Hi, it’s me again with a new problem.
We are trying to set up a new Seafile server (pro)(11.0.16) that performs user authentication with LDAP. I seem to be missing something here, because I can’t get it to run. Funny thing is, I had it running before I came across the S3 bug (thanks for the fix). But I had discarded the config because I thought “I can quickly set it up again when the S3 bug is fixed” and discarded the vServer. At least that’s what I thought.
My seahub_settings.py:
ENABLE_LDAP = True
LDAP_SERVER_URL = 'ldap://192.168.103.55'
LDAP_BASE_DN = 'dc=ad,dc=domain,dc=de'
LDAP_ADMIN_DN = 'seafileserver@ad.domain.de'
LDAP_ADMIN_PASSWORD = 'password'
LDAP_PROVIDER = 'ldap'
LOGIN_ATTR = 'userPrincipalName'
LDAP_CONTACT_EMAIL_ATTR = 'mail'
LDAP_USER_ROLE_ATTR = ''
LDAP_USER_FIRST_NAME_ATTR = 'givenName'
LDAP_USER_LAST_NAME_ATTR = 'sn'
LDAP_USER_NAME_REVERSE = False
LDAP_FILTER = 'memberOf=CN=SeafileWeb,OU=01-Rechte,OU=domain.de,DC=ad,DC=domain,DC=de'
The error in the seahub.log when I open the LDAP user administration or try to log in::
2024-11-15 11:10:22,521 [ERROR] seahub.api2.endpoints.admin.users:950 get Failed to bind ldap server: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 11, 'ctrls': [], 'info': 'Resource temporarily unavailable'}
2024-11-15 11:10:22,522 [ERROR] django.request:241 log_response Internal Server Error: /api/v2.1/admin/ldap-users/
What i tried so far:
- I have replaced the LDAP_SERVER_URL with the FQDN
- I have added a slash after the IP/URL. As it was in the old config.
- I have tested another LDAP server (we have 3)
- I have tested LDAPs and also specified the port after the ip/fqdn :389/:636
- replaced the ADMIN_DN with the distinguishedName instead of the UPN
- Degraded the Docker container to version 11.0.7
- Replaced the entire server (the first was hosted with OpenVPN at Hetzner, the second is here in the house in the same network as one of the domain controllers)
- I used ldapsearch in the Seafile Docker container to test whether the connection could be established at all. The Answer is Yes, it works perfectly fine with the values from the configuration.
- If I run a manual sync (./pro/pro.py ldapsync) it works. So the basic configuration seems to be ok.
I also used Wireshark to check the incoming packets on one of the domain controllers. Seafile does not even try to resolve a name when I specify an FQDN, let alone try to establish a connection with Kerberos.
I suspect that something is wrong with my configuration, but it is copied 1:1 from the manual.
All other settings are stock as they are created when the Docker container is first created (I also tested Datamate’s image, no luck).
I would appreciate it if someone could help me find out exactly what the problem is.
Have a nice weekend
Andre