lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2019-10-24T05:31:05Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1979Second Factor question2019-10-24T05:31:05ZXIYI ZhuSecond Factor questionHello,
For Second Factor, is that possible to only enable it when the request comes from "External Network"? For example, if the request comes within 192.168.1.0/24, not second factor require. If the request comes from IP address other ...Hello,
For Second Factor, is that possible to only enable it when the request comes from "External Network"? For example, if the request comes within 192.168.1.0/24, not second factor require. If the request comes from IP address other than 192.168.1.0/24, present the second factor. Also, is Twilio SMS message support for second factor?
ThanksFAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1977Infinite redirection loop for CDA2019-10-21T14:31:24ZGhost UserInfinite redirection loop for CDA### Concerned version
Version: %2.0.6
Platform: (Nginx)
### Summary
When trying to set CDA I run into an infinite redirection loop. The CDA URL parameter does not seems to be detected.
- CDA is correctly activated in lemonLDAP's jso...### Concerned version
Version: %2.0.6
Platform: (Nginx)
### Summary
When trying to set CDA I run into an infinite redirection loop. The CDA URL parameter does not seems to be detected.
- CDA is correctly activated in lemonLDAP's json configuration.
- Aliases are setted in lemonLDAP's json configuration.
- Cookie forward directives are setted in nginx configuration.
You can try it here: https://flap-demo.duckdns.org with user `lemon` and password `lemonLDAP` by going to https://flap-demo2.duckdns.org
### Logs
Here are the log I get from nginx and lemonLDAP:
```
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [info] Session 645f67151468cebc8ef69f2434da8cf822cb367b08c7691750891c3a45c3f127 can't be retrieved
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/File.pm line 98.
lemon_1 |
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [debug] Build URL https://flap-demo2.duckdns.org/
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [debug] Redirect 88.181.226.50 to portal (url was /)
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET / HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET / HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET / HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] Get session bf5d1f990f576293271497f1d4caea7c1998d13fea27d729e25d7b922b4b299e from Handler internal cache
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] auth.flap-demo.duckdns.org: Apply default rule
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] removing cookie
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] Cookies -> hibext_instdsigdipv2=1; flap-logged=true; llnglanguage=en; flap-sso=bf5d1f990f576293271497f1d4caea7c1998d13fea27d729e25d7b922b4b299e
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] CookieName -> flap-sso
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] newCookies -> hibext_instdsigdipv2=1; flap-logged=true; llnglanguage=en;
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] User lemon was granted to access to /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw==
nginx_1 | 88.181.226.50 - -@auth.flap-demo.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw== HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - -@auth.flap-demo.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw== HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - -@auth.flap-demo.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw== HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [info] Session 645f67151468cebc8ef69f2434da8cf822cb367b08c7691750891c3a45c3f127 can't be retrieved
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/File.pm line 98.
lemon_1 |
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [debug] Build URL https://flap-demo2.duckdns.org/?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [debug] Redirect 88.181.226.50 to portal (url was /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a)
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
...
```FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1971LDAP initialization error: Connection reset by peer2019-10-09T16:27:36ZFrancois-Xavier MIOTLDAP initialization error: Connection reset by peer### Concerned version
Version: %"2.0.6"
Platform: (Apache)
### Summary
Summarize the bug encountered concisely
I'm using Lemonldap on version 1.9.18 in production and i'm installing the new version in Pre Production. I'm using the ...### Concerned version
Version: %"2.0.6"
Platform: (Apache)
### Summary
Summarize the bug encountered concisely
I'm using Lemonldap on version 1.9.18 in production and i'm installing the new version in Pre Production. I'm using the same Active Directory for the old and the new plateform. With a fresh install with AD authentication i have an error on the portal page :
Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded. Configuration unchanged, get configuration from cache.)
in the log I can see AD authentication error and on my AD server I have this error :
> Une demande de connexion TLS 1.2 a été reçue à partir d’une application cliente distante, mais aucune des suites de chiffrement prises en charge par l’application cliente n’est prise en charge par le serveur. La demande de connexion SSL a échoué.
I can find on google information about 512 certificate :
https://blogs.technet.microsoft.com/silvana/2014/03/14/schannel-errors-on-scom-agent/
But after applying the microsoft patch I have the same error for authentication AD.
### Logs
```
==> /var/log/apache2/error.log <==
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Logger Lemonldap::NG::Common::Logger::Std loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] User logger Lemonldap::NG::Common::Logger::Std loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Get configuration 7
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [info] Loading configuration 7 for process 7287
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls defaultValuesInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls jailInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls portalInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls locationRulesInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls sessionStorageInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls headersInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls postUrlInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls aliasInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Launching Lemonldap::NG::Portal::Main->reloadConf(conf)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Initialized CSP headers : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Initialized CORS headers : Access-Control-Allow-Origin;*;Access-Control-Allow-Credentials;true;Access-Control-Allow-Headers;*;Access-Control-Allow-Methods;POST,GET;Access-Control-Expose-Headers;*;Access-Control-Max-Age;86400;
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Main::Menu loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Main::Menu initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Auth::AD loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization error: Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization has failed, but let's continue
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] LDAP Search base: dc=domain,dc=loc
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] LDAP transformed filter: (&(sAMAccountName=".$req->{user}.")(objectClass=person))
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Auth::AD initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::UserDB::AD loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization error: Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization has failed, but let's continue
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] LDAP Search base: dc=domain,dc=loc
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] LDAP transformed filter: (&(sAMAccountName=".$req->{user}.")(objectClass=person))
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::UserDB::AD initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::2F::Engines::Default loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking utotp2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking totp2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking u2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking rest2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking mail2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking ext2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking yubikey2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking radius2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking totp2fSelfRegistration
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking u2fSelfRegistration
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking yubikey2fSelfRegistration
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Processing Extra 2F modules
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::2F::Engines::Default initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::Notifications loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring unauth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route notifback added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route notifback added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route notifback added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Lib::Notifications::JSON loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Found endAuth entry point:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> checkNotifDuringAuth
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::Notifications initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::History loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Found endAuth entry point:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> run
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::History initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::GrantSession loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Found afterData entry point:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> run
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::GrantSession initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::Upgrade loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route upgradesession added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route upgradesession added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::Upgrade initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::AutoSignin loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Found beforeAuth entry point:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> check
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::AutoSignin initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::RESTServer loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add DELETE route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route : added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add PUT route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route : added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::RESTServer initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Password::AD loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization error: Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error]
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] [error]
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring unauth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add PUT route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add DELETE route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add PUT route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add DELETE route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Underlying object can't load conf (Lemonldap::NG::Portal::Main->reloadConf)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [warn] [anonymous] Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] [warn] [anonymous] Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Error 500: Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.)
```
I'm using this line for connexion : ldaps://xxx.xxx.xx.x
### Backends used
For any bug on configuration/sessions storage, give us details on backends
### Possible fixes
Thanks for your help and i hope it's not a misconfiguration. I repeat for information my production plateform with old stable work without problem with this Domain Controller.FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1970unable to have a authentication Combination of Kerberos and AD and other Things2019-10-08T08:15:47ZVincent Filali-Ansaryunable to have a authentication Combination of Kerberos and AD and other Things### Concerned version
Version: %2.0.6
Platform: Nginx
### Summary
an error appears because it misses the module Lemonldap::NG::Portal::USERDB::Kerberos when i try to auth from kerberos
### Logs
```
Oct 4 12:31:46 citron LLNG[8809]...### Concerned version
Version: %2.0.6
Platform: Nginx
### Summary
an error appears because it misses the module Lemonldap::NG::Portal::USERDB::Kerberos when i try to auth from kerberos
### Logs
```
Oct 4 12:31:46 citron LLNG[8809]: [error] Lemonldap::NG::Portal::UserDB::Kerberos load error: Can't locate Lemonldap/NG/Portal/UserDB/Kerberos.pm in @INC (you may need to install the Lemonldap::NG::Portal::UserDB::Kerberos module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 134) line 1, <DATA> line 755.
Oct 4 12:31:46 citron LLNG[8809]: [error] Underlying object can't load conf (Lemonldap::NG::Portal::Main->reloadConf)
Oct 4 12:31:46 citron LLNG[8809]: [error] Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::RDBI loaded.
Configuration unchanged, get configuration from cache.)
Oct 4 12:31:46 citron LLNG[8809]: [error] Error 500: Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::RDBI loaded.
Configuration unchanged, get configuration from cache.)
```
### Backends used
i extract from the json configuration.
[lemonConf.json](/uploads/43291232253372d066f4484e19cd313e/lemonConf.json)
and the diff with another configuration working whit AD
```
< "authentication":"AD",
---
> "authentication":"Combination",
```
```
> "combModules":{
> "nAD":{
> "for":"0",
> "over":{},
> "type":"AD"
> },
> "nKerb":{
> "for":"0",
> "over":{},
> "type":"Kerberos"
> }
> },
> "combination":"[nKerb] or [nAD]",
```
```
> "demoExportedVars":{},
```
```
> "krbAuthnLevel":"3",
> "krbRemoveDomain":"1",
```
```
< "userDB":"AD",
---
> "userDB":"Same",
```
### Possible fixes
create the Lemonldap/NG/Portal/UserDB/Kerberos.pm ?
thanks for readingFAQClément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1951Captcha not working on CentOS 7 after ImageMagick upgrade2019-10-18T13:44:28ZClément OUDOTCaptcha not working on CentOS 7 after ImageMagick upgradeWe have an issue in CentOS with latest GD::Image and ImageMagick modules, the captcha size is always one character:
![image](/uploads/db4e0ff15b7be052cf4dde6e6485de42/image.png)
```
[root@kptn-centos7 ~]# rpm -qa | grep -i magic
ImageM...We have an issue in CentOS with latest GD::Image and ImageMagick modules, the captcha size is always one character:
![image](/uploads/db4e0ff15b7be052cf4dde6e6485de42/image.png)
```
[root@kptn-centos7 ~]# rpm -qa | grep -i magic
ImageMagick-6.7.8.9-18.el7.x86_64
perl-Variable-Magic-0.54-2.el7.x86_64
ImageMagick-perl-6.7.8.9-18.el7.x86_64
```
I don't have this issue on Ubuntu, with these versions:
```
root@llng-site:~# dpkg -l | grep -i magick
ii imagemagick-6-common 8:6.9.7.4+dfsg-11+deb9u7 all image manipulation programs -- infrastructure
ii libimage-magick-perl 8:6.9.7.4+dfsg-11+deb9u7 all Perl interface to the ImageMagick graphics routines
ii libimage-magick-q16-perl 8:6.9.7.4+dfsg-11+deb9u7 amd64 Perl interface to the ImageMagick graphics routines -- Q16 version
ii libmagickcore-6.q16-3:amd64 8:6.9.7.4+dfsg-11+deb9u7 amd64 low-level image manipulation library -- quantum depth Q16
ii libmagickwand-6.q16-3:amd64 8:6.9.7.4+dfsg-11+deb9u7 amd64 image manipulation library -- quantum depth Q16
ii php-imagick
```
A workaround is to disable ImageMagick for Captcha :
```
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm
index c4ee4ee1b..5304528b8 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm
@@ -1,7 +1,7 @@
package Lemonldap::NG::Portal::Lib::Captcha;
use strict;
-use GD::SecurityImage use_magick => 1;
+use GD::SecurityImage use_magick => 0;
use Mouse;
use MIME::Base64;
```
But the result is not as good as with ImageMagick.FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1950AuthBasic handler2019-11-14T15:31:27ZDaniel BerteaudAuthBasic handlerI was running LL::NG 2.0.5 on CentOS 7, using nginx. All components (handler, portal, manager) are running on the same server. One of my vhost is using AuthBasic handler (defined in the vhost options in LL::NG and with "fastcgi_param VHO...I was running LL::NG 2.0.5 on CentOS 7, using nginx. All components (handler, portal, manager) are running on the same server. One of my vhost is using AuthBasic handler (defined in the vhost options in LL::NG and with "fastcgi_param VHOSTTYPE AuthBasic;" in nginx config
Everything was working great, but broke after upgrading to LL::NG 2.0.6
Now, when I try to login, I'm presented the basic auth prompt, but auth is rejected. In server's log, I have
```
sept. 25 12:54:02 proxyin2 llng-fastcgi-server[2078]: [Wed Sep 25 12:54:02 2019] [LLNG:2080] [info] Session b2bb2cd242b4e17f48e175910cXXXXXXXXXXXXXXX can't be retrieved
sept. 25 12:54:02 proxyin2 llng-fastcgi-server[2078]: [Wed Sep 25 12:54:02 2019] [LLNG:2080] [info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/vendor_perl/Apache/Session/Store/DBI.pm line 93.
sept. 25 12:54:02 proxyin2 llng-fastcgi-server[2078]: [Wed Sep 25 12:54:02 2019] [LLNG:2081] [info] No cookie found
sept. 25 12:54:02 proxyin2 LLNG[2081]: [error] Authentication tried without token
sept. 25 12:54:02 proxyin2 LLNG[2081]: [warn] [anonymous] Bad credentials
sept. 25 12:54:02 proxyin2 LLNG[2081]: [notice] Error 401: Bad credentials
sept. 25 12:54:02 proxyin2 llng-fastcgi-server[2078]: [Wed Sep 25 12:54:02 2019] [LLNG:2080] [warn] Authentication failed for dani: 401 Unauthorized
```
The only change I made in the config was updating the _whatToTrace macro to force lower case ID. But reverting this has no efectFAQChristophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1940Use session array values in access rules2019-11-20T16:07:44ZHeinz MayerUse session array values in access rulesI use LemonLdap with a Keycloak as OpenID Connect IDP ( LemonLDAP Version 2.0.5)
I pass groups as a claim from Keycloak to LemonLdap
The groups are correctly stored in the LemonLDAP session
```
[debug] UserInfo received: {"sub":"e3c3...I use LemonLdap with a Keycloak as OpenID Connect IDP ( LemonLDAP Version 2.0.5)
I pass groups as a claim from Keycloak to LemonLdap
The groups are correctly stored in the LemonLDAP session
```
[debug] UserInfo received: {"sub":"e3c33ab5-4410-4a82-ad78-cd6284e17078","email_verified":false,"groups":["vccadmin","vccconnect"],"preferred_username":"heinz.mayer@mic-cust.com"}
[debug] Store ARRAY(0x4f64c38) in session key groups
[debug] Dump: $VAR1 = ['vccadmin','vccconnect'];
```
When I create a virtual host with a default access rule it doesn't work
```
$groups =~ /\bvccconnect\b/
```FAQClément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1872Error after adding handler DevOps to LemonLDAP NG 2.0.42020-01-14T12:53:19ZRida ALLAError after adding handler DevOps to LemonLDAP NG 2.0.4Hello,
Currently, I try to add the handler DevOps in my apache config :
`<VirtualHost ...>
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2::FCGIClient
PerlSetVar LLNG_SERVER 127.0.0.1:9090
PerlSetVar VHOSTT...Hello,
Currently, I try to add the handler DevOps in my apache config :
`<VirtualHost ...>
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2::FCGIClient
PerlSetVar LLNG_SERVER 127.0.0.1:9090
PerlSetVar VHOSTTYPE DevOps
PerlSetVar RULES_URL http://app.tld/rules.json
...
</VirtualHost>`
But I got this error in the logs file :
[perl:error] [pid 1611] [client 10.107.4.224:45124] connection breaked from server process? at /usr/share/perl5/vendor_perl/FCGI/Client/Connection.pm line 51.\n
Anyone could tell me some idea about this error plz?FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1871CSRF token causes scalability issues2020-01-14T12:53:26ZJulien LedouxCSRF token causes scalability issues### Concerned version
Version: %"2.0.5"
Platform: Docker/CentOS 7/Nginx/llng-fastcgi-server
### Summary
CSRF token causes scalability issues since its values doesn't seems to be stored in the backend cache but only in LLNG memory. W...### Concerned version
Version: %"2.0.5"
Platform: Docker/CentOS 7/Nginx/llng-fastcgi-server
### Summary
CSRF token causes scalability issues since its values doesn't seems to be stored in the backend cache but only in LLNG memory. When trying to run multiples instances of dockerized LLNG behind a load balancer, most of the time you won't be able to log in because CSRF token value changes regarding the instance you've been routed to.
### Backends used
Redis cache
### Possible fixes
Store CSRF token values in backend cacheFAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1817Unable to install on Debian if Apache2 is already installed2019-06-25T14:12:06ZClément OUDOTUnable to install on Debian if Apache2 is already installedWhen installing LL::NG packages on Debian, where apache2 is already installed, we have this error:
```
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl ...When installing LL::NG packages on Debian, where apache2 is already installed, we have this error:
```
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
invoke-rc.d: initscript nginx, action "start" failed.
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2019-06-25 15:40:46 CEST; 9ms ago
Docs: man:nginx(8)
Process: 6662 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Process: 6660 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
juin 25 15:40:44 pts2019 nginx[6662]: nginx: [emerg] listen() to [::]:80, backlog 511 failed (98: Address already in use)
juin 25 15:40:45 pts2019 nginx[6662]: nginx: [emerg] listen() to 0.0.0.0:80, backlog 511 failed (98: Address already in use)
juin 25 15:40:45 pts2019 nginx[6662]: nginx: [emerg] listen() to [::]:80, backlog 511 failed (98: Address already in use)
juin 25 15:40:45 pts2019 nginx[6662]: nginx: [emerg] listen() to 0.0.0.0:80, backlog 511 failed (98: Address already in use)
juin 25 15:40:45 pts2019 nginx[6662]: nginx: [emerg] listen() to [::]:80, backlog 511 failed (98: Address already in use)
juin 25 15:40:46 pts2019 nginx[6662]: nginx: [emerg] still could not bind()
juin 25 15:40:46 pts2019 systemd[1]: nginx.service: Control process exited, code=exited status=1
juin 25 15:40:46 pts2019 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
juin 25 15:40:46 pts2019 systemd[1]: nginx.service: Unit entered failed state.
juin 25 15:40:46 pts2019 systemd[1]: nginx.service: Failed with result 'exit-code'.
dpkg: erreur de traitement du paquet nginx-extras (--configure) :
le sous-processus script post-installation installé a retourné une erreur de sortie d'état 1
...
Paramétrage de lemonldap-ng-fastcgi-server (2.0.4-1) ...
Created symlink /etc/systemd/system/llng-fastcgi-server.service → /lib/systemd/system/lemonldap-ng-fastcgi-server.service.
Created symlink /etc/systemd/system/multi-user.target.wants/lemonldap-ng-fastcgi-server.service → /lib/systemd/system/lemonldap-ng-fastcgi-server.service.
...
Des erreurs ont été rencontrées pendant l'exécution :
nginx-extras
E: Sub-process /usr/bin/dpkg returned an error code (1)
```
The nginx dependency should not be activated if apache2 is already installed.FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1804LemonLDAP installation on CentOS7 with yum all nginx.conf files missing2019-06-19T06:06:08ZMichael GoldfingerLemonLDAP installation on CentOS7 with yum all nginx.conf files missing### Concerned version
Version: %"2.0.4"
Platform: Nginx
### Summary
nginx config files missing
After installing lemonldap with yum there are no config files for nginx in the hole file system.
Checked with: find / -name "*nginx.conf"
...### Concerned version
Version: %"2.0.4"
Platform: Nginx
### Summary
nginx config files missing
After installing lemonldap with yum there are no config files for nginx in the hole file system.
Checked with: find / -name "*nginx.conf"
Therefore the steps in https://lemonldap-ng.org/documentation/latest/confignginx do not generate valid symlinks
The folder /etc/lemonldap-ng only holds one file -> lemonldap-ng.ini
/usr/local/lemonldap-ng/etc/ do not exists after yum installation.
### Possible fixes
Add the config files in the rpm package provided by the yum repository.FAQClément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1751Deal with SAML IDP without SLO endpoint2019-09-17T18:43:41ZAlexandre LINTEDeal with SAML IDP without SLO endpoint### Concerned version
Version: 2.0.2
Platform: Nginx
### Summary
Error displayed on lemonldap if an IDP doesn't have an SLO endpoint.
### Possible fixes
Same issue already fixed for SP.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-...### Concerned version
Version: 2.0.2
Platform: Nginx
### Summary
Error displayed on lemonldap if an IDP doesn't have an SLO endpoint.
### Possible fixes
Same issue already fixed for SP.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1047FAQClément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1626Combination Module shouldn't force "Same"2019-02-06T21:52:57ZChristian BayleCombination Module shouldn't force "Same"When using combination module, you are obliged to use "Same" for the UserDB module
in /usr/share/perl5/Lemonldap/NG/Manager/Conf/Tests.pm
```
# Check Combination parameters
combinationParameters => sub {
retur...When using combination module, you are obliged to use "Same" for the UserDB module
in /usr/share/perl5/Lemonldap/NG/Manager/Conf/Tests.pm
```
# Check Combination parameters
combinationParameters => sub {
return 1 unless ( $conf->{authentication} eq "Combination" );
return ( 0, "Combination rule must be defined" )
unless ( $conf->{combination} );
return ( 0, 'userDB must be set to "Same" to enable Combination' )
unless ( $conf->{userDB} eq "Same" );
# Return
return 1;
},
```
but in case of OpenIdc, Kerberos you may use LDAP, in case of REST you may use 'None' as described in
https://manager.diod.orange.com/doc/pages/documentation/current/authrest.html :
To have just one call, you can only set REST authentication, set datas in “info” key response and set Null as User Database.
When I comment
```
return ( 0, 'userDB must be set to "Same" to enable Combination' )
unless ( $conf->{userDB} eq "Same" );
```
Everythings works fine for me, I think the test should force "Same" only in proper cases:
* Should allow LDAP, for OpenIdc, Kerberos, REST authentication modules
* Should allow None, for REST authentication module
CheersFAQYaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1581Documentation related to Proxy2018-12-21T05:34:02ZMathieu Lecompte-melançonDocumentation related to ProxyHi the documentation related to Proxy seem incomplet:
https://lemonldap-ng.org/documentation/2.0/authproxy
First, in the manager Proxy is not appear as a choice for auth and user as described in docs.
And maybe more usable to provide...Hi the documentation related to Proxy seem incomplet:
https://lemonldap-ng.org/documentation/2.0/authproxy
First, in the manager Proxy is not appear as a choice for auth and user as described in docs.
And maybe more usable to provide a sample of overloading in .ini with the right parameters name
In 1.9 I have set for soap:
```
authentication = Proxy
userDB = Proxy
soapAuthService = https://auth.interne.urgences-sante.qc.ca/
```FAQClément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1571Issue with sessions in MongoDB2019-05-16T00:20:21ZMathieu Lecompte-melançonIssue with sessions in MongoDB### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
Switching Session and persistant session from File to mongo not working
Configuration in ini
```
[portal]
globalStorage = Apache::Session::MongoDB
globalStorageOpti...### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
Switching Session and persistant session from File to mongo not working
Configuration in ini
```
[portal]
globalStorage = Apache::Session::MongoDB
globalStorageOptions = { 'collection' => 'sessions', 'connect_timeout' => '10000', 'db_name' => 'llng_db', 'host' => 'mongodb://lemonldap_1.bd.interne.urgences-sante.qc.ca:27017,lemonldap_2.bd.interne.urgences-sante.qc.ca:27017,lemonldap_3.bd.interne.urgences-sante.qc.ca:27017', 'ssl' => '0', 'dbName' => 'llng_db', 'username' => 'lol', 'password' => 'tulesaurapas', 'connect_timeout_ms' => '3000', 'read_pref_mode' => 'primaryPreferred', 'replica_set_name' => 'rs0', 'w' => '1', 'wtimeout' => '3000' }
persistentStorage = Apache::Session::MongoDB
persistentStorageOptions = { 'collection' => 'sessions_persistent', 'connect_timeout' => '10000', 'db_name' => 'llng_db', 'host' => 'mongodb://lemonldap_1.bd.interne.urgences-sante.qc.ca:27017,lemonldap_2.bd.interne.urgences-sante.qc.ca:27017,lemonldap_3.bd.interne.urgences-sante.qc.ca:27017', 'ssl' => '0', 'dbName' => 'llng_db', 'username' => 'lol', 'password' => 'tulesaurapas', 'connect_timeout_ms' => '3000', 'read_pref_mode' => 'primaryPreferred', 'replica_set_name' => 'rs0', 'w' => '1', 'wtimeout' => '3000' }
```
i confirm in Mongo that the data is correctly writed...
In manager portal, the configuration was not changed and still refere to File. But the idea is to switch in the INI, make it's work and configure SOAP in manager for DMZ portal
When i try to log in, i get this message: Your connection has expired, you must authenticate once again
### Logs
```
Dec 4 11:44:48 srv-pr-nginxv2 LLNG[1515]: Session 4ec020c47dbcd647db1e5a8f13670c0e can't be retrieved
Dec 4 11:44:48 srv-pr-nginxv2 LLNG[1515]: Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/vendor_perl/Apache/Session/Store/File.pm line 98.
```
### Backends used
For any bug on configuration/sessions storage, give us details on backends
### Possible fixesFAQYaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1563Auto Signin Addon - Section not present in manager...2018-12-01T14:06:44ZMathieu Lecompte-melançonAuto Signin Addon - Section not present in manager...### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
I haven't found where to configure the Auto-Signin addon in manager. Was easy to found in Beta but that not seem present in the final release.
### Logs
```
NA
```
...### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
I haven't found where to configure the Auto-Signin addon in manager. Was easy to found in Beta but that not seem present in the final release.
### Logs
```
NA
```
### Backends used
NA
### Possible fixesFAQChristophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1548FastCGI sent in stderr: "Can't locate CGI/Emulate/PSGI.pm in @INC2020-01-14T12:56:18ZFrederic LOUIFastCGI sent in stderr: "Can't locate CGI/Emulate/PSGI.pm in @INC### Concerned version
Version: %X.X.X
Platform: (Nginx/Apache/Node.js)
The platform used in :[lemonldap-ng-controller](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller)
I also just in case opened a bug here in github:...### Concerned version
Version: %X.X.X
Platform: (Nginx/Apache/Node.js)
The platform used in :[lemonldap-ng-controller](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller)
I also just in case opened a bug here in github: [Issue #5](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller/issues/75)
### Summary
I followed the documentation using generic install.
In order to modify the yaml file too much, I created a "ingress-nginx" namespace in my K8s cluster.
I installed an instance of ingress-nginx using helm. I change the configmap and the deployment name in the yaml file.
I kept the "example.org" domain and tried to connect to http://manager.example.org
I'm redirected to http://auth.example.org/?url=aHR0cDovL21hbmFnZXIuZXhhbXBsZS5vcmcv
With an Internal Server Error.
GOAL: "Simply" install lemonldap-ng as a side container to NGINX-INGRESS controller and use the default File type backend and default domain example.org defined [here](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller/blob/master/deploy/README.md).
### Logs
Sorry for the short log, but this is only what I can get as I'm constrained in a very isolated VPN in my IaaS environment.
```
...
FastCGI sent in stderr: "Can't locate CGI/Emulate/PSGI.pm in @INC ...
...
```
### Backends used
As a first approach, I only tried to use the default backend which is the "File" backend type.
### Possible fixes
This error is characteristic from Perl not finding the right lib in the perl path. But as the script seems to be mature I was just wondering where we could find CGI/Emulate/PSGI.pm ? Adding modification is not so straightforward as we are using container so before completing the container I was justwondering is someting is missing ? In which package is included the file llng-fastcgi-server ?
In the container llng-ingress-controller, the file in path CGI/Emulate/PSGI.pm cannot be found but I don't see any explicit "perl require". (but my perl skills are limited)
Last but not least: Sorry if I opened a ticket in the wrong "forge" I opened a ticket in github first but troubleshooting steps led to llng-fastcgi-server that is in this repo;. :-) So apology.
Thanks for your potential help !
FredericFAQYaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1472Duo Finds SAML Vulnerabilities Affecting Multiple Implementations. LemonLDAP ...2018-07-09T16:07:31ZMathieu ParentDuo Finds SAML Vulnerabilities Affecting Multiple Implementations. LemonLDAP too ?As I don't understand this blog post I put it here because llng may be affected:
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementationsAs I don't understand this blog post I put it here because llng may be affected:
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementationsFAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1433Encoding problems with custom mail_password.tpl2018-05-25T12:44:27ZStéphane LiabatEncoding problems with custom mail_password.tpl### Concerned version
Version: 1.9.14
Platform: Apache, centOS 7
### Summary
J'ai modifié un fichier template : mail_password.tpl
Avec du simple texte, et l'envoi de mail lors de l'appel de ce template, plante.
[mail_password.tpl](/u...### Concerned version
Version: 1.9.14
Platform: Apache, centOS 7
### Summary
J'ai modifié un fichier template : mail_password.tpl
Avec du simple texte, et l'envoi de mail lors de l'appel de ce template, plante.
[mail_password.tpl](/uploads/b114720d5bb2af2b9133c20e06ca6c60/mail_password.tpl)[mail_password.tpl](/uploads/97caa72139a178fbfd6dd39bd61a41e7/mail_password.tpl)
### Logs
```
[Wed May 23 14:30:29.783171 2018] [perl:debug] [pid 42486] CGI.pm(115): Lemonldap::NG::Portal::MailReset: Update sessionInfo _password with password
[Wed May 23 14:30:29.783203 2018] [perl:debug] [pid 42486] CGI.pm(115): Lemonldap::NG::Portal::MailReset: Try to get SSO session b7d502cd321e4b786c168ed7cb2dee99
[Wed May 23 14:30:29.790458 2018] [perl:debug] [pid 42486] CGI.pm(115): Lemonldap::NG::Portal::MailReset: Return SSO session b7d502cd321e4b786c168ed7cb2dee99
[Wed May 23 14:30:29.814910 2018] [perl:debug] [pid 42486] CGI.pm(115): Lemonldap::NG::Portal::MailReset: processing to sub sendPasswordMail
[Wed May 23 14:30:29.822727 2018] [:error] [pid 42486] Cannot decode string with wide characters at /usr/lib64/perl5/vendor_perl/Encode.pm line 176.\n
```FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1421Apache::Session module failed2018-05-14T12:16:38ZSORE AbdoulayeApache::Session module failed### Concerned version
Version: 2.0
### Summary
Hello,
After a fresh installation of LemonlDAP::NG 2.0 on CentOs7, we get **Apache::Session module failed** on portal, while trying to login.
In apache2 error_log file, we have permission...### Concerned version
Version: 2.0
### Summary
Hello,
After a fresh installation of LemonlDAP::NG 2.0 on CentOs7, we get **Apache::Session module failed** on portal, while trying to login.
In apache2 error_log file, we have permission denied error on directories that belong to apache, though, we gave the rights and these directories to the user apache.
When we connect to the system as user apache we are able to create files in these directories.
### Logs
```
(in cleanup) Could not open file (/usr/local/lemonldap-ng/data/psessions/lock/Apache-Session-5efe8af397fc3577e05b483aca964f1b.lock) for writing: Permission denied at /usr/share/perl5/vendor_perl/Apache/Session/Lock/File.pm line 75.
(in cleanup) Could not open file (/usr/local/lemonldap-ng/data/psessions/lock/Apache-Session-5efe8af397fc3577e05b483aca964f1b.lock) for writing: Permission denied at /usr/share/perl5/vendor_perl/Apache/Session/Lock/File.pm line 75.
(in cleanup) Could not open file (/usr/local/lemonldap-ng/data/sessions/lock/Apache-Session-1d34d88188bc69134ed362db7ae5f21f0d08ea1c7e2720e8ffc277c5ce643713.lock) for writing: Permission denied at /usr/share/perl5/vendor_perl/Apache/Session/Lock/File.pm line 75.
[error] Session cannot be tied: Could not open file (/usr/local/lemonldap-ng/data/sessions/lock/Apache-Session-1d34d88188bc69134ed362db7ae5f21f0d08ea1c7e2720e8ffc277c5ce643713.lock) for writing: Permission denied at /usr/share/perl5/vendor_perl/Apache/Session/Lock/File.pm line 75.
```
### Backends used
Let by default.FAQ