Troubleshooting

The web interface throws useless error messages

Unless the current user has admin permissions, or the installation is in DEBUG mode, error messages won’t be too technical. For instance, you can see The request you made is invalid. To enable detailed error messages, you can temporarily enable the DEBUG configuration parameter.

How to manually install LDAP schemas?

Note

Schema installation can be automatically done using the install command.

As of OpenLDAP 2.4, two configuration methods are available:

  • The deprecated one, based on a configuration file (generally /etc/ldap/slapd.conf);

  • The new one, based on a configuration directory (generally /etc/ldap/slapd.d).

Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:

Old fashion: Copy the schemas in your filesystem

test -d /etc/openldap/schema && sudo cp "$CANAILLE_INSTALL_DIR/env/lib/python*/site-packages/canaille/backends/ldap/schemas/*" /etc/openldap/schema
test -d /etc/ldap/schema && sudo cp "$CANAILLE_INSTALL_DIR/env/lib/python*/site-packages/canaille/backends/ldap/schemas/*" /etc/ldap/schema
sudo service slapd restart

New fashion: Use slapadd to add the schemas

Be careful to stop your ldap server before running slapadd

sudo service slapd stop
sudo -u openldap slapadd -n0 -l "$CANAILLE_INSTALL_DIR/env/lib/python*/site-packages/canaille/backends/ldap/schemas/*.ldif"
sudo service slapd start

How to manually generate the OIDC keypair?

Note

The keypair generation can be automatically done using the install command.

Canaille needs a key pair to sign OIDC tokens. You can customize those commands, as long as they match the JWT section of your configuration file.

sudo openssl genrsa -out "$CANAILLE_CONF_DIR/private.pem" 4096
sudo openssl rsa -in "$CANAILLE_CONF_DIR/private.pem" -pubout -outform PEM -out "$CANAILLE_CONF_DIR/public.pem"