I have problems to set up rstudio-connect and to get it working for the first time.
It would be wonderful if anyone could support me.
Thank you very much in advance!
This I get when I stop and start it:
**â** rstudio-connect.service - RStudio Connect
Loaded: loaded (/lib/systemd/system/rstudio-connect.service; enabled; vendor preset: enabled)
Active: **failed** (Result: exit-code) since Tue 2018-08-07 15:35:30 CEST; 43min ago
Process: 32725 ExecStart=/bin/sh -c exec /opt/rstudio-connect/bin/connect --config /etc/rstudio-connect/rstudio-connect.gcfg >> /var
Main PID: 32725 (code=exited, status=1/FAILURE)
Aug 07 15:35:30 ... systemd[1]: Started RStudio Connect.
Aug 07 15:35:30 ... systemd[1]: **rstudio-connect.service: Main process exited, code=exited, status=1/FAILURE**
Aug 07 15:35:30 ... systemd[1]: **rstudio-connect.service: Failed with result 'exit-code'.**
/var/log/rstudio-connect.log says:
2018/08/07 15:35:30 Resource limits: {"nofile":{"soft":1000000,"hard":1000000}}
2018/08/07 15:35:30 Starting RStudio Connect v1.6.4.2-13
2018/08/07 15:35:30 Error: Couldn't read configuration file: warnings:
can't store data at section "Authentication", variable "ServerAddress"
can't store data at section "UserObjectClass"
can't store data at section "UserObjectClass"
can't store data at section "UserFilterBase"
....
This looks like problems with your rstudio-connect.gcfg (i.e. the "configuration file"). Not sure if you want to share that configuration file publicly? Oftentimes it will have sensitive information for authentication configuration, URLs, etc.
However, you are definitely welcome to send that information privately to support@rstudio.com, and we can help you through the configuration! Otherwise, just use the pointers it gave you to locate problems in the file (Authentication section, UserObjectClass, UserFilterBase, etc.).
; RStudio Connect configuration file
[Server]
; SenderEmail is an email address used by RStudio Connect to send outbound
; email. The system will not be able to send administrative email until this
; setting is configured.
;
; SenderEmail = account@company.com
SenderEmail = a@b.c
; Address is a public URL for this RStudio Connect server. Must be configured
; to enable features like including links to your content in emails. If
; Connect is deployed behind an HTTP proxy, this should be the URL for Connect
; in terms of that proxy.
;
; Address =*removed*
Address = http://a.b.c
[HTTP]
; RStudio Connect will listen on this network address for HTTP connections.
Listen = :3939
[SQLite]
Dir = /var/lib/rstudio-connect/db
[Server]
DataDir = /var/lib/rstudio-connect
[Authentication]
; Specifies the type of user authentication.
Provider = ldap
Name = DOMAIN
ServerAddress = a.b.c
[UserObjectClass]
;The name of the LDAP objectClass used to define users.
;Type: string
UserObjectClass = Users
[UserFilterBase]
;An LDAP filter clause used to select user objects. Defaults to objectClass={UserObjectClass}.
;Type: string
UserFilterBase = "CN=DomÀnen-Benutzer,CN=Users,DC=abc,DC=local"
[UserFirstNameAttribute]
;The LDAP user attribute containing a userâs first name. This is often the givenName attribute. This attribute is case-sensitive.
;Type: string
UserFirstNameAttribute = GivenName
[UserLastNameAttribute]
;The LDAP user attribute containing a userâs last name. The sn attribute will usually contain last name. This attribute is case-sensitive.
;Type: string
UserLastNameAttribute = SurName
[UserEmailAttribute]
;The LDAP user attribute containing a userâs email address. Many systems use the mail attribute. This attribute is case-sensitive.
;Type: string
UserEmailAttribute = UserPrincipalName
[UsernameAttribute]
;The LDAP user attribute containing a userâs username. Commonly used attributes include uid, cn, and sAMAccountName. This attribute is case-sensitive.
;Type: string
UsernameAttribute = SamAccountName
[BindDN]
;A DN for a read-only admin account that is used during double-bind authentication and for certain operations that do not occur during the login sequence (such as searching). Must be paired with BindPassword.
;Type: string
BindDN = abc
[BindPassword]
;The password for the BindDN account.
;Type: string
BindPassword = abcde456
;[BindPasswordFile]
;Path to file containing the bind password. Either BindPassword or BindPasswordFile may be specified when using LDAP, but if both are set, it is an error.
;Type: string
;Default: <empty-string>
[AnonymousBind]
;Enable anonymous bind. An anonymous user must have rights to search and view all pertinent groups, group memberships, and users.
;Type: boolean
AnonymousBind = false
[UserSearchBaseDN]
;The base DN used when performing user searches.
;Type: string
UserSearchBaseDN = a.b
;[WhitelistedLoginGroup]
;Limit who can log into Connect by specifying a group DN. Multiple definitions can be used to provide multiple groups.
;Type: multi-string
;unspecified
;[GroupObjectClass]
;The name of the LDAP âobjectClassâ used to define groups. Commonly this is âgroupâ or âposixGroupâ.
;Type: string
;Default: <empty-string>
[GroupFilterBase]
;An LDAP filter clause used to select group objects. Defaults to objectClass={GroupObjectClass}.
;Type: string
GroupFilterBase = objectClass={rstudio-user}
[GroupNameAttribute]
;The LDAP group attribute containing a groupâs name. Commonly this is âcnâ or âsAMAccountNameâ. This attribute is case-sensitive.
;Type: string
GroupNameAttribute = CN
[GroupSearchBaseDN]
;The base DN used when performing group searches.
;Type: string
GroupSearchBaseDN = a.b
[WebSudoMode]
;Whether web-sudo mode is enabled
;Type: boolean
WebSudoMode = true
[WebSudoModeDuration]
;The lifetime of web-sudo mode.
;Type: duration
WebSudoModeDuration5m
Yeah, the problem is exactly as I mentioned. Most / all of your top level items are not meant to be top level. For instance, for WebSudoMode, the following is in the admin guide:
For all other authentication providers, the WebSudoMode and WebSudoModeDuration configuration options are available within the section pertaining to that provider
Why don't you give rewriting the config file a shot, moving a bunch of these top level headers (the ones with []) to configuration name = value pairs within the proper top level heading?
yes that was it - I got it to get it run first time
Maybe other people will have a better idea how to build this file, like I didn't have too before, so it is posted here and sensitive information is replaced in the same structure as I wrote it.....
I get now some Active Directory user/password issues, maybe you want to through a look over it?
Unable to verify credentials: LDAP Result Code 49 "Invalid Credentials": 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
I'm trying to fix this too but maybe you will see anything directly
As a quick aside, RStudio Connect v.1.6.6 was recently released. While you are in the early install stage, it may be worth downloading a new binary! In particular, there is an important new attribute for LDAP / AD called UniqueIdAttribute. It specifies the unique identifier for your AD system. An example of a full config using the value is here:
That said, is the error you are seeing occurring when users attempt to log into the server? If so, I would take a look at the user attributes and ensure that users are being mapped appropriately. There also may be some type of permission issue within AD itself. If this is occurring when starting up the server, then I would have a look at the BindDN / BindPassword to be sure they are correct. Typically, the best resource when debugging AD stuff is an internal IT admin. However, we are definitely happy to give it our best shot and support@rstudio.com is always your best avenue for direct professional support!
Some information I found that may be helpful, from google searching the error message you received:
Configuration Problem Detected: 'DOMAIN' LDAP uses 'S-1-5-21-xxxxx-xxxxx-xxxx-xxxx' to identify users but there are still users relying on Distinguished Names (DN). You must first run 'usermanager alter --update-ids-using DN'.
Ahh yes. This is because you have already installed the 1.6.4 version and added users.
Honestly, going forward with 1.6.6 is your best bet for the future stability of your system. You also get a handful of exciting new features Your options are either to:
migrate the users as described. The usermanager binary is typically stored at /opt/rstudio-connect/bin
Which approach is most desirable for you? I'm not sure how much of your previous install is worth keeping!
EDIT: Just for clarity, Connect versions prior to 1.6.6 used the DN as the unique identifier for users. This is problematic because DN can change over time.
EDIT2: If you place "```" (three backticks) before and after your config file, it makes the content more readable! I have been editing your responses to include those backticks, but wanted to be sure you knew how I was doing it!
That is usually set by UserEmailAttribute. It looks like you set UserEmailAttribute = UserPrincipalName. Do you have an AD field that provides the actual email address?
Also, you probably want to remove the [Password] header. You can set the same WebSudoMode and WebSudoModeDuration under the [LDAP "DOMAIN"] header (as specified here)
For all other authentication providers, the WebSudoMode and WebSudoModeDuration configuration options are available within the section pertaining to that provider.
With this config I will be prompted to enter Username but if I do so I get the red-banner-message that this is managed by the authentication provider ...
Is the space before DOMAIN a function of replacing things? Or is that space expected?
Unfortunately, it sounds like there is something wrong with your LDAP configuration, which is very difficult for us to help with because we don't know which values are configured for your LDAP server. I would use this complete example for guidance, and then speak with an internal IT admin or fiddle with the configuration to pick up the values.
It sounds like the LDAP configuration is not accurately picking up the UsernameAttribute, which causes Connect to prompt for the value. Of course, you cannot actually input the value because LDAP should be providing the value.
I am glad to say that on version 1.6.6 the included usermanager tool may be able to fix those issues you're having automatically. No scripting necessary.
There are two new command line switches to assist you with LDAP issues and the migration away from unstable Distinguished Names (DN):
usermanager list --detect-unreachable will give you a list of users not visible to RStudio Connect using your current LDAP configuration. This is useful even if you still decide to keep using DNs to detect those that change over time. You'll be able to see the users last known DN and their UniqueId (which will be a DN if configured that way or like you mentioned, a base64 value).
usermanager alter --update-ids-using <DN | other-attribute> will attempt to repair ALL users automatically by replacing the attribute passed in the command line with the one in your current configuration. So if your intention is to stop using DNs, you first change your configuration to, let's say for example objectGUID for Active Directory, then you run the command passing --update-ids-using DN and the command will do a best effort to migrate all reachable users to be identified by objectGUID.
For your specific situation, I'd recommend to be sure all your users have a correct DN and that --detect-unreachable return no users with problems before attempting the --update-ids-using. Hopefully this is your current situation and you will be able to migrate away from using DNs with one command.
As a commercial customer, I want to be sure you know that you always have access to support@rstudio.com and to an account representative who will be happy to assist you with this process.
