LDAP Addon is not working with Plone6 Docker Setup

ck1337 · October 14, 2024, 6:55am

Hi,

I want to add the pas.plugins.ldap Addon to the backend container of my nginx-volto-plone Docker Setup.

When I add it via the ADDONS environment variable in the compose file, the container doesn't start, because of a missing dependency on plone.app.widgets:
ModuleNotFoundError: No module named 'plone.app.widgets

When I also add this addon, there is another dependency that cannot be met:
ImportError: cannot import name 'get_ajaxselect_options' from 'plone.app.widgets.utils' (unknown location)

Can someone tell me how to get the ldap Addon working? Maybe it doesn't really need the widgets Addon and i can comment this dependency out somewhere?

Any help is appreciated!

1letter · October 14, 2024, 7:52am

This happens when you are use the old dependencies of yafowil packages, you need

yafowil.plone==5.0.0a2
yafowil.bootstrap==2.0.0a1
yafowil.widget.array==2.0a1
yafowil.widget.dict==2.0a1

ck1337 · October 14, 2024, 1:53pm

Thank you!
Worked like a charm.

It took a while to get the configuration working, but now the LDAP Inspector shows the users and groups.
But somehow when I search for LDAP users in the Users tab, I don't get any results.

Do I need to enable the LDAP source somewhere?
I also cannot login with LDAP users.

1letter · October 14, 2024, 2:43pm

Have you enable "many users" and "many groups" in the registry?

ck1337 · October 14, 2024, 2:47pm

No. I tried enabling it -> same result.
The local users are displayed when its disabled and I can also search for those.

1letter · October 14, 2024, 3:28pm

Enable debug mode and disable memcache and take a look in the logfile. Perhaps more infos inside.

mtrebron · October 14, 2024, 3:52pm

Here is what works for us.

1letter · October 15, 2024, 5:18am

Perhaps the order of Authentication Plugins in the acl_user tool is wrong. Go to the ZMI and check the order in the different plugins e.g. User_enumeration, User_adder, Groups Plugins in /acl_users/plugins/manage_plugins

ck1337 · October 15, 2024, 7:14am

I enabled debug mode - where can I view the logfiles?

The plugin order seems right. The pasldap plugin is always on top of the active plugins.

1letter · October 15, 2024, 8:02am

normally the logfiles exists under var/client*/event.log or var/instance/instance.log or var/log/instance.log, depending on your configuration

ck1337 · October 15, 2024, 8:23am

Sorry, but I don't have any client or instance folders in the container.
Do I have to specify the location in the compose file or somewhere else?

RHiesgen · October 18, 2024, 11:52am

Are you using the official docker image? We had a problem with the trust store in version plone/plone-backend:6.0.11.1.

The plugin would not connect to our openldap server (which uses a Let's Encrypt cert) because it did not have the appropriate root certificate in its trust store. I got a current certificate store from Mozilla, added it to a folder in /app and exported LDAPTLS_CACERT. IIRC that fixed it for me.

ck1337 · October 21, 2024, 6:45am

Yes, I'm using the official images with the latest 6.0 release.
In our case it can connect, as I already mentioned, but in the 'Users' setting and in the 'Share' page I don't get any results when I search for any LDAP objects.

1letter · October 22, 2024, 9:04am

have you check this command: docker logs --follow ?

ck1337 · October 22, 2024, 11:34am

Yes. Here I only see the http requests, which look normal and are not really helpful.