Correct that LDAP client is not working on ElectricEel-24.10-RC.2?

lakeforest · October 27, 2024, 10:09am

I tried with two ldap servers - QNAP and LLDAP - and got the same result:

[EFAULT] 
Oct 10 17:12:26 systemd[1]: sssd.service - System Security Services Daemon was skipped because no trigger condition checks were met. 
..
Oct 12 18:22:26 systemd[1]: Starting sssd.service - System Security Services Daemon... 
Oct 12 18:22:26 sssd[3594189]: Starting up Oct 12 18:22:26 systemd[1]: sssd.service: Main process exited, code=exited, status=3/NOTIMPLEMENTED

awalkerix · October 27, 2024, 1:17pm

Nope. We’d need more information.

lakeforest · October 27, 2024, 4:21pm

Hello, thank you for the reply.

Truenas:

ElectricEel-24.10-RC.2

LDAP server/ client configurations:

QNAP LDAP server (latest version): Under Credentials/ Directory services/ Configure LDAP, I’ve provided address, base DN, bind DN, bind password as I did previously with authelia. No Advanced Options. Upon hitting “Enable”, the above error pops up.
LLDAP server (v0.5.0-alpine docker, see github): Very similar to QNAP

sssd configuration:

I am not sure, because there is no config file under /etc/sssd to be found.

$ sudo systemctl status sssd
× sssd.service - System Security Services Daemon
     Loaded: loaded (/lib/systemd/system/sssd.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Sun 2024-10-27 17:15:05 CET; 4min 16s ago
    Process: 964862 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=3)
   Main PID: 964862 (code=exited, status=3)
        CPU: 29ms

Oct 27 17:15:05 majestix systemd[1]: Starting sssd.service - System Security Services Daemon...
Oct 27 17:15:05 majestix sssd[964862]: Starting up
Oct 27 17:15:05 majestix systemd[1]: sssd.service: Main process exited, code=exited, status=3/NOTIMPLEMENTED
Oct 27 17:15:05 majestix systemd[1]: sssd.service: Failed with result 'exit-code'.
Oct 27 17:15:05 majestix systemd[1]: Failed to start sssd.service - System Security Services Daemon.

I am attaching the full traceback as provided by the ldap.update job (from most recent attempt with LLDAP server).
traceback.txt (7.8 KB)

What additional information would be helpful?

Thanks & regards

eyko139 · October 29, 2024, 5:54pm

I have the same issue with the same stacktrace.
After updating to 24.10 [release], the error still persists.

jojo · November 13, 2024, 3:34pm

I’m having the same issues on ElectricEel-24.10.0.2
I even did a fresh reinstall, it did not fix the issue.

When i just add my LDAP server (confirmed working properly with other services), it works. But when adding any sort of “Auxiliary Parameters” to the LDAP config on TrueNAS, i get

[EFAULT] Nov 13 07:32:52 systemd[1]: Starting sssd.service - System Security Services Daemon… Nov 13 07:32:52 sssd[4603]: SSSD couldn’t load the configuration database [1432158325]: Error while parsing configuration file Nov 13 07:32:52 systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION Nov 13 07:32:52 systemd[1]: sssd.service: Failed with result ‘exit-code’. Nov 13 07:32:52 systemd[1]: Failed to start sssd.service - System Security Services Daemon.

Error: Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/middlewared/job.py”, line 488, in run
await self.future
File “/usr/lib/python3/dist-packages/middlewared/job.py”, line 533, in __run_body
rv = await self.method(*args)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 49, in nf
res = await f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 179, in nf
return await func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py”, line 681, in do_update
await self.__start(job, ds_type)
File “/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py”, line 957, in __start
cache_job_id = await self.middleware.call(‘directoryservices.connection.activate’)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1626, in call
return await self._call(
^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1468, in call
return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1361, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/concurrent/futures/thread.py”, line 58, in run
result = self.fn(*self.args, **self.kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/plugins/directoryservices/join.py", line 48, in activate
self.ldap_activate()
File "/usr/lib/python3/dist-packages/middlewared/plugins/directoryservices/ldap_join_mixin.py", line 12, in _ldap_activate
self.middleware.call_sync(‘service.start’, ‘sssd’, {‘silent’: False})
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1651, in call_sync
return self.run_coroutine(methodobj(*prepared_call.args))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1691, in run_coroutine
return fut.result()
^^^^^^^^^^^^
File “/usr/lib/python3.11/concurrent/futures/_base.py”, line 449, in result
return self.__get_result()
^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/concurrent/futures/_base.py”, line 401, in __get_result
raise self._exception
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 179, in nf
return await func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 49, in nf
res = await f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/plugins/service.py”, line 208, in start
raise CallError(await service_object.failure_logs() or ‘Service not running after start’)
middlewared.service_exception.CallError: [EFAULT] Nov 13 07:32:52 systemd[1]: Starting sssd.service - System Security Services Daemon…
Nov 13 07:32:52 sssd[4603]: SSSD couldn’t load the configuration database [1432158325]: Error while parsing configuration file
Nov 13 07:32:52 systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
Nov 13 07:32:52 systemd[1]: sssd.service: Failed with result ‘exit-code’.
Nov 13 07:32:52 systemd[1]: Failed to start sssd.service - System Security Services Daemon.

kapsh · January 29, 2025, 10:20pm

Can’t say anything about QNAS, don’t have one, but I’ve tried to connect Truenas to Synology Directory Server (which runs slapd under the hood) with no issues: it connects, fetches users, etc.

LLDAP on other hand seems to be incompatible: none of the settings on Directory Services tab worked resulting in the same backtrace with systemd error. Messages in /var/log/sssd/sssd.log aren’t helpful either: similar errors with options “Schema: RFC2307” sssd_lldap_2307_error.txt (6.8 KB) and same+BIS sssd_lldap_bis_error.txt (6.8 KB)

LLDAP debug output lldap.txt (7.0 KB) suggests that sssd connects, reads bind user’s groups and bails after that. My guess, it cannot find some required attributes or doesn’t like their snake_case naming instead of usual camelCase.

To reproduce this setup run container from lldap/lldap:stable image with 3890 (optionally 17170 for UI) exposed and connect to 3890 with uid=admin,ou=people,dc=example,dc=com / password by default.