LDAP Env vars not reflected in UI

Hello good people,
In an effort to pass the LDAP connection details as environment variables shown below:

apiVersion: apps/v1beta2
kind: Deployment
metadata:
  name: metabase
  namespace: metabase
spec:
  replicas: 1
  selector:
    matchLabels:
      app: metabase
  template:
    metadata:
      labels:
        app: metabase
    spec:
      containers:
        - name: metabase
          image: metabase/metabase:v0.35.3
          env:
            - name: MB_DB_TYPE
              value: "postgres"
            - name: MB_DB_DBNAME
              value: "xxxxxxxdb"
            - name: MB_DB_PORT
              value: "5432"
            - name: MB_DB_USER
              value: "xxxxuser"
            - name: MB_DB_PASS
              value: "xxxxxxxpassword"
            - name: MB_DB_HOST
              value: "xxxxdbhost"
            - name: MB_LDAP_ENABLED
              value: "true"
            - name: MB_LDAP_HOST
              value: "xxxxxxldaphost"
            - name: MB_LDAP_BIND_DN
              value: "uid=xxxxxuser,cn=users,cn=accounts,dc=xxx,dc=xx,dc=com"
            - name: MB_LDAP_PASSWORD
              value: "xxxxxxpassword"
            - name: MB_LDAP_PORT
              value: "389"
            - name: MB_LDAP_GROUP_SYNC
              value: "true"
            - name: MB_LDAP_USER_FILTER
              value: "(&(uid={login})(memberOf=cn=xxx,cn=groups,cn=accounts,dc=xx,dc=xx,dc=xx))"
            - name: MB_LDAP_USER_BASE
              value: "cn=users,cn=accounts,dc=xxxx,dc=xxx,dc=xxx"

Users can authenticate and login as expected however, the web UI doesn’t show any of the connection details specified; in fact, LDAP is indicated as disabled:

I must add that it’s also not possible to edit the settings from the UI, they just reset to their empty values after saving; which would be self-defeating anyway since you can’t know/see what values you’re actually changing.

  • Your browser and its version: Chrome 83.0.4103.61, Firefox 76.0.1
  • Your operating system: Ubuntu 18.04.4 LTS, Linux 5.3.0-53-generic
  • The type of database(s) you’ve connected to Metabase: Postgres 9.5.6
  • The version of Metabase you’re running: 0.35.3
  • Metabase hosting environment: Docker 18.09.6 on Kubernetes 1.11.6
  • Metabase’s internal database type: Postgres 9.5.6
  • Any relevant error messages in the JavaScript developer’s console in your web browser, or in the server logs: Surprisingly, this happens without any error logs both on the browser console and the server.

Server logs:

     05-27 20:20:04 DEBUG middleware.log :: GET /api/user/current 401 324.2 µs (0 DB calls) 
    "Unauthenticated"
    05-27 20:20:04 DEBUG middleware.log :: GET /api/session/properties 200 9.1 ms (0 DB calls) App DB connections: 0/7 Jetty threads: 3/50 (5 idle, 0 queued) (44 total active threads) Queries in flight: 0 (0 queued)
    05-27 20:20:41 INFO models.user :: Adding User 5 to All Users permissions group...
    05-27 20:20:41 DEBUG middleware.log :: POST /api/session 200 1.0 s (10 DB calls) App DB connections: 2/7 Jetty threads: 3/50 (5 idle, 0 queued) (44 total active threads) Queries in flight: 0 (0 queued)
    05-27 20:20:41 DEBUG middleware.log :: GET /api/session/properties 200 114.4 ms (2 DB calls) App DB connections: 2/7 Jetty threads: 4/50 (4 idle, 0 queued) (44 total active threads) Queries in flight: 0 (0 queued)
    05-27 20:20:41 DEBUG middleware.log :: GET /api/user/current 200 322.9 ms (7 DB calls) App DB connections: 0/7 Jetty threads: 3/50 (5 idle, 0 queued) (44 total active threads) Queries in flight: 0 (0 queued)
    05-27 20:20:41 DEBUG middleware.log :: GET /api/database 200 113.1 ms (3 DB calls) App DB connections: 1/7 Jetty threads: 4/50 (4 idle, 0 queued) (44 total active threads) Queries in flight: 0 (0 queued)
    05-27 20:20:42 DEBUG middleware.log :: GET /api/collection/root/items 200 269.9 ms (7 DB calls) App DB connections: 0/7 Jetty threads: 3/50 (5 idle, 0 queued) (44 total active threads) Queries in flight: 0 (0 queued)
    05-27 20:20:42 DEBUG middleware.log :: GET /api/collection/root 200 76.9 ms (2 DB calls) App DB connections: 0/7 Jetty threads: 3/50 (5 idle, 0 queued) (44 total active threads) Queries in flight: 0 (0 queued)

I think this has the markings of a bug, if not I’d appreciate being pointed to the right resources.

Hi @eugenius
Is this behavior only a problem for the LDAP settings?

While I haven’t tested, have a look at these revised variables:
https://github.com/metabase/metabase/blob/6f271dbe7ec7598b6878dcdede88ffdfc68dcaac/docs/operations-guide/environment-variables.md

You might be interested in this too:
https://github.com/metabase/metabase/issues/12272 - upvote by clicking :+1: on the first post

Can’t say. I’ve only tested the LDAP settings.The database settings seem to work correctly.

This might be related! If the environment variables do take precedence, there should be some explicit way of knowing this.
Thanks