LDAP configuration - help needed


#1

Hello everyone !
I’m running my mastodon instance through Yunohost, but current install doesn’t configure LDAP by default. So I’m trying to figure out the proper config.
Here is what I have done :

Snip of my .env.production :

# LDAP authentication (optional)
LDAP_ENABLED=true
LDAP_HOST=127.0.0.1
LDAP_PORT=389
LDAP_TLS_NO_VERIFY=true
LDAP_METHOD=start_tls
LDAP_BASE=ou=users,dc=yunohost,dc=org
LDAP_BIND_DN=ou=admin,dc=yunohost,dc=org
LDAP_PASSWORD=<redacted_password_of_admin>
LDAP_UID=uid
#LDAP_SEARCH_FILTER="%{uid}=%{email}"

I’m no ldap guru but I manage to connect ldap using admin credentials through ldapsearch cli. So url, port, account and passowrd seem correct.

I don’t have logs in mastodon/live/log, neither in /var/log.
Here is what systemctl returns :

$ sudo systemctl status mastodon-web
[...]
oct. 27 12:41:51 taboulisme.com bundle[16189]: [7e22fab3-b147-4bb7-8607-f330c73503e2] method=POST path=/auth/sign_in format=html controller=Auth::SessionsController action=create status
oct. 27 12:41:51 taboulisme.com bundle[16189]: [7e22fab3-b147-4bb7-8607-f330c73503e2]
oct. 27 12:41:51 taboulisme.com bundle[16189]: [7e22fab3-b147-4bb7-8607-f330c73503e2] Net::LDAP::Error (start_tls failed: 2):
oct. 27 12:41:51 taboulisme.com bundle[16189]: [7e22fab3-b147-4bb7-8607-f330c73503e2]
oct. 27 12:41:51 taboulisme.com bundle[16189]: [7e22fab3-b147-4bb7-8607-f330c73503e2] lib/devise/ldap_authenticatable.rb:29:in `authenticate!'
oct. 27 12:41:51 taboulisme.com bundle[16189]: [7e22fab3-b147-4bb7-8607-f330c73503e2] app/controllers/concerns/localized.rb:14:in `set_locale'

I already asked yunohost community (there) which advised me to ask here… :grin:

Can someone help me figure this out ? Thanks :slight_smile:


#2

Also, I had another clue here : [Feature] LDAP Integration · Issue #67 · YunoHost-Apps/mastodon_ynh · GitHub
So, maybe related to Net::LDAP simple method not supported · Issue #6991 · tootsuite/mastodon · GitHub