Troubleshooting¶
The web interface throws useless error messages¶
Unless the current user has admin permissions
, or the installation is in DEBUG
mode, error messages won’t be too technical.
For instance, you can see The request you made is invalid.
To enable detailed error messages, you can temporarily enable the DEBUG
configuration parameter.
How to manually install LDAP schemas?¶
Note
Schema installation can be automatically done using the install command.
As of OpenLDAP 2.4, two configuration methods are available:
The deprecated one, based on a configuration file (generally
/etc/ldap/slapd.conf
);The new one, based on a configuration directory (generally
/etc/ldap/slapd.d
).
Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:
Old fashion: Copy the schemas in your filesystem¶
test -d /etc/openldap/schema && sudo cp "$CANAILLE_INSTALL_DIR/env/lib/python*/site-packages/canaille/backends/ldap/schemas/*" /etc/openldap/schema
test -d /etc/ldap/schema && sudo cp "$CANAILLE_INSTALL_DIR/env/lib/python*/site-packages/canaille/backends/ldap/schemas/*" /etc/ldap/schema
sudo service slapd restart
New fashion: Use slapadd to add the schemas¶
Be careful to stop your ldap server before running slapadd
sudo service slapd stop
sudo -u openldap slapadd -n0 -l "$CANAILLE_INSTALL_DIR/env/lib/python*/site-packages/canaille/backends/ldap/schemas/*.ldif"
sudo service slapd start
How to manually generate the OIDC keypair?¶
Note
The keypair generation can be automatically done using the install command.
Canaille needs a key pair to sign OIDC tokens.
You can customize those commands, as long as they match the JWT
section of your configuration file.
sudo openssl genrsa -out "$CANAILLE_CONF_DIR/private.pem" 4096
sudo openssl rsa -in "$CANAILLE_CONF_DIR/private.pem" -pubout -outform PEM -out "$CANAILLE_CONF_DIR/public.pem"