Try the fastest and simplest way to install ONLYOFFICE

Error when i try to modify our LDAP setting

Tech support for Enterprise Version

Error when i try to modify our LDAP setting

Postby dsi-lille » Mon Sep 26, 2016 7:42 am

Hi,

the first time i set LDAP setting, there were no problem.
But now, i get this error : "Internal server error"

and in the log :

2016-09-26 09:59:36,627 DEBUG [Threadpool worker] ASC.Api - response:{"count":1,"status":0,"statusCode":200,"response":{"completed":true,"id":"2","status":"Paramètres d'eregistrement ","error":"Erreur interne du serveur.","percents":10,"certificateConfirmRequest":null}}

My LDAP config :
ldap_conf.jpg
ldap_conf.jpg (47.23 KiB) Viewed 910 times


The only difference is that i set the HTTPS.

Thanks for your help,
Yoann
dsi-lille
 
Posts: 88
Joined: Mon Jul 11, 2016 1:47 pm

Re: Error when i try to modify our LDAP setting

Postby Eugenie » Tue Sep 27, 2016 12:43 pm

Hello,

Please specify if you use self-signed sertificate or not? Do you enable TLS in the LDAP settings? Could you get data from LDAP server using any third-party program (ldapadmin for example) with the same settings?
Eugenie
 
Posts: 134
Joined: Mon Aug 25, 2014 10:11 am

Re: Error when i try to modify our LDAP setting

Postby dsi-lille » Tue Sep 27, 2016 12:58 pm

Hi,

it's not a self-signed certificate.
TLS is not enable. I try to enable it : same error...

Yes, i can access and get data from our LDAP with the same settings.

Thanks for your help,
Yoann
dsi-lille
 
Posts: 88
Joined: Mon Jul 11, 2016 1:47 pm

Re: Error when i try to modify our LDAP setting

Postby Eugenie » Tue Sep 27, 2016 2:58 pm

Yoann,

Do you have access from ONLYOFFICE server to the verification center.

Please try also to disable https and check if LDAP work correctly with the same filters
Eugenie
 
Posts: 134
Joined: Mon Aug 25, 2014 10:11 am

Re: Error when i try to modify our LDAP setting

Postby dsi-lille » Wed Sep 28, 2016 7:10 am

What do you mean by "verification center"
Disable HTTPS can be difficult. It's a production platform...
We need to plan such thing. Is-it really necessary ?

Thanks,
Yoann
dsi-lille
 
Posts: 88
Joined: Mon Jul 11, 2016 1:47 pm

Re: Error when i try to modify our LDAP setting

Postby Eugenie » Wed Sep 28, 2016 1:30 pm

Please reproduce the issue and then send us the whole web.api.log with enabled Debug and web.log for the current day
Eugenie
 
Posts: 134
Joined: Mon Aug 25, 2014 10:11 am

Re: Error when i try to modify our LDAP setting

Postby dsi-lille » Thu Sep 29, 2016 2:49 pm

Hi,

I do not know why but yesterday I successfully imported the accounts of our LDAP.
But today, it does not work again

And i don't know why because nothing change.

You can download the file you asked for here : https://filesender.renater.fr/?s=downlo ... c3&lang=en

Thanks again for your help,
Yoann
dsi-lille
 
Posts: 88
Joined: Mon Jul 11, 2016 1:47 pm

LDAP Authentication is really slow

Postby dsi-lille » Fri Sep 30, 2016 7:22 am

Hi,

we have a problem with the LDAP authentication.
The authentication with an LDAP account can take up to 1min30s to allow the user to access the platform
With a local account, it's practically instantaneous.
I check logs from our LDAP server. This is the requests LDAP that OnlyOffice send to our ldap server

[29/Sep/2016:16:05:42 +0200] conn=17378148 op=1 msgId=142 - SRCH base="ou=personnels en,ou=ac-lille,ou=education,o=gouv,c=fr" scope=2 filter="(&(&(FrEduLilHabilitation=Grouper|app:escola:habil:utilisateurs))(mail=yoann.delattre@ac-lille.fr))" attrs="* entrydn entryuuid nsUniqueId guid"
[29/Sep/2016:16:05:42 +0200] conn=17378151 op=1 msgId=145 - SRCH base="ou=personnels en,ou=ac-lille,ou=education,o=gouv,c=fr" scope=2 filter="(&(&(entryuuid=2bf42381-fba511df-803cf8f9-bce87c14))(&(FrEduLilHabilitation=Grouper|app:escola:habil:utilisateurs)))" attrs="* entrydn entryuuid nsUniqueId guid"
[29/Sep/2016:16:06:48 +0200] conn=17380697 op=1 msgId=148 - SRCH base="ou=personnels en,ou=ac-lille,ou=education,o=gouv,c=fr" scope=2 filter="(&(&(nsUniqueId=2bf42381-fba511df-803cf8f9-bce87c14))(&(FrEduLilHabilitation=Grouper|app:escola:habil:utilisateurs)))" attrs="* entrydn entryuuid nsUniqueId guid"

Our ldap use nsUniqueId and not guid or entryuuid.
I think this is why the authentication is slow.

Is there a way to specify that we use only the nsUniqueId LDAP attribute and don't perform the request with the entryuuid/guid LDAP attributes ?

Thanks,
Yoann
dsi-lille
 
Posts: 88
Joined: Mon Jul 11, 2016 1:47 pm

Re: Error when i try to modify our LDAP setting

Postby Eugenie » Fri Sep 30, 2016 9:06 am

Hello, please send us access to your server and to your portal to support@onlyoffice.com. We need it to reproduce the issue.
Eugenie
 
Posts: 134
Joined: Mon Aug 25, 2014 10:11 am

Re: Error when i try to modify our LDAP setting

Postby Eugenie » Fri Sep 30, 2016 11:45 am

As for the second question,
ONLYOFFICE LDAP request just check the indicated attributes, if any of attribute are missed, it skips them. So it cannot cause the issue.

Probably the issue is connected with a complex filter or with many users who are under this filter. The problem can be connected with the net transfer. Please do the following to check the issue: create a request to LDAP server with this filter using any other third-party program and see how long it will be executed.
Eugenie
 
Posts: 134
Joined: Mon Aug 25, 2014 10:11 am

Next

Return to Enterprise Version

Who is online

Users browsing this forum: No registered users and 1 guest

cron