Pydio Issue when accessing through Single Sign On


#1

Over the past weekend, a random issue started with Pydio where when some users access Pydio through our Single Sign-On (Shibboleth) they receive a generic error of:

No active repository found for user!

I then checked our logs and it wasn’t very informative (we are running Pydio off a docker setup, nonetheless this was what was found from the logs:

/usr/lib/python2.6/site-packages/supervisor/options.py:298: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
2019-01-02 18:17:26,198 CRIT Supervisor running as root (no user in config file)
2019-01-02 18:17:26,254 INFO RPC interface 'supervisor' initialized
2019-01-02 18:17:26,254 CRIT Server 'inet_http_server' running without any HTTP authentication checking
2019-01-02 18:17:26,254 INFO supervisord started with pid 1
2019-01-02 18:17:27,271 INFO spawned: 'httpd' with pid 10
2019-01-02 18:17:27,273 INFO spawnerr: can't find command '/usr/sbin/sshd'
2019-01-02 18:17:27,275 INFO spawned: 'generateCert' with pid 11
2019-01-02 18:17:27,279 INFO spawned: 'mysql' with pid 12
2019-01-02 18:17:28,050 INFO exited: generateCert (exit status 0; not expected)
2019-01-02 18:17:29,052 INFO success: httpd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2019-01-02 18:17:29,053 INFO spawnerr: can't find command '/usr/sbin/sshd'
2019-01-02 18:17:29,055 INFO spawned: 'generateCert' with pid 157
2019-01-02 18:17:29,056 INFO success: mysql entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2019-01-02 18:17:29,067 INFO exited: generateCert (exit status 0; not expected)
2019-01-02 18:17:31,070 INFO spawnerr: can't find command '/usr/sbin/sshd'
2019-01-02 18:17:31,073 INFO spawned: 'generateCert' with pid 158
2019-01-02 18:17:31,087 INFO exited: generateCert (exit status 0; not expected)
2019-01-02 18:17:34,090 INFO spawnerr: can't find command '/usr/sbin/sshd'
2019-01-02 18:17:34,090 INFO gave up: sshd entered FATAL state, too many start retries too quickly
2019-01-02 18:17:34,092 INFO spawned: 'generateCert' with pid 159
2019-01-02 18:17:34,104 INFO exited: generateCert (exit status 0; not expected)
2019-01-02 18:17:35,108 INFO gave up: generateCert entered FATAL state, too many start retries too quickly

This is what our docker-compose.yml file looks like:

version: "2"
services:
  pydio:
    image: pydio/pydio-core
    ports:
      - "8654:443"
    environment:
      - "VIRTUAL_HOST=our.organization.url:443"
    volumes:
      - ./mysql:/var/lib/mysql:rw
      - ./plugins:/var/lib/pydio/plugins:rw
      - ./personal:/var/lib/pydio/personal:rw

I am honestly not sure where to start as I am a bit unfamiliar with Pydio and would appreciate some pointers to getting this problem resolved so our users can access their files once again.

Happy New Years!


#2

Hi,
could you tell me your authentication setup,
what type of instance is your master and secondary.

i see mutiple instance of this line asking you for the openssh package, how does your single sign on solution work ? (does it require ssh access ?).


#3

Hello,

We are using a regular Shibboleth + CAS setup that connects with our LDAP. Our single sign-on doesn’t require any SSH access but instead usually requires a form of metadata to allow authentication to our services, or in this case, it sits behind our servers so when prompted through our SSO, it would authenticate the user with the appropriate credentials to allow them to see the appropriate files they should be seeing.


#4

Hello, just wanted to follow up and see if there were any ideas on what can be causing these issues?


#5

Hello,

What is version of Pydio?
HOw do you “link” CAS with Pydio? via authfront.cas plugin ?


#6

Hello,

My apologies for the late reply here as I was out of town…

To be absolutely honest, I am not sure which version of Pydio I am running as we are running one large Docker image, however, it is labeled as ‘Pydio-Core’ which seems different of Pydio Cells (it is running off the old python2.6 libraries).

When I do check the plugins that are installed, I see the following:

  • auth.cas
  • auth.serial
  • boot.conf
  • conf.serial
  • editor.zoho
  • metastore.serial
  • mq.sql

I am however not sure if we should instead just move onto the latest version of Pydio-Cells and dump this current install?


#7

Wanted to bump this post if anyone can help?


#8

Hi,
you can check the version by checking inside the container for this path /var/www/pydio/conf and look at the content of the VERSION file.


#9

I couldn’t find anything in the /var/www/pydio/conf path, I, however, did see a VERSION file in /etc/pydio after I did a docker exec -it <pydio_container> bash

The version nonetheless is: 6.0.8__2015-06-29__2dc263a__60


#10

Hi,
then you could’ve got a package installed version but if you figured where it was, nonetheless your version is old and i would advise you to use a newer version.


#11

My main concern with upgrading is if we upgrade to the new Pydio-Cells we lose a lot of our functionality, mainly being our Single Sign On with Shibboleth and ability for users to access our internal File Storage based on their permissions set in LDAP.

We also would like to stick to the Docker environment due to its ease in use in maintaining the service versus a package installed version.


#12

Hi,
you could also upgrade to pydio 8.2.2, unfortunately we don’t have a pydio 8 image at the moment,
you could make your own to test before changing.


#13

Hi,
The module of authentication with Shibboleth (via SAML2) will be integrated into Cells but it’s not available in this release. Because Shibboleth is backed by a LDAP, connecting Cells directly to ldap is one of feasible option.

Do you mean NTFS permission on Samba share mounted on Pydio ?
In this case, the function of samba workspace (with ntfs permission) is not ready on current Cells version.


#14

We were using SMB which was connected to a Windows File Share and used a combination of LDAP and Shibboleth (SAML) to authenticate and direct users to the appropriate directory.

Unfortunately, we are a school district, and part of what I am seeing as to why we never moved onto the newer versions of Pydio was due to the enterprise cost as we just are strapped when it comes to funding for new applications and services. If there is anyway Pydio Cells can achieve the above for us at no cost, then I am more then open to setting this up, however, based on my research thus far, it seems we would need the enterprise version which requires a key, which thus requires payment, which we just cannot do.