1. Home
  2. Categories
  3. Support
  4. Connection issues when configuring LDAP on Linux container

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Connection issues when configuring LDAP on Linux container

  • K

    Hello,

    We are currently experiencing issues configuring LDAP on a trial license.

    ProGet: Version 5.3.28 (Build 16)
    OS: OEL 7
    Container Engine: Podman 1.4.4

    Podman v1.4.4 did not implement networks yet, we are hoping that should not cause issues.

    Steps taken to configure LDAP:

    1. Go to Administration -> Manage User Directories
    2. Click “AD Credentials”
    3. Click “Create Credential”
    4. Enter Name as “BindUser”
    5. Enter the username in format "user@domain.network"
    6. Enter the password.
    7. Save.
    8. Go back to Administration -> Manage User Directories
    9. Click to edit “Active Directory (LDAP)” Directory
    10. Set “Search mode” to “Specific list…”
    11. Set “Domains to search: (one per line)” to “domain.network,BindUser”
    12. Check “Search recursively”, “Include gMSA”, and “Use LDAPS”.
    13. Test searching for a user.
    14. Get generic connection error.
    15. Uncheck “Use LDAPS”.
    16. Test searching for a user again.
    17. Get “Invalid Credentials” error

    We have double checked the credentials are correct. There seems to be an issue with LDAPS and Linux containers, but since .NET 5 was being used we would have better integration.

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    We don't have much experience with Podman, we typically use the Docker engine, but not having networks should be OK as long as you can access the database server from the container.

    I think the first issue is that you will need to use the username as just user instead of user@domain.network.

    The next piece is LDAPS. One thing that is tricky is that your domain has to have a valid certificate. Self-signed (or domain generated) certificates don't seem to work in most cases. We have had some success from customers who have registered the certificates inside the container. Typically you would add the certificate by creating a new docker image based on the ProGet image.

    Hope this helps!

    Thanks,
    Rich

    0 K 2 Replies
  • K

    @rhessinger I forgot to mention that when we get the "Invalid Credentials" error, LDAPS is off and we have a hostname set for the "Domain controller host: " setting. If I remove the domain controller setting, I get "Error: Object reference is not set to an instance of an object"

    [Debug] Search term: userName
    [Debug] Filter string: (&(|(objectCategory=user)(objectCategory=group))(|(userPrincipalName=userName*)(sAMAccountName=userName*)(name=userName*)(displayName=userName*)))
    [Debug] Building search root paths for search mode SpecificDomains...
    [Debug] Searching domain: svcbindinguser@domain.network

    0
  • K

    @rhessinger I also setup the AD Credentials as you said, without the "@domain.network" portion.

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    Thanks for providing this additional information. Please give me a bit of time to review this and get back to you. I was able to recreate this issue on the ProGet image, but I need to find the root cause of this first.

    Thanks,
    Rich

    1
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    We have identified the issue and are working on a solution. The good news is that this is an issue with our InedoCore extensions, so once we correct this, you will be able to just update that extension. I will let you know as soon as we have something for you to try (it should be tomorrow).

    Thanks,
    Rich

    1 K 1 Reply
  • K

    @rhessinger thank you for the swift response! Much appreciated.

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    I have a build of the InedoCore extension 1.10.6-CI.11 that should resolve this issue. I have tested this in our lab and it has corrected the issue for me. Could you please try to upgrade this extension to see if this fixes your issue? The easiest way to install the pre-release extension on Docker is to follow the instruction listed in our pre-release extension guide.

    Thanks,
    Rich

    0 K 2 Replies
  • K

    @rhessinger thank you! I will work to upgrade the extension today/tomorrow and provide an update after.

    0
  • K

    @rhessinger looks like that fix works for LDAP! I'll have to work on testing out LDAPS, do you foresee any issues there?

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    That's great! Thanks for giving me an update. LDAPS is definitely more of an advanced configuration option currently. The hardest piece of LDAPS is getting and keeping the certificate valid and up to date in the Docker container. It depends on how you have your AD server setup, but they typically regenerate their certs and distribute them automatically. We actually use a third-party library Novell.Directory.Ldap.NETStandard for our AD connection in Docker due to the LDAPS support missing from the built-in one for .NET 5.

    As I stated before, creating a new image using the ProGet image as your base image tends to be the easiest way to add certificates to your container. Our image is built on top of dotnet/aspnet:5.0.5 (Debian 10 based). There are a handful of ways to do this.

    • Using ProGet as a base image, add the domain cert file(s) in the DockerFile
    • Using ProGet as a base image, add a mapping to the certificate folder in your DockerFile and manage that on your host.
    • use docker exec to add the certificates after the image has started
    • etc...

    Stack Overflow can be helpful in adding certificates to your containers for your AD setup. Right now we have not determined a standard way of setting this up since each instance we have dealt with seems to be configured differently, but we always look for feedback in this configuration process.

    Thanks,
    Rich

    1 K 1 Reply
  • K

    @rhessinger now that LDAP is working we have been testing out LDAPS. What we have done is mount a volume from the host CA cert location to the container CA cert location (/usr/local/share/ca-certificates/) and run "update-ca-certificates" in the container. Just to be safe, we then stop and start the container to ensure the application picks up the changes. We are getting the following from the container logs:

    Running Feed Replication...
Feed Replication completed.
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 POST http://proget.domain.network/administration/security/directories/edit?userDirectoryId=4 application/x-www-form-urlencoded 599
Novell
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 POST http://proget.domain.network/administration/security/directories/edit?userDirectoryId=4 application/x-www-form-urlencoded 599 - 200 2957 text/html;+charset=UTF-8 36.4857ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/AH/AH.js?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/AH/AH.js?950.1.7.1 - - - 200 6835 application/javascript 1.1092ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/common.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/common.css?950.1.7.1 - - - 200 859 text/css 0.9084ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/normalize.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/normalize.css?950.1.7.1 - - - 200 2608 text/css 0.8422ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/fonts.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/controls.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/icons.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/controls.css?950.1.7.1 - - - 200 3314 text/css 0.6805ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/fonts.css?950.1.7.1 - - - 200 196 text/css 0.8170ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/icons.css?950.1.7.1 - - - 200 530 text/css 0.8027ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/styles/proget.css - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/modal.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/modal.css?950.1.7.1 - - - 200 244 text/css 0.8751ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/styles/proget.css - - - 200 2994 text/css 0.9401ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.min.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.structure.min.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.min.css?950.1.7.1 - - - 200 4853 text/css 0.8035ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.theme.min.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.structure.min.css?950.1.7.1 - - - 200 4776 text/css 0.8797ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.theme.min.css?950.1.7.1 - - - 200 2247 text/css 0.7846ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.hacks.css?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.hacks.css?950.1.7.1 - - - 200 489 text/css 0.8334ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/styles/v5.css - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/Fonts.css - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/styles/v5.css - - - 200 3214 text/css 0.8511ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/Fonts.css - - - 200 196 text/css 0.7627ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-1.11.3.min.js?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.min.js?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.min.js?950.1.7.1 - - - 200 61388 application/javascript 0.9751ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-1.11.3.min.js?950.1.7.1 - - - 200 33726 application/javascript 1.1086ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_frameddialog.js?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/Resources/Scripts/urls.js - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_frameddialog.js?950.1.7.1 - - - 200 1161 application/javascript 0.7417ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/Resources/Scripts/urls.js - - - 200 6294 application/javascript 0.7682ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_initmodal.js?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_initmodal.js?950.1.7.1 - - - 200 2147 application/javascript 0.8164ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_formfield.js?950.1.7.1 - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_formfield.js?950.1.7.1 - - - 200 589 application/javascript 0.8173ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/icons/help.svg - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/icons/help.svg - - - 200 1161 image/svg+xml 1.0125ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/administration/security/directories/images/ui-icons_888888_256x240.png - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/administration/security/directories/images/ui-icons_222222_256x240.png - -
An "HTTP 404 Not Found" occurred in the web application
An "HTTP 404 Not Found" occurred in the web application
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/administration/security/directories/images/ui-icons_888888_256x240.png - - - 404 1848 text/html;+charset=UTF-8 6.1191ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/images/ui-icons_888888_256x240.png - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/images/ui-icons_888888_256x240.png - - - 200 6999 image/png 1.2750ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://proget.domain.network/administration/security/directories/images/ui-icons_222222_256x240.png - - - 404 1847 text/html;+charset=UTF-8 210.0431ms
Running Execution Dispatcher...
Checking for executions to dispatch...
Execution Dispatcher completed.
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 POST http://proget.domain.network/0x44/ProGet.WebApplication/Inedo.ProGet.WebApplication.Controls.Layout.NotificationBar/GetNotifications - 0
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 POST http://proget.domain.network/0x44/ProGet.WebApplication/Inedo.ProGet.WebApplication.Controls.Layout.NotificationBar/GetNotifications - 0 - 200 30 - 1.5516ms

    and also the following message from the LDAP test:

    [Debug] Search term: userName
[Debug] Filter string: (&(|(|(objectCategory=user)(objectCategory=msDS-GroupManagedServiceAccount))(objectCategory=group))(|(userPrincipalName=userName*)(sAMAccountName=userName*)(name=kichikawa*)(displayName=userName*)))
[Debug] Building search root paths for search mode SpecificDomains...
[Debug] Searching domain: svcbindinguser@domain.network
    0 K 1 Reply
  • K

    @kichikawa_2913 We validated the ca certs were recognized by the container by running openssl command from within the container to an internal HTTPS URL that uses an internally signed cert and also to our domain controller over port 636 for LDAPS. Both succeeded.

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    Did you see any sort of error when using LDAPS? I don't see one in your previous logs message. Also, are you using the standard port (636) for LDAPS?

    Thanks,
    Rich

    0 K 1 Reply
  • K

    @rhessinger That's something I forgot to double check, it does look like we use a different port. Also, sorry about the last log entries, these ones show exactly when I clicked the "Test" button on the LDAP configuration.

    2021-05-14T06:33:37.831480629-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:37.831480629-04:00       Request starting HTTP/1.1 POST http://proget.domain.network/administration/security/directories/edit?userDirectoryId=4 application/x-www-form-urlencoded 600
2021-05-14T06:33:37.853125533-04:00 Novell
2021-05-14T06:33:37.861160505-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:37.861160505-04:00       Request finished HTTP/1.1 POST http://proget.domain.network/administration/security/directories/edit?userDirectoryId=4 application/x-www-form-urlencoded 600 - 200 2950 text/html;+charset=UTF-8 29.6896ms
2021-05-14T06:33:37.960908822-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:37.960908822-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/AH/AH.js?950.1.7.1 - -
2021-05-14T06:33:37.961954750-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:37.961954750-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/AH/AH.js?950.1.7.1 - - - 200 6835 application/javascript 1.0031ms
2021-05-14T06:33:38.008084898-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.008084898-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/icons.css?950.1.7.1 - -
2021-05-14T06:33:38.009292550-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.009292550-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/fonts.css?950.1.7.1 - -
2021-05-14T06:33:38.009292550-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.009292550-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/common.css?950.1.7.1 - -
2021-05-14T06:33:38.009292550-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.009292550-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/normalize.css?950.1.7.1 - -
2021-05-14T06:33:38.009292550-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.009292550-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/icons.css?950.1.7.1 - - - 200 530 text/css 0.7520ms
2021-05-14T06:33:38.009292550-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.009292550-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/fonts.css?950.1.7.1 - - - 200 196 text/css 0.6669ms
2021-05-14T06:33:38.009292550-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.009292550-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/common.css?950.1.7.1 - - - 200 859 text/css 0.6780ms
2021-05-14T06:33:38.009292550-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.009292550-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/normalize.css?950.1.7.1 - - - 200 2608 text/css 0.6414ms
2021-05-14T06:33:38.011058630-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.011058630-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/controls.css?950.1.7.1 - -
2021-05-14T06:33:38.011058630-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.011058630-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/modal.css?950.1.7.1 - -
2021-05-14T06:33:38.011058630-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.011058630-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/controls.css?950.1.7.1 - - - 200 3314 text/css 0.6005ms
2021-05-14T06:33:38.011058630-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.011058630-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/modal.css?950.1.7.1 - - - 200 244 text/css 0.6505ms
2021-05-14T06:33:38.052177099-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.052177099-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/styles/proget.css - -
2021-05-14T06:33:38.052900882-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.052900882-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/styles/proget.css - - - 200 2994 text/css 0.6884ms
2021-05-14T06:33:38.058103188-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.058103188-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.structure.min.css?950.1.7.1 - -
2021-05-14T06:33:38.058103188-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.058103188-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.min.css?950.1.7.1 - -
2021-05-14T06:33:38.058825117-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.058825117-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.structure.min.css?950.1.7.1 - - - 200 4776 text/css 0.7080ms
2021-05-14T06:33:38.058825117-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.058825117-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.min.css?950.1.7.1 - - - 200 4853 text/css 0.7596ms
2021-05-14T06:33:38.060759029-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.060759029-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.theme.min.css?950.1.7.1 - -
2021-05-14T06:33:38.061257254-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.061257254-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.theme.min.css?950.1.7.1 - - - 200 2247 text/css 0.6159ms
2021-05-14T06:33:38.063195885-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.063195885-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.hacks.css?950.1.7.1 - -
2021-05-14T06:33:38.063868437-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.063868437-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.hacks.css?950.1.7.1 - - - 200 489 text/css 0.6866ms
2021-05-14T06:33:38.068079732-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.068079732-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/styles/v5.css - -
2021-05-14T06:33:38.068716726-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.068716726-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/styles/v5.css - - - 200 3214 text/css 0.6335ms
2021-05-14T06:33:38.105396203-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.105396203-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/Fonts.css - -
2021-05-14T06:33:38.106054161-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.106054161-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/Fonts.css - - - 200 196 text/css 0.6729ms
2021-05-14T06:33:38.106865359-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.106865359-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.min.js?950.1.7.1 - -
2021-05-14T06:33:38.106865359-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.106865359-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-1.11.3.min.js?950.1.7.1 - -
2021-05-14T06:33:38.107554903-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.107554903-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-1.11.3.min.js?950.1.7.1 - - - 200 33726 application/javascript 0.6897ms
2021-05-14T06:33:38.107728607-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.107728607-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/jquery-ui.min.js?950.1.7.1 - - - 200 61388 application/javascript 0.8054ms
2021-05-14T06:33:38.111155529-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.111155529-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_frameddialog.js?950.1.7.1 - -
2021-05-14T06:33:38.112025380-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.112025380-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_frameddialog.js?950.1.7.1 - - - 200 1161 application/javascript 0.7622ms
2021-05-14T06:33:38.112025380-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.112025380-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/Resources/Scripts/urls.js - -
2021-05-14T06:33:38.113483903-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.113483903-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/Resources/Scripts/urls.js - - - 200 6294 application/javascript 0.6414ms
2021-05-14T06:33:38.113483903-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.113483903-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_initmodal.js?950.1.7.1 - -
2021-05-14T06:33:38.113483903-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.113483903-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_initmodal.js?950.1.7.1 - - - 200 2147 application/javascript 0.6291ms
2021-05-14T06:33:38.175187136-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.175187136-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_formfield.js?950.1.7.1 - -
2021-05-14T06:33:38.176021247-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.176021247-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/inedojq/inedojq_formfield.js?950.1.7.1 - - - 200 589 application/javascript 0.7670ms
2021-05-14T06:33:38.367869982-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.367869982-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/icons/help.svg - -
2021-05-14T06:33:38.368749301-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.368749301-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/styles/icons/help.svg - - - 200 1161 image/svg+xml 0.9706ms
2021-05-14T06:33:38.424032651-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.424032651-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/administration/security/directories/images/ui-icons_222222_256x240.png - -
2021-05-14T06:33:38.424032651-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.424032651-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/administration/security/directories/images/ui-icons_888888_256x240.png - -
2021-05-14T06:33:38.424453402-04:00 An "HTTP 404 Not Found" occurred in the web application
2021-05-14T06:33:38.424563884-04:00 An "HTTP 404 Not Found" occurred in the web application
2021-05-14T06:33:38.430435653-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.430435653-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/administration/security/directories/images/ui-icons_222222_256x240.png - - - 404 1848 text/html;+charset=UTF-8 6.2396ms
2021-05-14T06:33:38.430435653-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.430435653-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/administration/security/directories/images/ui-icons_888888_256x240.png - - - 404 1846 text/html;+charset=UTF-8 6.5858ms
2021-05-14T06:33:38.551773306-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-14T06:33:38.551773306-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/images/ui-icons_888888_256x240.png - -
2021-05-14T06:33:38.553159723-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-14T06:33:38.553159723-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/resources/InedoLib/jquery-ui-1.11.4/images/ui-icons_888888_256x240.png - - - 200 6999 image/png 1.3134ms
2021-05-14T06:33:39.882510111-04:00 Running Execution Dispatcher...
2021-05-14T06:33:39.882510111-04:00 Checking for executions to dispatch...
2021-05-14T06:33:39.887707048-04:00 Execution Dispatcher completed.

    The log entries above are from configuring for the default LDAPS port, I don't see anywhere to specifically set a port in the UI but I tried setting the "Domain controller host" field to be hostName:port and got the same results.

    EDIT: I also tested running the openssl commands to connect to our DC over the custom port and I was able to connect without issues.

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    Unfortunately, these logs do not show any errors (outside of a couple of resource images failing to load). Do you see any errors in your Diagnostics Center in the administration page?

    As for the port, upon further inspection, it looks like the port handling was removed when we upgraded ProGet to support .NET 5 on Docker. It used to parse it off the Domain Controller host address, I have now added it as a separate field that you can set. If you can upgrade your Inedo Core extension to 1.10.6-CI.13, that will give you the option to enter a custom port number. Could you please give that a try and see if that works?

    Thanks,
    Rich

    0 K 1 Reply
  • K

    @rhessinger I updated the extension and tried again; same error on the test page, nothing in the Diagnostic Center, and nothing telling in the container logs.

    Openssl commands do work over the port we use.

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    I think I have identified the issue. I have just pushed another version of InedoCore, version 1.10.7-CI.2 . Could you update and give that a try? I also added an option to bypass the LDAPS certificate verification. It is something that I would only use while testing. The solution you have with adding your certificates as valid certs is a more secure solution. One last thing to make sure you set is the Domain Controller Host. It can just be set to your domain (ex: domain.network using your steps from above). Linux/Docker does not seem to translate domain URLs the same way windows does.

    Thanks,
    Rich

    1 K 1 Reply
  • K

    @rhessinger I updated the extension and had to stop/start the container. After those steps the test search using LDAPS worked. I did not use the bypass certificate validation option.

    I'm having issues with switching to LDAP though; I go to Administration -> under Security and Authentication -> click Change User Directory (LDAP) -> enter credentials for AD account added under Administration -> User & Tasks -> Tasks, but when I click the switch button nothing happens. I repeat the steps one or two more times and then the button switches to "Switch to Built-In". I then tried to stop/start the container and it will no longer start up, here are the logs:

    2021-05-15T12:39:28.725672513-04:00 ProGet version is 5.3.28.16.
2021-05-15T12:39:29.217760650-04:00 Current DB schema version is 5.3.28.16.
2021-05-15T12:39:29.226261354-04:00 Starting the messenger...
2021-05-15T12:39:29.233061637-04:00 Messenger endpoint is tcp://localhost:1000
2021-05-15T12:39:29.242384666-04:00 Reading standard license list...
2021-05-15T12:39:29.244161259-04:00 Importing license list into database...
2021-05-15T12:39:29.647671816-04:00 License import complete.
2021-05-15T12:39:29.667862845-04:00 Looking for web app at: /usr/local/proget/web
2021-05-15T12:39:29.681658506-04:00 Initializing Scheduled Job Dispatcher...
2021-05-15T12:39:29.682192589-04:00 Scheduled Job Dispatcher initialized.
2021-05-15T12:39:29.683068656-04:00 Running Scheduled Job Dispatcher...
2021-05-15T12:39:29.695739484-04:00 Checking for scheduled jobs...
2021-05-15T12:39:29.731570206-04:00 Ensuring that all required scheduled jobs are configured...
2021-05-15T12:39:29.894296932-04:00 Scheduled job configuration is correct.
2021-05-15T12:39:30.063317953-04:00 Scheduled Job Dispatcher completed.
2021-05-15T12:39:30.070237930-04:00 info: Microsoft.Hosting.Lifetime[0]
2021-05-15T12:39:30.070237930-04:00       Now listening on: http://[::]:80
2021-05-15T12:39:30.070977279-04:00 info: Microsoft.Hosting.Lifetime[0]
2021-05-15T12:39:30.070977279-04:00       Application started. Press Ctrl+C to shut down.
2021-05-15T12:39:30.070977279-04:00 info: Microsoft.Hosting.Lifetime[0]
2021-05-15T12:39:30.070977279-04:00       Hosting environment: Production
2021-05-15T12:39:30.070977279-04:00 info: Microsoft.Hosting.Lifetime[0]
2021-05-15T12:39:30.070977279-04:00       Content root path: /usr/local/proget
2021-05-15T12:39:32.035847819-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-15T12:39:32.035847819-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/ - -
2021-05-15T12:39:32.165785282-04:00 Initializing extensions in /var/proget/extensions...
2021-05-15T12:39:32.210224781-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-15T12:39:32.210224781-04:00       Request starting HTTP/1.1 POST http://proget.domain.network/0x44/ProGet.WebApplication/Inedo.ProGet.WebApplication.Controls.Layout.NotificationBar/GetNotifications - 0
2021-05-15T12:39:32.308008757-04:00 Loading AWS extension from /tmp/Inedo/ExtensionCache/37543bedc11b0a94f5a597f2b9f968d2bb2cdcfe/package/net5.0/AWS.dll...
2021-05-15T12:39:32.314608137-04:00 Loading Azure extension from /tmp/Inedo/ExtensionCache/dd663c6c8c191f7b29bfd3b150e0ae51572cc0ba/package/net5.0/Azure.dll...
2021-05-15T12:39:32.318849973-04:00 Loading InedoCore extension from /tmp/Inedo/ExtensionCache/6499179f3ce87cb1c7d2dcadf74fcdbd2023f037/package/net5.0/InedoCore.dll...
2021-05-15T12:39:32.334907387-04:00 Loading Clair extension from /tmp/Inedo/ExtensionCache/2aaf77763c2739acb513738b819f60b190ab5d7f/package/net5.0/Clair.dll...
2021-05-15T12:39:32.337484374-04:00 Loading Sonatype extension from /tmp/Inedo/ExtensionCache/4bf4786f6ff2af66d3de185f9ccf150feaef6690/package/net5.0/Sonatype.dll...
2021-05-15T12:39:32.339735147-04:00 Extensions manager initialization complete.
2021-05-15T12:39:32.677513583-04:00 Configuring web proxy...
2021-05-15T12:39:32.677765044-04:00 Using custom web proxy settings.
2021-05-15T12:39:33.058825925-04:00 fail: Microsoft.AspNetCore.Server.Kestrel[13]
2021-05-15T12:39:33.058825925-04:00       Connection id "0HM8NO02145PI", Request id "0HM8NO02145PI:00000002": An unhandled exception was thrown by the application.
2021-05-15T12:39:33.058825925-04:00       Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown.
2021-05-15T12:39:33.058825925-04:00          at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(HttpApplication app) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E130753\Src\ProGet.WebApplication\ProGetHttpModule.cs:line 351
2021-05-15T12:39:33.058825925-04:00          at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(HttpApplication app)
2021-05-15T12:39:33.058825925-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:33.058825925-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:33.058825925-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:33.058825925-04:00          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
2021-05-15T12:39:33.058825925-04:00 fail: Microsoft.AspNetCore.Server.Kestrel[13]
2021-05-15T12:39:33.058825925-04:00       Connection id "0HM8NO02145PJ", Request id "0HM8NO02145PJ:00000002": An unhandled exception was thrown by the application.
2021-05-15T12:39:33.058825925-04:00       Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown.
2021-05-15T12:39:33.058825925-04:00          at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(HttpApplication app) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E130753\Src\ProGet.WebApplication\ProGetHttpModule.cs:line 351
2021-05-15T12:39:33.058825925-04:00          at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(HttpApplication app)
2021-05-15T12:39:33.058825925-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:33.058825925-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:33.058825925-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:33.058825925-04:00          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
2021-05-15T12:39:33.064489818-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-15T12:39:33.064489818-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/ - - - 500 0 - 1032.2865ms
2021-05-15T12:39:33.064489818-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-15T12:39:33.064489818-04:00       Request finished HTTP/1.1 POST http://proget.domain.network/0x44/ProGet.WebApplication/Inedo.ProGet.WebApplication.Controls.Layout.NotificationBar/GetNotifications - 0 - 500 0 - 853.9542ms
2021-05-15T12:39:33.674215099-04:00 Initializing Proxy Configuration Monitor...
2021-05-15T12:39:33.674346204-04:00 Proxy Configuration Monitor initialized.
2021-05-15T12:39:33.674432888-04:00 Running Proxy Configuration Monitor...
2021-05-15T12:39:33.675695760-04:00 Proxy Configuration Monitor completed.
2021-05-15T12:39:36.494675143-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-15T12:39:36.494675143-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/ - -
2021-05-15T12:39:36.534387936-04:00 fail: Microsoft.AspNetCore.Server.Kestrel[13]
2021-05-15T12:39:36.534387936-04:00       Connection id "0HM8NO02145PI", Request id "0HM8NO02145PI:00000003": An unhandled exception was thrown by the application.
2021-05-15T12:39:36.534387936-04:00       Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown.
2021-05-15T12:39:36.534387936-04:00          at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(HttpApplication app) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E130753\Src\ProGet.WebApplication\ProGetHttpModule.cs:line 351
2021-05-15T12:39:36.534387936-04:00          at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(HttpApplication app)
2021-05-15T12:39:36.534387936-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:36.534387936-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:36.534387936-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:36.534387936-04:00          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
2021-05-15T12:39:36.535779899-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-15T12:39:36.535779899-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/ - - - 500 0 - 41.2354ms
2021-05-15T12:39:37.279959202-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-15T12:39:37.279959202-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/ - -
2021-05-15T12:39:37.317056142-04:00 fail: Microsoft.AspNetCore.Server.Kestrel[13]
2021-05-15T12:39:37.317056142-04:00       Connection id "0HM8NO02145PI", Request id "0HM8NO02145PI:00000004": An unhandled exception was thrown by the application.
2021-05-15T12:39:37.317056142-04:00       Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown.
2021-05-15T12:39:37.317056142-04:00          at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(HttpApplication app) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E130753\Src\ProGet.WebApplication\ProGetHttpModule.cs:line 351
2021-05-15T12:39:37.317056142-04:00          at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(HttpApplication app)
2021-05-15T12:39:37.317056142-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:37.317056142-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:37.317056142-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:37.317056142-04:00          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
2021-05-15T12:39:37.317177003-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-15T12:39:37.317177003-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/ - - - 500 0 - 37.5215ms
2021-05-15T12:39:37.674334797-04:00 Initializing Execution Dispatcher...
2021-05-15T12:39:37.675068562-04:00 Checking for orphaned executions...
2021-05-15T12:39:37.679198274-04:00 Execution Dispatcher initialized.
2021-05-15T12:39:37.679268981-04:00 Running Execution Dispatcher...
2021-05-15T12:39:37.705928199-04:00 Checking for executions to dispatch...
2021-05-15T12:39:37.713542381-04:00 Execution Dispatcher completed.
2021-05-15T12:39:38.190999760-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-15T12:39:38.190999760-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/ - -
2021-05-15T12:39:38.227968562-04:00 fail: Microsoft.AspNetCore.Server.Kestrel[13]
2021-05-15T12:39:38.227968562-04:00       Connection id "0HM8NO02145PI", Request id "0HM8NO02145PI:00000005": An unhandled exception was thrown by the application.
2021-05-15T12:39:38.227968562-04:00       Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown.
2021-05-15T12:39:38.227968562-04:00          at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(HttpApplication app) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E130753\Src\ProGet.WebApplication\ProGetHttpModule.cs:line 351
2021-05-15T12:39:38.227968562-04:00          at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(HttpApplication app)
2021-05-15T12:39:38.227968562-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:38.227968562-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:38.227968562-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:38.227968562-04:00          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
2021-05-15T12:39:38.228269535-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-15T12:39:38.228269535-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/ - - - 500 0 - 37.3348ms
2021-05-15T12:39:38.920950517-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-15T12:39:38.920950517-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/ - -
2021-05-15T12:39:38.957422036-04:00 fail: Microsoft.AspNetCore.Server.Kestrel[13]
2021-05-15T12:39:38.957422036-04:00       Connection id "0HM8NO02145PI", Request id "0HM8NO02145PI:00000006": An unhandled exception was thrown by the application.
2021-05-15T12:39:38.957422036-04:00       Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown.
2021-05-15T12:39:38.957422036-04:00          at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(HttpApplication app) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E130753\Src\ProGet.WebApplication\ProGetHttpModule.cs:line 351
2021-05-15T12:39:38.957422036-04:00          at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(HttpApplication app)
2021-05-15T12:39:38.957422036-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:38.957422036-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:38.957422036-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:38.957422036-04:00          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
2021-05-15T12:39:38.957649105-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-15T12:39:38.957649105-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/ - - - 500 0 - 36.7255ms
2021-05-15T12:39:39.678776146-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2021-05-15T12:39:39.678776146-04:00       Request starting HTTP/1.1 GET http://proget.domain.network/ - -
2021-05-15T12:39:39.715928593-04:00 fail: Microsoft.AspNetCore.Server.Kestrel[13]
2021-05-15T12:39:39.715928593-04:00       Connection id "0HM8NO02145PI", Request id "0HM8NO02145PI:00000007": An unhandled exception was thrown by the application.
2021-05-15T12:39:39.715928593-04:00       Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown.
2021-05-15T12:39:39.715928593-04:00          at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(HttpApplication app) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E130753\Src\ProGet.WebApplication\ProGetHttpModule.cs:line 351
2021-05-15T12:39:39.715928593-04:00          at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(HttpApplication app)
2021-05-15T12:39:39.715928593-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:39.715928593-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:39.715928593-04:00          at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
2021-05-15T12:39:39.715928593-04:00          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
2021-05-15T12:39:39.716044421-04:00 info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2021-05-15T12:39:39.716044421-04:00       Request finished HTTP/1.1 GET http://proget.domain.network/ - - - 500 0 - 37.4269ms

    Seems like there are other portions of the site that aren't using the new functionality?

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    I'm going to attempt to recreate your error on my system as well and see if I can find this issue. LDAPS on Docker has not been a popular option with our customers so far due to the complexity in managing the AD certificates. I really appreciate your patience in working through this with us.

    While I try to recreate this, could you try using an incognito browser and see if you are able to load and login? Also, can you try to restart your container again? Also, can you please verify the LDAPS connection is still working with the openssl command again?

    Thanks,
    Rich

    1 K 2 Replies
  • K

    @rhessinger I stopped/started the container again and was able to log in using an AD account from a private browser session and a normal browser session. I ran a shell in the container and ran the openssl commands again without issues.

    0
  • K

    @rhessinger we are at the point of having other users log in to ProGet to test, we are seeing the following messages for users who are part of an AD group that have every Task permission for any feed on their first log in attempt.

     Logged: 05/17/2021 15:13:35
 Level: Error
 Category: Web
 Message: An error occurred in the web application: Anti-CSRF validation failed because of user mismatch.
 Details: URL: http://proget.domain.network/log-in?ReturnUrl=%2F
Referrer: http://proget.domain.network/log-in?ReturnUrl=%2F
User: user@domain.network
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Stack trace: at Inedo.Web.Security.AntiCsrfContext.Validate(HttpContext context)
at Inedo.Web.PageFree.SimplePageBase.ValidatePostBackAsync()
at Inedo.Web.PageFree.SimplePageBase.ExecutePageLifeCycleAsync()
at Inedo.Web.PageFree.SimplePageBase.ProcessRequestAsync(HttpContext context)
at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)

    This was using normal browser instance, not private session. After their first attempt to log in they try again and it takes about 2 or so minutes for them to finally get in authenticated as their AD user.

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    Thanks for the information and I'm glad you can log in now. Let me dig in and see what I can find on these Anti-CSRF errors. Normally these happen because a reverse proxy is not properly forwarding headers. Do you have a reverse proxy (like Nginx or apache) sitting in front of this container? Also, do you know if once they get logged in if ProGet seems to run fine, or does each page request take a while to load?

    Would you be willing to test this without LDAPS so we can see if it is an LDAPS issue or not?

    Thanks,
    Rich

    0 K 1 Reply
  • K

    @rhessinger we currently do not have any proxy in front of the container, we will eventually have HAProxy.

    I had another user attempt to log in and it was instant. They also said that after the slow initial log in they were able to browse through the menus just fine.

    Do you want me to destroy the environment and set it up again to test without LDAPS?

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    You should just be able to remove the custom port and uncheck LDAPS then restart your container and that should remove LDAPS from your AD instance.

    Thanks,
    Rich

    0 K 1 Reply
  • K

    @rhessinger disabled LDAPS per your instruction, all users testing were able to log in and navigate around without issues.

    Re-enabled LDAPS using the same steps, but setting them instead of removing them, users also did not see any issues.

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    Did those users still experience the long initial login? Or did that go away?

    Thanks,
    Rich

    0 K 2 Replies
  • K

    @rhessinger The long initial login only happened once, they have not had it since. I even had another user who never logged in attempt with LDAPS enabled again, he received the 403 message on initial attempt but was able to get in on second attempt. Neither one of his attempts were slow.

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    @kichikawa_2913 we've reviewed this a bit more as a team, and believe that there are a few things to consider here.

    At first, it's clear you have a large, "older" Active Directory. There is a tremendous amount of customization one can do to Active Directory, and do enough of them over the years, and you end up with a "older" directory that has layer of layer of compatibility shims. You should see the crazy hacks they had to implement to get MSA accounts working...

    It's important to note here is the fact that Microsoft Active Directory and .NET (Core) do not play nicely together. It took Microsoft over 10 years to get .NET Framework to work with Active Directory, and it's still really quirky. We've worked-around as many of the bugs as we can.

    Microsoft is still trying to get .NET Core on Linux to work properly with Active Directory, but it's got a very long way to go as you're seeing. There are so many strange behaviors we've already had to work-around (like methods sometimes returning strings, sometimes returning byte arrays) -- and these behaviors will just come with new versions of their library.

    For all we know, the crazy "2 or so minutes" to do a login query could be a parsing error in their library? Or something timing out in their network code, but not logging an error? We saw all that in .NET Framework. In any case, we can only guess because their library provides no diagnostic information for us to use.

    At this point, you should open a support ticket to Microsoft. This is the only way we can see how to identify why you have a "2 minute or so" delay to run a basic login query.

    The code we have is really, really simple. It follows all of Microsoft's guidelines, and it'd be super-simple for you to reproduce the exact problems for them to show them. They have some advanced monitoring tools that can detect exactly what crazy stuff is happening between the query and Active Directory.

    We can't do this, because we don't have access to your directory. It's unique to your setup and
    configuration, somehow.

    Alternatively, just use Windows instead. It will be significantly cheaper in the long-run (I suspect we've already burned through a lifetime's worth of licensing fees diagnosing this problem). Microsoft is still years away from even having the support infrastructure to help their customers with Linux problems, so any time there's a slight problem on Microsoft's end (SQL Server, .NET Core) , it will be "DIY" -- which really means, spend a lot of your time fixing quirks on their software.

    0 K 1 Reply
  • K

    @atripp I'm okay with the problem shifting over to Microsoft, I was just happy to help with anything that can be resolved on your end. Ultimately, we want to use SAML, but because that's only available to use with an actual Enterprise license I needed another way to get a feel on how administering permissions felt with ProGet.

    I appreciate the time put into this and I'm glad I could help resolve some issues. @rhessinger has been super responsive and great to work with, thank you!

    0
  • K

    @rhessinger do you have an ETA on an actual release for the LDAP fixes?

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    I just released this extension to production now. Please let me know if you don't see an official release.

    Thanks,
    Rich

    1 K 1 Reply
  • K

    @rhessinger Looks like version 1.10.7 is the new version correct?

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    I'm sorry for not including that in my previous comment. You are correct 1.10.7 is the new version of the InedoCore extension that includes these fixes for LDAP and LDAPS on Docker.

    Thanks,
    Rich

    1 K 1 Reply
  • K

    @rhessinger we upgraded to the most recent version of ProGet using the Docker image by following these steps:

    1. Pull new image.
    2. Stop current container.
    3. Create new container using new image with a new name.
    4. Make sure CA certs are present in the container and made sure OS identifies them.
    5. Load ProGet web UI.
    6. Attempt to log in, getting incorrect credentials error.
    7. Attempt to log in with an admin user we manually created in the Built-In directory, same error.

    To resolve this; I had to bring back the old container, log in using AD, switch to Built-In directory for auth, stop old container, start new version container, log in with admin account under Built-In directory, go to Administration, update the InedoCore extension to most recent, and enable LDAP directory.

    Doesn't seem like ProGet reaches out for most recent extensions or the default installed version of the InedoCore extension should be 1.10.7. We shouldn't have this issue going forward, but I can see this being an issue later if an extension resolves issues that provide a major functionality.

    Another solution I guess that could work would be to manually download all extensions, put them in a directory on the host, and mount a volume that maps to the default extensions directory. I didn't try this out though.

    0
  • rhessinger
    inedo-engineer

    Hi @kichikawa_2913,

    Sorry, this is actually expected. When we release our products, they include the extensions that were released at the time of the product release. In this case, I released this version of InedoCore after we did the product release.

    If you look at our documentation for upgrading your docker image, the command includes --volumes-from=proget-old. This will auto migrate the previous volumes created from the previous version of ProGet and that will keep the updated extension (as long as the previous extensions is newer than the included extension version).

    Also, in Administration -> Advanced Settings, you can change Extensions.ExtensionsPath to a mapped path and that will also do the same thing (if the version in this directory is newer than the included) and give you easier access to the extension files.

    Thanks,
    Rich

    1
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation