Missleading LDAP connection error at startup

[rhafer]

Describe the bug

We still sometimes have that annoying LDAP connection error at startup:

Sep 04 10:41:14 cloud3 ocis[48376]: {"level":"error","service":"graph","error":"LDAP Result Code 200 \"Network Error\": dial tcp 127.0.
0.1:9235: connect: connection refused","time":"2022-09-04T10:41:14.071066858+02:00","message":"could not get ldap Connection"}
Sep 04 10:41:14 cloud3 ocis[48376]: {"level":"error","service":"graph","error":"LDAP Result Code 200 \"Network Error\": dial tcp 127.0.
0.1:9235: connect: connection refused","time":"2022-09-04T10:41:14.07222107+02:00","message":"autoconnect could not get ldap Connection
"}

It is missleading and usually caused by some services (users, group, auth,graph) trying to connect to idm before it is actually up.

[lengyefenghan]

I also encountered this bug in the 2.0.0-rc.1 version of the arm64 architecture.

# docker run --rm -p 9200:9200 -v /mnt/data/ocis/conf:/etc/ocis -v /mnt/data/ocis/data:/var/lib/ocis -e OCIS_INSECURE=true owncloud/ocis:2.0.0-rc.1-linux-arm64
{"level":"error","service":"graph","error":"LDAP Result Code 200 \"Network Error\": dial tcp 127.0.0.1:9235: connect: connection refused","time":"2022-11-07T03:16:58.610642615Z","message":"could not get ldap Connection"}
{"level":"error","service":"graph","error":"LDAP Result Code 200 \"Network Error\": dial tcp 127.0.0.1:9235: connect: connection refused","time":"2022-11-07T03:16:58.611041296Z","message":"autoconnect could not get ldap Connection"}

[tommyalatalo]

I am also getting this kind of error when starting up ocis without any specific LDAP configuration:

{"level":"error","service":"idm","bind_dn":"uid=libregraph,ou=sysusers,o=libregraph-idm","op":"bind","remote_addr":"127.0.0.1:37954","time":"2022-12-04T16:22:11.58568777Z","message":"not found"}
{"level":"error","service":"graph","error":"LDAP Result Code 49 \"Invalid Credentials\": ","time":"2022-12-04T16:22:11.585785643Z","message":"Bind failed"}
{"level":"error","service":"graph","error":"LDAP Result Code 49 \"Invalid Credentials\": ","time":"2022-12-04T16:22:11.58584276Z","message":"autoconnect could not get ldap Connection"}

My enironment variables, which I am start a brand new ocis instance with:

OCIS_INSECURE         = true
OCIS_URL              = "https://ocis.mydomain.com"
OCIS_HTTP_TLS_ENABLED = "false"

I don't use LDAP and am not planning to, so it's very odd that LDAP is configured by default without any explanation of how to manage that.

[butonic]

@altosys ocis starts a minimal user management service that implements LDAP called libregraph IDM so we only have to maintain one user backend implementation. That is why ldap is configured by default. We are trying to avoid reinventing the wheel when sth like openldap exists out there. On the other hand, we want to allow admins to just download ocis and run it without having to configure a gazillion of other services ocis depends on. The current default ocis build actually targets scale out deployments, which only makes sense when you actually plan to scale out. If the instance is going to run as a standalone service, e.g. in a docker container you should use completely different persistence options: plain json files instead of json persisted in a cs3 storage prvider. We are very busy with a large deployment, but personally, I'd like to change the default ocis build to run only in memory. No persistence. If you want that either you as the admin or a package maintainer has to make a choice of how to persist files, users, shares etc.

[awkto]

Is there a simple workaround on this issue? I run into it everytime and can't get past this.

[rhafer]

@awkto Hm looking again a the exact error message you pasted I think you're hitting a different issue:

{"level":"error","service":"graph","error":"LDAP Result Code 49 \"Invalid Credentials\": ","time":"2022-12-04T16:22:11.585785643Z","message":"Bind failed"}
{"level":"error","service":"graph","error":"LDAP Result Code 49 \"Invalid Credentials\": ","time":"2022-12-04T16:22:11.58584276Z","message":"autoconnect could not get ldap Connection"}

The service users fail to authenticate with the builtin LDAP server. Something might have go wrong when bootstrapping the installation. Can you try again with a clean environment (specifically after cleaning ocis data directory and re-running ocis init). Please open a new issue if the problem perists because it is unrelated to this issue.