Active Directory - no error but infinite loading

vampywiz17 · December 12, 2024, 9:15am

Hello there,

I configure LDAP/AD auth and no error message, but if i test it with test user, it the website is infite load… no error or something. If i add a wrong username/password i got error message so seems that config are good.

vampywiz17 · December 12, 2024, 9:52am

ow i got threse

Test login failed. Error: LDAP: search failed(ec=39), LDAP remote: search failed Success 000004DC: LdapErr: DSID-0C090C77, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563

vampywiz17 · December 12, 2024, 2:07pm

OK, i found that the problem. Is need to use other LDAP port, 3268. now it working, but i want to use 3269 port. I add to the server the certificate and openssl s_client -connect server.local:3269 are able to connect, but urbackup not… i get these:

Test login failed. Error: LDAP: cannot bind(ec=38), LDAP local: bind ldap_result Can&#x27;t contact LDAP server

vampywiz17 · December 12, 2024, 2:19pm

The important thing is are use Docker Container, with modificated Image (only modification is that add certificate)

ARG DEBIAN=bullseye
FROM debian:${DEBIAN}

ARG DEBIAN=bullseye
ARG VERSION=2.5.33
ARG TARGETPLATFORM
ARG BTRFS
ARG ZFS

COPY company.crt /usr/local/share/ca-certificates/
COPY entrypoint.sh /usr/bin/

RUN apt-get update && apt-get install -y ca-certificates
RUN update-ca-certificates
RUN URL=https://hndl.urbackup.org/Server/${VERSION} && \
    case ${TARGETPLATFORM} in \
         "linux/amd64")  URL=$URL/urbackup-server_${VERSION}_amd64.deb  ;; \
         "linux/arm64")  URL=$URL/urbackup-server_${VERSION}_arm64.deb  ;; \
         "linux/arm/v7") URL=$URL/urbackup-server_${VERSION}_armhf.deb  ;; \
         "linux/386" | "linux/i386")   URL=$URL/debian/${DEBIAN}/urbackup-server_${VERSION}_i386.deb   ;; \
    esac \
    && dry="http://deb.debian.org/debian ${DEBIAN}-backports main contrib" \
    && echo "deb $dry\ndeb-src $dry" >/etc/apt/sources.list.d/${DEBIAN}-backports.list \
    && export DEBIAN_FRONTEND=noninteractive \
    && apt-get update \
    && apt-get install -y wget \
    && wget -q "$URL" -O /root/urbackup-server.deb \
    && apt-get remove -y wget \
    && apt-get autoremove -y \
    && echo "urbackup-server urbackup/backuppath string /backups" \
            | debconf-set-selections \
    && apt-get install -y --no-install-recommends \
            /root/urbackup-server.deb \
            ${BTRFS:+btrfs-progs} \
            ${ZFS:+zfsutils-linux} \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* \
            /etc/apt/sources.list.d/${DEBIAN}-backports.list \
            /root/urbackup-server.deb \
    && cp -R /usr/share/urbackup /web-backup \
    && chmod +x /usr/bin/entrypoint.sh

EXPOSE 55413
EXPOSE 55414
EXPOSE 55415

vampywiz17 · December 12, 2024, 3:42pm

Now i try do add these enviroment variable to Docker:

- LDAPTLS_CACERT=/var/urbackup/server.crt

After i install ldap-utils inside container (only for testing) and add these command:

ldapwhoami -x -H ldaps://hun10-06v.server.local:3269 -D "CN=nos_admin,OU=Admin_Accounts,OU=User,OU=Jassi_Rohu_1,DC=server,DC=local" -w "*"

It successfull! So now ldaps is working these container and use certificate (that store it in a ENV)

But unfortunately Urbackup are not working… Well seems the problem is that not enught to add ldaps port in web interface but need to do other code changes…

Edit:

Yes, the type of ldap are hard-coded here. urbackup_backend/urbackupserver/serverinterface/helper.cpp at 40c1731250eb729ca52d8431dc5fd82fc98b2c89 · uroni/urbackup_backend · GitHub

So it definetly need some changes in backend code and interface etc…

vampywiz17 · December 13, 2024, 7:31pm

I found a workaround. Name stunnel. It is made to handle these problem