply-to, optional. ``` My lldap_config.toml ``` ## Default configuration for Docker. ## All the values can be overridden through environment variables, prefixed ## with "LLDAP_". For instance, "ldap_port" can be overridden with the ## "LLDAP_LDAP_PORT" variable. ## Tune the logging to be more verbose by setting this to be true. ## You can set it with the LLDAP_VERBOSE environment variable. verbose=true ## The host address that the LDAP server will be bound to. ## To enable IPv6 support, simply switch "ldap_host" to "::": ## To only allow connections from localhost (if you want to restrict to local self-hosted services), ## change it to "127.0.0.1" ("::1" in case of IPv6). ## If LLDAP server is running in docker, set it to "0.0.0.0" ("::" for IPv6) to allow connections ## originating from outside the container. ldap_host = "0.0.0.0" ## The port on which to have the LDAP server. ldap_port = 389 ## The host address that the HTTP server will be bound to. ## To enable IPv6 support, simply switch "http_host" to "::". ## To only allow connections from localhost (if you want to restrict to local self-hosted services), ## change it to "127.0.0.1" ("::1" in case of IPv6). ## If LLDAP server is running in docker, set it to "0.0.0.0" ("::" for IPv6) to allow connections ## originating from outside the container. http_host = "0.0.0.0" ## The port on which to have the HTTP server, for user login and ## administration. #http_port = 17170 http_port = 80 ## The public URL of the server, for password reset links. http_url = "http://auth.priv.domain.com" ## The path to the front-end assets (relative to the working directory). assets_path = "./app" ## Random secret for JWT signature. ## This secret should be random, and should be shared with application ## servers that need to consume the JWTs. ## Changing this secret will invalidate all user sessions and require ## them to re-login. ## You should probably set it through the LLDAP_JWT_SECRET environment ## variable from a secret ".env" file. ## This can also be set from a file's contents by specifying the file path ## in the LLDAP_JWT_SECRET_FILE environment variable ## You can generate it with (on linux): ## LC_ALL=C tr -dc 'A-Za-z0-9!#%&'\''()*+,-./:;<=>?@[\]^_{|}~' </dev/urandom | head -c 32; echo '' jwt_secret = "********" ## Base DN for LDAP. ## This is usually your domain name, and is used as a ## namespace for your users. The choice is arbitrary, but will be needed ## to configure the LDAP integration with other services. ## The sample value is for "example.com", but you can extend it with as ## many "dc" as you want, and you don't actually need to own the domain ## name. ldap_base_dn = "dc=auth,dc=priv,dc=domain,dc=com" ## Admin username. ## For the LDAP interface, a value of "admin" here will create the LDAP ## user "cn=admin,ou=people,dc=example,dc=com" (with the base DN above). ## For the administration interface, this is the username. ldap_user_dn = "admin" ## Admin email. ## Email for the admin account. It is only used when initially creating ## the admin user, and can safely be omitted. ldap_user_email = "user@mail.priv.domain.com" ## Admin password. ## Password for the admin account, both for the LDAP bind and for the ## administration interface. It is only used when initially creating ## the admin user. ## It should be minimum 8 characters long. ## You can set it with the LLDAP_LDAP_USER_PASS environment variable. ## This can also be set from a file's contents by specifying the file path ## in the LLDAP_LDAP_USER_PASS_FILE environment variable ## Note: you can create another admin user for user administration, this ## is just the default one. ldap_user_pass = "password" ## Force reset of the admin password. ## Break glass in case of emergency: if you lost the admin password, you ## can set this to true to force a reset of the admin password to the value ## of ldap_user_pass above. ## Alternatively, you can set it to "always" to reset every time the server starts. force_ldap_user_pass_reset = false ## Database URL. ## This encodes the type of database (SQlite, MySQL, or PostgreSQL) ## , the path, the user, password, and sometimes the mode (when ## relevant). ## Note: SQlite should come with "?mode=rwc" to create the DB ## if not present. ## Example URLs: ## - "postgres://postgres-user:password@postgres-server/my-database" ## - "mysql://mysql-user:password@mysql-server/my-database" ## ## This can be overridden with the LLDAP_DATABASE_URL env variable. database_url = "sqlite:///data/users.db?mode=rwc" ## Private key file. ## Not recommended, use key_seed instead. ## Contains the secret private key used to store the passwords safely. ## Note that even with a database dump and the private key, an attacker ## would still have to perform an (expensive) brute force attack to find ## each password. ## Randomly generated on first run if it doesn't exist. ## Env variable: LLDAP_KEY_FILE key_file = "" ## Seed to generate the server private key, see key_file above. ## This can be any random string, the recommendation is that it's at least 12 ## characters long. ## Env variable: LLDAP_KEY_SEED key_seed = "********" ## Ignored attributes. ## Some services will request attributes that are not present in LLDAP. When it ## is the case, LLDAP will warn about the attribute being unknown. If you want ## to ignore the attribute and the service works without, you can add it to this ## list to silence the warning. #ignored_user_attributes = [ "sAMAccountName" ] #ignored_group_attributes = [ "mail", "userPrincipalName" ] ## Options to configure SMTP parameters, to send password reset emails. ## To set these options from environment variables, use the following format ## (example with "password"): LLDAP_SMTP_OPTIONS__PASSWORD [smtp_options] ## Whether to enabled password reset via email, from LLDAP. #enable_password_reset=true ## The SMTP server. #server="mail.priv.domain.com" ## The SMTP port. #port=587 ## How the connection is encrypted, either "NONE" (no encryption), "TLS" or "STARTTLS". #smtp_encryption = "TLS" ## The SMTP user, usually your email address. #user="services@mail.priv.domain.com" ## The SMTP password. #password="********" ## The header field, optional: how the sender appears in the email. The first ## is a free-form name, followed by an email between <>. #from="LLDAP Admin <services@mail.priv.domain.com>" ## Same for reply-to, optional. #reply_to="Do not reply <noreply@localhost>" ## Options to configure LDAPS. ## To set these options from environment variables, use the following format ## (example with "port"): LLDAP_LDAPS_OPTIONS__PORT [ldaps_options] ## Whether to enable LDAPS. enabled=true ## Port on which to listen. port=636 ## Certificate file. cert_file="/data/privdomain.pem" ## Certificate key file. key_file="/data/privdomain.key" ``` **Expected behavior** Able to login as admin **Logs** Web Logs ![Image](https://github.com/user-attachments/assets/72699f74-2bf6-4fed-a597-5b8e3ef67f9e) Server Logs ``` $ docker-compose up WARNING: The word variable is not set. Defaulting to a blank string. Starting lldap_lldap_1 ... done Attaching to lldap_lldap_1 lldap_1 | > Setup permissions.. lldap_1 | > Starting lldap.. lldap_1 | lldap_1 | Loading configuration from /data/lldap_config.toml lldap_1 | Configuration: Configuration { lldap_1 | ldap_host: "0.0.0.0", lldap_1 | ldap_port: 389, lldap_1 | http_host: "0.0.0.0", lldap_1 | http_port: 80, lldap_1 | jwt_secret: ***SECRET***, lldap_1 | ldap_base_dn: "dc=example,dc=com", lldap_1 | ldap_user_dn: "admin", lldap_1 | ldap_user_email: "user@mail.priv.domain.com", lldap_1 | ldap_user_pass: ***SECRET***, lldap_1 | force_ldap_user_pass_reset: False, lldap_1 | force_update_private_key: false, lldap_1 | database_url: "sqlite:///data/users.db?mode=rwc", lldap_1 | ignored_user_attributes: [], lldap_1 | ignored_group_attributes: [], lldap_1 | verbose: true, lldap_1 | key_file: "", lldap_1 | key_seed: Some( lldap_1 | ***SECRET***, lldap_1 | ), lldap_1 | smtp_options: MailOptions { lldap_1 | enable_password_reset: true, lldap_1 | from: Some( lldap_1 | "no-reply <services@mail.priv.domain.com>", lldap_1 | ), lldap_1 | reply_to: Some( lldap_1 | "admin <user@mail.priv.domain.com>", lldap_1 | ), lldap_1 | server: "mail.priv.domain.com", lldap_1 | port: 465, lldap_1 | user: "services@mail.priv.domain.com", lldap_1 | password: ***SECRET***, lldap_1 | smtp_encryption: Tls, lldap_1 | .. lldap_1 | }, lldap_1 | ldaps_options: LdapsOptions { lldap_1 | enabled: true, lldap_1 | port: 636, lldap_1 | cert_file: "/data/privdomain.pem", lldap_1 | key_file: "/data/privdomain.key", lldap_1 | }, lldap_1 | http_url: "http://auth.priv.domain.com/", lldap_1 | .. lldap_1 | } lldap_1 | Generating the private key from the key_seed lldap_1 | 2025-01-31T22:56:28.105780547+00:00 INFO set_up_server [ 5.52ms | 13.66% / 100.00% ] lldap_1 | 2025-01-31T22:56:28.105800981+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.6.1 lldap_1 | 2025-01-31T22:56:28.106591910+00:00 DEBUG ┝━ get_schema_version [ 882µs | 15.98% ] lldap_1 | 2025-01-31T22:56:28.107620337+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: Some(SchemaVersion(10)) lldap_1 | 2025-01-31T22:56:28.109497653+00:00 DEBUG ┝━ list_groups [ 1.09ms | 19.78% ] filters: Some(DisplayName("lldap_admin")) lldap_1 | 2025-01-31T22:56:28.111123366+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [Group { id: 1, display_name: "lldap_admin", creation_date: 2025-01-31T17:51:39.444137452, uuid: "a5d2d87a-8db4-3c82-aa00-1108ee1959a1", users: ["admin"], attributes: [] }] lldap_1 | 2025-01-31T22:56:28.111132136+00:00 DEBUG ┝━ list_groups [ 737µs | 13.35% ] filters: Some(DisplayName("lldap_password_manager")) lldap_1 | 2025-01-31T22:56:28.112085129+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [Group { id: 2, display_name: "lldap_password_manager", creation_date: 2025-01-31T17:51:39.522608513, uuid: "2c2585b6-2641-310c-9b0f-b1be4d488586", users: [], attributes: [] }] lldap_1 | 2025-01-31T22:56:28.112104622+00:00 DEBUG ┝━ list_groups [ 778µs | 14.09% ] filters: Some(DisplayName("lldap_strict_readonly")) lldap_1 | 2025-01-31T22:56:28.113168271+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [Group { id: 3, display_name: "lldap_strict_readonly", creation_date: 2025-01-31T17:51:39.731146066, uuid: "2e858e32-28f5-35dd-9de9-006e22ea4768", users: [], attributes: [] }] lldap_1 | 2025-01-31T22:56:28.113193902+00:00 DEBUG ┝━ list_users [ 1.09ms | 19.74% ] filters: Some(MemberOf("lldap_admin")) | _get_groups: false lldap_1 | 2025-01-31T22:56:28.114817984+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [UserAndGroups { user: User { user_id: "admin", email: "user@mail.priv.domain.com", display_name: Some("Administrator"), creation_date: 2025-01-31T17:51:39.815509156, uuid: "34be730e-0586-347a-b1bd-39e054776ada", attributes: [] }, groups: Some([GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-01-31T17:51:39.444137452, uuid: "a5d2d87a-8db4-3c82-aa00-1108ee1959a1", attributes: [] }]) }] lldap_1 | 2025-01-31T22:56:28.115018352+00:00 INFO ┝━ i [info]: Starting the LDAP server on port 389 lldap_1 | 2025-01-31T22:56:28.115499310+00:00 INFO ┝━ i [info]: Starting the LDAPS server on port 636 lldap_1 | 2025-01-31T22:56:28.115589560+00:00 DEBUG ┝━ get_jwt_blacklist [ 187µs | 3.39% ] lldap_1 | 2025-01-31T22:56:28.115932991+00:00 INFO ┕━ i [info]: Starting the API/web server on port 80 lldap_1 | 2025-01-31T22:56:28.116123333+00:00 INFO i [info]: starting 1 workers lldap_1 | 2025-01-31T22:56:28.116132371+00:00 INFO i [info]: Actix runtime found; starting in Actix runtime lldap_1 | 2025-01-31T22:56:28.116149425+00:00 INFO i [info]: starting service: "ldap", workers: 1, listening on: 0.0.0.0:389 lldap_1 | 2025-01-31T22:56:28.116157522+00:00 INFO i [info]: starting service: "ldaps", workers: 1, listening on: 0.0.0.0:636 lldap_1 | 2025-01-31T22:56:28.116167083+00:00 INFO i [info]: starting service: "http", workers: 1, listening on: 0.0.0.0:80 lldap_1 | 2025-01-31T22:56:28.118397704+00:00 INFO i [info]: DB Cleanup Cron started lldap_1 | 2025-01-31T22:56:58.153894482+00:00 INFO i [info]: LDAP session start: 930b44f7-9b35-4d46-8590-7a185e2eb5c4 lldap_1 | 2025-01-31T22:56:58.153978938+00:00 INFO LDAP request [ 212µs | 100.00% ] session_id: 930b44f7-9b35-4d46-8590-7a185e2eb5c4 lldap_1 | 2025-01-31T22:56:58.153992705+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } lldap_1 | 2025-01-31T22:56:58.153996355+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request lldap_1 | 2025-01-31T22:56:58.154040015+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] }) lldap_1 | 2025-01-31T22:56:58.154135437+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap_1 | 2025-01-31T22:56:58.154298781+00:00 DEBUG 🐛 [debug]: decided upon suite TLS13_AES_256_GCM_SHA384 | log.target: "rustls::server::hs" | log.module_path: "rustls::server::hs" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.20.9/src/server/hs.rs" | log.line: 382 lldap_1 | 2025-01-31T22:56:58.157367939+00:00 DEBUG HTTP request [ 24.9µs | 100.00% ] method: "GET" | uri: "/health" lldap_1 | 2025-01-31T22:56:58.157393785+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:56:58.157453141+00:00 INFO i [info]: LDAP session end: 930b44f7-9b35-4d46-8590-7a185e2eb5c4 lldap_1 | 2025-01-31T22:56:58.158047868+00:00 INFO i [info]: LDAP session start: 8d929799-efc5-441c-bbb9-0e76c5aad362 lldap_1 | 2025-01-31T22:56:58.158104622+00:00 INFO LDAP request [ 170µs | 100.00% ] session_id: 8d929799-efc5-441c-bbb9-0e76c5aad362 lldap_1 | 2025-01-31T22:56:58.158133720+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } lldap_1 | 2025-01-31T22:56:58.158136612+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request lldap_1 | 2025-01-31T22:56:58.158153546+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] }) lldap_1 | 2025-01-31T22:56:58.158256015+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap_1 | 2025-01-31T22:56:58.199526546+00:00 INFO i [info]: LDAP session end: 8d929799-efc5-441c-bbb9-0e76c5aad362 lldap_1 | 2025-01-31T22:57:28.337312777+00:00 INFO i [info]: LDAP session start: cce72ace-40cb-4625-88c7-828b0559eb06 lldap_1 | 2025-01-31T22:57:28.337458308+00:00 INFO LDAP request [ 218µs | 100.00% ] session_id: cce72ace-40cb-4625-88c7-828b0559eb06 lldap_1 | 2025-01-31T22:57:28.337491499+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } lldap_1 | 2025-01-31T22:57:28.337496472+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request lldap_1 | 2025-01-31T22:57:28.337539154+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] }) lldap_1 | 2025-01-31T22:57:28.337618469+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap_1 | 2025-01-31T22:57:28.337804221+00:00 DEBUG 🐛 [debug]: decided upon suite TLS13_AES_256_GCM_SHA384 | log.target: "rustls::server::hs" | log.module_path: "rustls::server::hs" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.20.9/src/server/hs.rs" | log.line: 382 lldap_1 | 2025-01-31T22:57:28.340983507+00:00 INFO i [info]: LDAP session end: cce72ace-40cb-4625-88c7-828b0559eb06 lldap_1 | 2025-01-31T22:57:28.341187075+00:00 DEBUG HTTP request [ 13.1µs | 100.00% ] method: "GET" | uri: "/health" lldap_1 | 2025-01-31T22:57:28.341201554+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:57:28.341733024+00:00 INFO i [info]: LDAP session start: 4097555c-a1ff-4028-904b-2b95feea2bd9 lldap_1 | 2025-01-31T22:57:28.341774126+00:00 INFO LDAP request [ 169µs | 100.00% ] session_id: 4097555c-a1ff-4028-904b-2b95feea2bd9 lldap_1 | 2025-01-31T22:57:28.341801105+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } lldap_1 | 2025-01-31T22:57:28.341804078+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request lldap_1 | 2025-01-31T22:57:28.341821719+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] }) lldap_1 | 2025-01-31T22:57:28.341923267+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap_1 | 2025-01-31T22:57:28.382554364+00:00 INFO i [info]: LDAP session end: 4097555c-a1ff-4028-904b-2b95feea2bd9 lldap_1 | 2025-01-31T22:57:48.915154319+00:00 DEBUG HTTP request [ 67.7µs | 100.00% ] method: "GET" | uri: "/login" lldap_1 | 2025-01-31T22:57:48.915223586+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:57:48.968807591+00:00 DEBUG HTTP request [ 87.5µs | 100.00% ] method: "GET" | uri: "/static/main.js" lldap_1 | 2025-01-31T22:57:48.968894924+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:57:49.014982985+00:00 DEBUG HTTP request [ 123µs | 100.00% ] method: "GET" | uri: "/static/bootstrap.bundle.min.js.map" lldap_1 | 2025-01-31T22:57:49.015050582+00:00 DEBUG ┝━ 🐛 [debug]: error handling /static/bootstrap.bundle.min.js.map: No such file or directory (os error 2) | log.target: "actix_files::service" | log.module_path: "actix_files::service" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-files-0.6.6/src/service.rs" | log.line: 56 lldap_1 | 2025-01-31T22:57:49.015104347+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:57:49.157581+00:00 DEBUG HTTP request [ 1.01ms | 0.00% / 100.00% ] method: "POST" | uri: "/auth/reset/step1/lldap_unlikely_very_long_user_name" lldap_1 | 2025-01-31T22:57:49.157676480+00:00 DEBUG ┝━ get_password_reset_step1 [ 1.01ms | 0.00% / 100.00% ] lldap_1 | 2025-01-31T22:57:49.157702213+00:00 DEBUG │ ┕━ list_users [ 1.01ms | 100.00% ] filters: Some(Or([UserId("lldap_unlikely_very_long_user_name"), Equality(Email, "lldap_unlikely_very_long_user_name")])) | _get_groups: false lldap_1 | 2025-01-31T22:57:49.159161123+00:00 DEBUG │ ┕━ 🐛 [debug]: | return: [] lldap_1 | 2025-01-31T22:57:49.159203567+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:57:49.159894570+00:00 DEBUG HTTP request [ 45.0µs | 86.93% / 100.00% ] method: "GET" | uri: "/auth/refresh" lldap_1 | 2025-01-31T22:57:49.159903710+00:00 DEBUG ┝━ get_refresh [ 5.89µs | 13.07% ] lldap_1 | 2025-01-31T22:57:49.159940433+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 401 lldap_1 | 2025-01-31T22:57:49.160371234+00:00 DEBUG HTTP request [ 44.1µs | 100.00% ] method: "GET" | uri: "/spinner.gif" lldap_1 | 2025-01-31T22:57:49.160414648+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:57:58.669640997+00:00 INFO i [info]: LDAP session start: 3536640e-fe58-4852-ba0f-c9ba0a1f775b lldap_1 | 2025-01-31T22:57:58.669761203+00:00 INFO LDAP request [ 206µs | 100.00% ] session_id: 3536640e-fe58-4852-ba0f-c9ba0a1f775b lldap_1 | 2025-01-31T22:57:58.669794327+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } lldap_1 | 2025-01-31T22:57:58.669799915+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request lldap_1 | 2025-01-31T22:57:58.669840530+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] }) lldap_1 | 2025-01-31T22:57:58.669915417+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap_1 | 2025-01-31T22:57:58.670110031+00:00 DEBUG 🐛 [debug]: decided upon suite TLS13_AES_256_GCM_SHA384 | log.target: "rustls::server::hs" | log.module_path: "rustls::server::hs" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.20.9/src/server/hs.rs" | log.line: 382 lldap_1 | 2025-01-31T22:57:58.673276606+00:00 DEBUG HTTP request [ 11.9µs | 100.00% ] method: "GET" | uri: "/health" lldap_1 | 2025-01-31T22:57:58.673289519+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:57:58.673346937+00:00 INFO i [info]: LDAP session end: 3536640e-fe58-4852-ba0f-c9ba0a1f775b lldap_1 | 2025-01-31T22:57:58.673958187+00:00 INFO i [info]: LDAP session start: 4e7a2956-d846-4a55-9a9e-ad13174c58e6 lldap_1 | 2025-01-31T22:57:58.674002817+00:00 INFO LDAP request [ 231µs | 100.00% ] session_id: 4e7a2956-d846-4a55-9a9e-ad13174c58e6 lldap_1 | 2025-01-31T22:57:58.674033789+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } lldap_1 | 2025-01-31T22:57:58.674037012+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request lldap_1 | 2025-01-31T22:57:58.674060500+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] }) lldap_1 | 2025-01-31T22:57:58.674211793+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap_1 | 2025-01-31T22:57:58.715513806+00:00 INFO i [info]: LDAP session end: 4e7a2956-d846-4a55-9a9e-ad13174c58e6 lldap_1 | 2025-01-31T22:58:11.009709747+00:00 DEBUG HTTP request [ 1.31ms | 11.02% / 100.00% ] method: "POST" | uri: "/auth/opaque/login/start" lldap_1 | 2025-01-31T22:58:11.009769975+00:00 DEBUG ┝━ opaque_login_start [ 1.17ms | 1.58% / 88.98% ] lldap_1 | 2025-01-31T22:58:11.009823397+00:00 DEBUG │ ┕━ login_start [ 1.15ms | 60.98% / 87.39% ] lldap_1 | 2025-01-31T22:58:11.009828310+00:00 INFO │ ┝━ i [info]: OPAQUE login attempt for "admin" lldap_1 | 2025-01-31T22:58:11.009832341+00:00 DEBUG │ ┕━ get_password_file_for_user [ 347µs | 26.42% ] user_id: "admin" lldap_1 | 2025-01-31T22:58:11.011290679+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:58:28.896590970+00:00 INFO i [info]: LDAP session start: 18376015-77b3-4bf1-9ab3-b8a9141fad03 lldap_1 | 2025-01-31T22:58:28.896687938+00:00 INFO LDAP request [ 235µs | 100.00% ] session_id: 18376015-77b3-4bf1-9ab3-b8a9141fad03 lldap_1 | 2025-01-31T22:58:28.896726730+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } lldap_1 | 2025-01-31T22:58:28.896732883+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request lldap_1 | 2025-01-31T22:58:28.896780636+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] }) lldap_1 | 2025-01-31T22:58:28.896867778+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap_1 | 2025-01-31T22:58:28.897068201+00:00 DEBUG 🐛 [debug]: decided upon suite TLS13_AES_256_GCM_SHA384 | log.target: "rustls::server::hs" | log.module_path: "rustls::server::hs" | log.file: "/__w/lldap/lldap/${GITHUB_WORKSPACE}/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.20.9/src/server/hs.rs" | log.line: 382 lldap_1 | 2025-01-31T22:58:28.901469782+00:00 DEBUG HTTP request [ 15.7µs | 100.00% ] method: "GET" | uri: "/health" lldap_1 | 2025-01-31T22:58:28.901487302+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 200 lldap_1 | 2025-01-31T22:58:28.901568250+00:00 INFO i [info]: LDAP session end: 18376015-77b3-4bf1-9ab3-b8a9141fad03 lldap_1 | 2025-01-31T22:58:28.902277089+00:00 INFO i [info]: LDAP session start: bfadba50-65c5-497e-bc18-574758f03471 lldap_1 | 2025-01-31T22:58:28.902334515+00:00 INFO LDAP request [ 239µs | 100.00% ] session_id: bfadba50-65c5-497e-bc18-574758f03471 lldap_1 | 2025-01-31T22:58:28.902370487+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } lldap_1 | 2025-01-31T22:58:28.902375266+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request lldap_1 | 2025-01-31T22:58:28.902400083+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: ["top"] }, LdapPartialAttribute { atype: "vendorName", vals: ["LLDAP"] }, LdapPartialAttribute { atype: "vendorVersion", vals: ["lldap_0.6.1"] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: ["3"] }, LdapPartialAttribute { atype: "supportedExtension", vals: ["1.3.6.1.4.1.4203.1.11.1"] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: ["1.3.6.1.4.1.4203.1.5.1"] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "namingContexts", vals: ["dc=example,dc=com"] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: ["false"] }] }) lldap_1 | 2025-01-31T22:58:28.902546195+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap_1 | 2025-01-31T22:58:28.943597269+00:00 INFO i [info]: LDAP session end: bfadba50-65c5-497e-bc18-574758f03471 ``` **Additional context** I've tried setting the password, not setting the password, forcing the password reset, and deleting the user db.
kerem closed this issue 2026-02-27 08:17:04 +03:00
kerem commented 2026-02-27 08:17:05 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Feb 3, 2025):

What was the issue? I try to make the error messages as explicit as possible, it's always good to hear about new failure cases (even PEBCAK)

<!-- gh-comment-id:2631998781 --> @nitnelave commented on GitHub (Feb 3, 2025): What was the issue? I try to make the error messages as explicit as possible, it's always good to hear about new failure cases (even PEBCAK)
kerem commented 2026-02-27 08:17:05 +03:00
Author
Owner
Copy link

@crypticscribe commented on GitHub (Feb 4, 2025):

The error messages and logs were great. I only saw the issue because the logs were so verbose. The issue was the ldap_base_dn wasn't correct in lldap_config on my volume. Since it was a misconfiguration everything was functioning as it should, so login failed, but no errors were thrown. I only saw it after posting this and seeing all the logs and config files at once. I assume base_dn was the last thing I changed in ldap_config and I forgot to save it before copying it, since everything else copied over to the volume fine. After changing that to the correct base_dn everything is working now.

<!-- gh-comment-id:2635041150 --> @crypticscribe commented on GitHub (Feb 4, 2025): The error messages and logs were great. I only saw the issue because the logs were so verbose. The issue was the ldap_base_dn wasn't correct in lldap_config on my volume. Since it was a misconfiguration everything was functioning as it should, so login failed, but no errors were thrown. I only saw it after posting this and seeing all the logs and config files at once. I assume base_dn was the last thing I changed in ldap_config and I forgot to save it before copying it, since everything else copied over to the volume fine. After changing that to the correct base_dn everything is working now.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/github_actions/codecov/codecov-action-6
copilot/fix-equality-filters-list-attributes
dependabot/github_actions/docker/build-push-action-7
dependabot/github_actions/docker/metadata-action-6
dependabot/github_actions/docker/setup-buildx-action-4
dependabot/github_actions/docker/login-action-4
copilot/update-download-artifact-action
copilot/fix-opensuse-warnings
copilot/fix-1268
copilot/fix-727
copilot/fix-898
copilot/fix-1256
copilot/fix-1251
copilot/fix-1249
copilot/fix-1206
user-attribute-form
user-ui
group-ui
server-user-attribute-schema
crates
haveibeenpwned
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.0.1
Labels
Clear labels   
backend

   
blocked

   
bug

   
cleanup

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
frontend

   
github_actions

   
good first issue

   
help wanted

   
help wanted

   
integration

   
invalid

   
ldap

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
rust

   
rust

   
tests

   
wontfix
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/lldap-lldap#396
No description provided.