Greenlight OpenLDAP can not connect. Anybody have this working?

[vn...@yandex.com]

ADD TO DOC's 

Edit /etc/default/slapd

SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"

systemctl restart slapd

I tried this repeatedly with various walkthroughs around the web without success.  The docs are rather terse with a link to OpenLDAP, so I started with that.

OpenLDAP is running.  command line connects fine.

ie:   ldapsearch -h localhost -p 389 -D "cn=admin,dc=mydomain,dc=online" -w password -P 2 -u -Y

-h is the host, localhost can be replaced by 127.0.0.1, still works.

-p is the port, this is the default, but I specified it explicitly in the command line just to sure.

-D is the bind DN.

-w is the password, which is actually the password, HACK AWAY on localhost, I dare you! ;)

-P is the protocol version, 2 can be changed to P 3, still works..

-Z is tls.  I did not try it.

-ZZ is ssl. did not try it.as I do not want to fool with certs for 1 account.

Many guides refer to phpLDAPadmin, so I installed that too.  It connects to OpenLDAP without any problems. I can add a group (BBB Admin), and a user (me).

This with the exact same connection params as above.  literally cut and paste into the login for phpldapadmin.

I set up logging on openldap at level 384.  I truncate the log to size 0 and see nothing added to it after greenlight fails to connect.  it is not even trying!

ie:      truncate /var/log/slapd.log --size 0

tail /var/log/slapd.log -f

On to the greenlight part, here is my env file with the relevant ldap stuff.

from the docs

LDAP_SERVER=localhost

LDAP_PORT=389

LDAP_METHOD=plain

LDAP_UID=uid

LDAP_BASE='dc=myserver,dc=online'

LDAP_BIND_DN='cn=admin,dc=myserver,dc=online'

LDAP_PASSWORD=password

Anybody have this working?

[Joshua Arts]

Hmm... can you try a few things for me?

1) Remove the single quotes from LDAP_BASE and LDAP_BIND_DN (see https://groups.google.com/forum/#!topic/bigbluebutton-setup/oYEzz5_kows).

2) Try using the public OpenLDAP server at http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/

Are you using Docker? The problem could be that GreenLight is running inside a docker container (possibly within another container if you have your BBB server in one). localhost on your machine (if that's the localhost you're using) could be inaccessible from the container. If you can connect to the public OpenLDAP server, this is probably the case.

Josh

[vn...@yandex.com]

Ah, yes!  thanks for reminding me!  It is a truly a tragedy regarding the quality of the docs..  And I DID see the previous thread, with the minified image, demanding to be clicked to be read, with the embedded comment about that.

Increase discoverabilty please.  Just do it.  NOW.

Put the docs in markdown format into the github repository.  Let me issue pull requests to enhance.  Please!

And yes, I did that.  No quotes.  it still fails.  I am sure it is some stupid small thing.  The error messages are not good either, and the logging does not specify.  Sigh.  

Hey, look, I was MSFT consulting services till age 35, now I am 50 and wanting an easy life, hence the online english teaching.  Self hosted due to latency..

The error messages and logs need to clue us in.  Currently they do NOT.

The docs are not super informative.  Take us from a new Ubuntu to a working config.  

We do not have that.

I know this is work!  

Let us help you.  

Put the docs into github, with markdown.  I will issue pull requests on the parts that do not work.

Again, I did the msft stack for big $$$.  I did solaris in Uni, and some device drivers etc, but damn...  that was 1995!  It has been a while!  only 50 years old, but kids these days!  BAH!

[vn...@yandex.com]

killed the quotes..

as regarding #2, and #3 will try that in the morning, near 11pm now, so about done.

You shipped it as docker, so, It should work to some degree.  I can test it more.

But 127.0.0.1 should not break anywhere, right?  how can a container break tcpip?  This is fundamental, and seems impossible to me..  I went to the docker Hanoi conference, got the t-shirt, too, but ?!??  can this go wrong?

As to #2, public ldap.  Greenlight does not show in the logs local, not sure how hitting another server will get better.

post a usable set of env vars, and I will give it a go!  

not much bother with security, just want a single login to start a meeting.  server is a fixed cost, if somebody runs an un-scheduled meeting, OK, no prob.  guess they needed it!  :)

On Friday, August 11, 2017 at 9:15:58 PM UTC+7, Joshua Arts wrote:

[vn...@yandex.com]

I started playing with suggestion #1 below!
docker exec -i -t greenlight /bin/bash
ping localhost, works good.
ping 127.0.0.1 also works.


#2, I have a working ldap server local.. I will "apt-get install ldap-utils" inside the container!

and sure enough THAT is the problem!

root@21c55fd9eaa0:/usr/src/app#  ldapsearch -h localhost -p 389 -D "cn=admin,dc=mbaenglish,dc=online" -w password -P 2 -u

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Exact same command works outside docker!,

I can ping localhost, I think it must be the port.  I will punch a hole in the container and see if that helps.  The rest is just text stuffed into the local connection, but we need a connection..

On Friday, August 11, 2017 at 9:15:58 PM UTC+7, Joshua Arts wrote:

[vn...@yandex.com]

Would it make sense to install the full OpenLDAP server INSIDE the greenlight container?!?

I do not need or want LDAP for anything else..

[vn...@yandex.com]

The easiest way to get this working is to install this:

    https://github.com/osixia/docker-openldap

Then we do not need to worry about host ports, we simple let docker connect the containers..

The docs provide a link to OpenLDAP, but we can not connect to it from inside a container, because, uh, docker containers contain advanced containment tech to prevent exactly this!  ;)

port 389 is not super helpful either, being in the reserved range so I will run the openldap on 1389.

Then phpldapAdmin can connect to that port..