I tried the install via CLI - here’s the output
univention-app install openid-connect-provider
Going to install OpenID Connect Provider (1.1-konnect-0.23.3)
Password for Administrator:
- id kopano
++ id -u kopano
- KOPANOUID=998
++ id -g kopano
- KOPANOGID=998
- mkdir -p /etc/kopano/
- export RANDFILE=/etc/kopano/.rnd
creating new encryption key
- RANDFILE=/etc/kopano/.rnd
- ‘[’ ‘!’ -f /etc/kopano/konnectd-encryption.key ‘]’
- echo ‘creating new encryption key’
- openssl rand -out /etc/kopano/konnectd-encryption.key 32
- ‘[’ ‘!’ -f /etc/kopano/konnectd-tokens-signing-key.pem ‘]’
- chown 998:998 /etc/kopano/konnectd-tokens-signing-key.pem
- ‘[’ ‘!’ -f /etc/kopano/konnectd.ldap_binddn -o ‘!’ -f /etc/kopano/konnectd.machine.secret ‘]’
Configuring LDAP credentials
- echo ‘Configuring LDAP credentials’
++ ucr get ldap/hostdn
- echo -n cn=blade,cn=dc,cn=computers,dc=domainremoved,dc=org
- cat /etc/machine.secret
- chown 998:998 /etc/kopano/konnectd.ldap_binddn /etc/kopano/konnectd.machine.secret
- ‘[’ ‘!’ -f /etc/kopano/identifier-registration.yaml ‘]’
creating template client registration
- echo ‘creating template client registration’
- touch /etc/kopano/identifier-registration.yaml
- chmod 750 /etc/kopano/identifier-registration.yaml
- chown root:998 /etc/kopano/identifier-registration.yaml
- cat
setting process of container to the id of the kopano or nobody user
- echo ‘setting process of container to the id of the kopano or nobody user’
- ucr set ‘appcenter/apps/openid-connect-provider/docker/params?–read-only --user=998:998’
Create appcenter/apps/openid-connect-provider/docker/params
Module: kopano-cfg
- echo ‘set default values for app settings’
set default values for app settings
- ‘[’ domaincontroller_master == domaincontroller_master -o domaincontroller_master == domaincontroller_backup ‘]’
++ ucr get ucs/server/sso/fqdn
- ucr set ‘oidc/konnectd/issuer_identifier?https://ucs-sso.domainremoved.org’
Create oidc/konnectd/issuer_identifier
Module: kopano-cfg
- ucr set ‘oidc/konnectd/allow_dynamic_client_registration?false’
Create oidc/konnectd/allow_dynamic_client_registration
Module: kopano-cfg
- ‘[’ ‘!’ -f /etc/kopano/konnectd.cfg ‘]’
creating konnectd.cfg
- echo ‘creating konnectd.cfg’
- touch /etc/kopano/konnectd.cfg
- chmod 750 /etc/kopano/konnectd.cfg
- chown root:998 /etc/kopano/konnectd.cfg
- cat
Creating data directories for openid-connect-provider…
Registering UCR for openid-connect-provider
Marking 4.3/openid-connect-provider=1.1-konnect-0.23.3 as installed
Module: kopano-cfg
File: /etc/univention/service.info/services/univention-appcenter.cfg
File: /usr/share/univention-portal/apps.json
File: /etc/apache2/sites-available/univention-letsencrypt.conf
Multifile: /etc/apache2/sites-available/000-default.conf
Multifile: /etc/apache2/sites-available/default-ssl.conf
Module: kopano-cfg
Creating /etc/init.d/docker-app-openid-connect-provider
Adding localhost to LDAP object
Module: kopano-cfg
Reloading apache2 configuration (via systemctl): apache2.service.
Registering the container host openi-17625961 for openid-connect-provider
Module: kopano-cfg
Verifying Docker registry manifest for app image docker.software-univention.de/openid-connect-provider:1.1-konnect-0.23.3
Downloading app image docker.software-univention.de/openid-connect-provider:1.1-konnect-0.23.3
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Running command: docker pull docker.software-univention.de/openid-connect-provider:1.1-konnect-0.23.3
1.1-konnect-0.23.3: Pulling from openid-connect-provider
dd6e93cf3b36: Pulling fs layer
414088838bed: Pulling fs layer
a5f2dd9483d9: Pulling fs layer
27fef945f485: Pulling fs layer
11a9477dba54: Pulling fs layer
b4084c70ab9c: Pulling fs layer
505261026393: Pulling fs layer
8da405b520e8: Pulling fs layer
4a52a6381695: Pulling fs layer
8da405b520e8: Waiting
b4084c70ab9c: Waiting
4a52a6381695: Waiting
505261026393: Waiting
11a9477dba54: Waiting
a5f2dd9483d9: Verifying Checksum
a5f2dd9483d9: Download complete
414088838bed: Verifying Checksum
414088838bed: Download complete
27fef945f485: Verifying Checksum
27fef945f485: Download complete
11a9477dba54: Download complete
dd6e93cf3b36: Verifying Checksum
dd6e93cf3b36: Download complete
b4084c70ab9c: Download complete
dd6e93cf3b36: Pull complete
4a52a6381695: Verifying Checksum
4a52a6381695: Download complete
414088838bed: Pull complete
8da405b520e8: Verifying Checksum
8da405b520e8: Download complete
a5f2dd9483d9: Pull complete
27fef945f485: Pull complete
11a9477dba54: Pull complete
b4084c70ab9c: Pull complete
505261026393: Verifying Checksum
505261026393: Download complete
505261026393: Pull complete
8da405b520e8: Pull complete
4a52a6381695: Pull complete
Digest: sha256:4d650e90ed65f73c10780b5b1518fc7fa0556a515e5f98bdbd8890b10d45cdaa
Status: Downloaded newer image for docker.software-univention.de/openid-connect-provider:1.1-konnect-0.23.3
Initializing app image
Running command: docker create --hostname openi-17625961 --env-file /var/lib/univention-appcenter/apps/openid-connect-provider/openid-connect-provider.env -p 8777:8777/tcp -v /run/kopano:/run/kopano -v /etc/apt/apt.conf.d/80proxy:/etc/apt/apt.conf.d/80proxy:ro -v /etc/kopano/konnectd-encryption.key:/run/secrets/konnectd_encryption_secret -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /etc/kopano/konnectd.ldap_binddn:/run/secrets/konnectd.ldap_binddn -v /etc/kopano/:/etc/kopano/ -v /etc/kopano/konnectd-tokens-signing-key.pem:/run/secrets/konnectd_signing_private_key -v /etc/kopano/konnectd.machine.secret:/run/secrets/konnectd.machine.secret -v /var/lib/univention-appcenter/apps/openid-connect-provider/data:/var/lib/univention-appcenter/apps/openid-connect-provider/data -v /etc/ssl/certs:/etc/ssl/certs:ro -v /var/lib/univention-appcenter/apps/openid-connect-provider/conf:/var/lib/univention-appcenter/apps/openid-connect-provider/conf --read-only --user=998:998 --tmpfs /run --tmpfs /run/lock --security-opt seccomp:/etc/docker/seccomp-systemd.json -e container=docker docker.software-univention.de/openid-connect-provider:1.1-konnect-0.23.3 serve
0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c
Module: kopano-cfg
Preconfiguring container 0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c
Job for docker-app-openid-connect-provider.service failed because the control process exited with error code.
See “systemctl status docker-app-openid-connect-provider.service” and “journalctl -xe” for details.
Starting docker-app-openid-connect-provider (via systemctl): docker-app-openid-connect-provider.service failed!
Running command: /etc/init.d/docker-app-openid-connect-provider status
● docker-app-openid-connect-provider.service - LSB: Start the Container for openid-connect-provider
Loaded: loaded (/etc/init.d/docker-app-openid-connect-provider; generated; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2020-04-10 13:03:07 CDT; 57ms ago
Docs: man:systemd-sysv-generator(8)
Process: 28536 ExecStart=/etc/init.d/docker-app-openid-connect-provider start (code=exited, status=1/FAILURE)
CPU: 1.530s
Apr 10 13:03:05 blade systemd[1]: Starting LSB: Start the Container for openid-connect-provider…
Apr 10 13:03:07 blade docker-app-openid-connect-provider[28536]: Starting openid-connect-provider Container 0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c …Error response from daemon: Cannot restart container 0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c: driver failed programming external connectivity on endpoint lucid_edison (7b670952609881f7b4e0baa0974a0a573d1e41503296948f5ba80b0b1854294f): Bind for 0.0.0.0:8777 failed: port is already allocated
Apr 10 13:03:07 blade systemd[1]: docker-app-openid-connect-provider.service: Control process exited, code=exited status=1
Apr 10 13:03:07 blade systemd[1]: Failed to start LSB: Start the Container for openid-connect-provider.
Apr 10 13:03:07 blade systemd[1]: docker-app-openid-connect-provider.service: Unit entered failed state.
Apr 10 13:03:07 blade systemd[1]: docker-app-openid-connect-provider.service: Failed with result ‘exit-code’.
Command /etc/init.d/docker-app-openid-connect-provider status failed with: ● docker-app-openid-connect-provider.service - LSB: Start the Container for openid-connect-provider
Loaded: loaded (/etc/init.d/docker-app-openid-connect-provider; generated; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2020-04-10 13:03:07 CDT; 57ms ago
Docs: man:systemd-sysv-generator(8)
Process: 28536 ExecStart=/etc/init.d/docker-app-openid-connect-provider start (code=exited, status=1/FAILURE)
CPU: 1.530s
Apr 10 13:03:05 blade systemd[1]: Starting LSB: Start the Container for openid-connect-provider…
Apr 10 13:03:07 blade docker-app-openid-connect-provider[28536]: Starting openid-connect-provider Container 0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c …Error response from daemon: Cannot restart container 0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c: driver failed programming external connectivity on endpoint lucid_edison (7b670952609881f7b4e0baa0974a0a573d1e41503296948f5ba80b0b1854294f): Bind for 0.0.0.0:8777 failed: port is already allocated
Apr 10 13:03:07 blade systemd[1]: docker-app-openid-connect-provider.service: Control process exited, code=exited status=1
Apr 10 13:03:07 blade systemd[1]: Failed to start LSB: Start the Container for openid-connect-provider.
Apr 10 13:03:07 blade systemd[1]: docker-app-openid-connect-provider.service: Unit entered failed state.
Apr 10 13:03:07 blade systemd[1]: docker-app-openid-connect-provider.service: Failed with result ‘exit-code’. (3)
LSB: Start the Container for openid-connect-provider…
Apr 10 13:03:07 blade docker-app-openid-connect-provider[28536]: Starting openid-connect-provider Container 0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c …Error response from daemon: Cannot restart container 0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c: driver failed programming external connectivity on endpoint lucid_edison (7b670952609881f7b4e0baa0974a0a573d1e41503296948f5ba80b0b1854294f): Bind for 0.0.0.0:8777 failed: port is already allocated
Apr 10 13:03:07 blade systemd[1]: docker-app-openid-connect-provider.service: Control process exited, code=exited status=1
Apr 10 13:03:07 blade systemd[1]: Failed to start LSB: Start the Container for openid-connect-provider.
Apr 10 13:03:07 blade systemd[1]: docker-app-openid-connect-provider.service: Unit entered failed state.
Apr 10 13:03:07 blade systemd[1]: docker-app-openid-connect-provider.service: Failed with result ‘exit-code’.
Aborting…
Going to remove OpenID Connect Provider (1.1-konnect-0.23.3)
Module: kopano-cfg
Configuring 4.3/openid-connect-provider=1.1-konnect-0.23.3
++ sed -n ‘s/^oidc/konnectd/issuer_identifier: (.*)/\1/p’ /etc/univention/base.conf
- fqdn_extern=https://ucs-sso.domainremoved.org
- dyn_registration=no
++ sed -n ‘s/^oidc/konnectd/allow_dynamic_client_registration: (.*)/\1/p’ /etc/univention/base.conf
- dyn_registration_from_config=false
- ‘[’ false = true ‘]’
- test -n https://ucs-sso.domainremoved.org
- sed -i ‘s|^.oidc_issuer_identifier.$|oidc_issuer_identifier=https://ucs-sso.domainremoved.org|g’ /etc/kopano/konnectd.cfg
- test -n no
- sed -i ‘s/^.allow_dynamic_client_registration.$/allow_dynamic_client_registration=no/g’ /etc/kopano/konnectd.cfg
- service docker-app-openid-connect-provider restart
Job for docker-app-openid-connect-provider.service failed because the control process exited with error code.
See “systemctl status docker-app-openid-connect-provider.service” and “journalctl -xe” for details.
Stopping docker-app-openid-connect-provider (via systemctl): docker-app-openid-connect-provider.service.
0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c
0f7577d7e44291433fdde8ec258cc64c410586964844ac6368d645e87203739c
Removing localhost from LDAP object
File: /usr/share/univention-portal/apps.json
File: /etc/univention/service.info/services/univention-appcenter.cfg
File: /etc/apache2/sites-available/univention-letsencrypt.conf
Multifile: /etc/apache2/sites-available/000-default.conf
Multifile: /etc/apache2/sites-available/default-ssl.conf
Module: kopano-cfg
Reloading apache2 configuration (via systemctl): apache2.service.
Installing join script /var/cache/univention-appcenter/appcenter.software-univention.de/4.3/openid-connect-provider_20190729154458.uinst
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright © 2001-2019 Univention GmbH, Germany
Running pre-joinscripts hook(s): done
Running 00kopano4ucs-safemode-on.inst skipped (already executed)
Running 01univention-ldap-server-init.inst skipped (already executed)
Running 02univention-directory-notifier.inst skipped (already executed)
Running 03univention-directory-listener.inst skipped (already executed)
Running 04univention-ldap-client.inst skipped (already executed)
Running 05univention-bind.inst skipped (already executed)
Running 08univention-apache.inst skipped (already executed)
Running 10univention-ldap-server.inst skipped (already executed)
Running 11univention-heimdal-init.inst skipped (already executed)
Running 11univention-pam.inst skipped (already executed)
Running 15univention-directory-notifier-post.inst skipped (already executed)
Running 15univention-heimdal-kdc.inst skipped (already executed)
Running 18python-univention-directory-manager.inst skipped (already executed)
Running 20univention-directory-policy.inst skipped (already executed)
Running 20univention-join.inst skipped (already executed)
Running 20univention-ldap-config-master.inst skipped (already executed)
Running 22univention-directory-manager-rest.inst skipped (already executed)
Running 26univention-nagios-common.inst skipped (already executed)
Running 30univention-appcenter.inst skipped (already executed)
Running 30univention-nagios-client.inst skipped (already executed)
Running 33univention-portal.inst skipped (already executed)
Running 34univention-management-console-server.inst skipped (already executed)
Running 35univention-appcenter-docker.inst skipped (already executed)
Running 35univention-management-console-module-appcenter.inst skipped (already executed)
Running 35univention-management-console-module-diagnostic.inst skipped (already executed)
Running 35univention-management-console-module-ipchange.inst skipped (already executed)
Running 35univention-management-console-module-join.inst skipped (already executed)
Running 35univention-management-console-module-lib.inst skipped (already executed)
Running 35univention-management-console-module-mrtg.inst skipped (already executed)
Running 35univention-management-console-module-quota.inst skipped (already executed)
Running 35univention-management-console-module-reboot.inst skipped (already executed)
Running 35univention-management-console-module-services.inst skipped (already executed)
Running 35univention-management-console-module-setup.inst skipped (already executed)
Running 35univention-management-console-module-sysinfo.inst skipped (already executed)
Running 35univention-management-console-module-top.inst skipped (already executed)
Running 35univention-management-console-module-ucr.inst skipped (already executed)
Running 35univention-management-console-module-udm.inst skipped (already executed)
Running 35univention-management-console-module-updater.inst skipped (already executed)
Running 35univention-server-overview.inst skipped (already executed)
Running 36univention-management-console-module-apps.inst skipped (already executed)
Running 40univention-virtual-machine-manager-schema.inst skipped (already executed)
Running 70kopano4ucs-udm.inst skipped (already executed)
Running 70kopano4ucs.inst skipped (already executed)
Running 71kopano4ucs-webapp.inst skipped (already executed)
Running 78univention-kde.inst skipped (already executed)
Running 81univention-nfs-server.inst skipped (already executed)
Running 90univention-bind-post.inst skipped (already executed)
Running 91univention-saml.inst skipped (already executed)
Running 92univention-fetchmail-schema.inst skipped (already executed)
Running 92univention-fetchmail.inst skipped (already executed)
Running 92univention-management-console-web-server.inst skipped (already executed)
Running 98univention-pkgdb-tools.inst skipped (already executed)
Running 99kopano4ucs-safemode-off.inst skipped (already executed)
Running 51openid-connect-provider-uninstall.uinst done
Running post-joinscripts hook(s): done