We're Hiring!

Mattermost, Inc.

AD/LDAP Synchronization Never Gets Completed on CentOS 8

Problem
The AD/LDAP Synchronize Now process does not get completed from the UI.

Environment

  • Mattermost Server 5.27.0.
  • LDAP Server.
  • CentOS 8
  • firewalld configured on Mattermost level.

Diagnosis

  • Running the ldapsearch command pulls the right information of the directory.
  • No errors shown in the UI to indicate if the synchronization is still ongoing or not.
  • No errors shown in the mattermost.log that specifically points to the LDAP synchronization process.
  • When the LDAP user attempts to log in, the user was able to authenticate successfully even though the UI still shows that the synchronization is in the Pending status.

Cause
The firewall configured on the Mattermost server was blocking the communication between the LDAP and Mattermost server.

Workaround

  • Once the firewall is disabled, the sync completed.
  • Set a rule to allow all communication to happen on all ports between Mattermost and the LDAP server.
sudo firewall-cmd --zone=trusted --add-source=<ldap_server_ip_address> --permanent && sudo firewall-cmd --reload && firewall-cmd --get-active-zone

Opening port 636 (LDAPS) would be enough if you want just the needed port open.

1 Like