-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missleading LDAP connection error at startup #4520
Comments
I also encountered this bug in the 2.0.0-rc.1 version of the arm64 architecture. # docker run --rm -p 9200:9200 -v /mnt/data/ocis/conf:/etc/ocis -v /mnt/data/ocis/data:/var/lib/ocis -e OCIS_INSECURE=true owncloud/ocis:2.0.0-rc.1-linux-arm64
{"level":"error","service":"graph","error":"LDAP Result Code 200 \"Network Error\": dial tcp 127.0.0.1:9235: connect: connection refused","time":"2022-11-07T03:16:58.610642615Z","message":"could not get ldap Connection"}
{"level":"error","service":"graph","error":"LDAP Result Code 200 \"Network Error\": dial tcp 127.0.0.1:9235: connect: connection refused","time":"2022-11-07T03:16:58.611041296Z","message":"autoconnect could not get ldap Connection"}
|
I am also getting this kind of error when starting up ocis without any specific LDAP configuration:
My enironment variables, which I am start a brand new ocis instance with:
I don't use LDAP and am not planning to, so it's very odd that LDAP is configured by default without any explanation of how to manage that. |
@altosys ocis starts a minimal user management service that implements LDAP called libregraph IDM so we only have to maintain one user backend implementation. That is why ldap is configured by default. We are trying to avoid reinventing the wheel when sth like openldap exists out there. On the other hand, we want to allow admins to just download ocis and run it without having to configure a gazillion of other services ocis depends on. The current default ocis build actually targets scale out deployments, which only makes sense when you actually plan to scale out. If the instance is going to run as a standalone service, e.g. in a docker container you should use completely different persistence options: plain json files instead of json persisted in a cs3 storage prvider. We are very busy with a large deployment, but personally, I'd like to change the default ocis build to run only in memory. No persistence. If you want that either you as the admin or a package maintainer has to make a choice of how to persist files, users, shares etc. |
Is there a simple workaround on this issue? I run into it everytime and can't get past this. |
@awkto Hm looking again a the exact error message you pasted I think you're hitting a different issue:
The service users fail to authenticate with the builtin LDAP server. Something might have go wrong when bootstrapping the installation. Can you try again with a clean environment (specifically after cleaning ocis data directory and re-running |
Describe the bug
We still sometimes have that annoying LDAP connection error at startup:
It is missleading and usually caused by some services (users, group, auth,graph) trying to connect to idm before it is actually up.
The text was updated successfully, but these errors were encountered: