We are currently working on deploying Open OnDemand on our HPC infrastructure at TIFR, Mumbai. While we have successfully installed the base system, we are facing some challenges integrating it with our existing LDAP authentication setup and customizing it to suit our user environment.
We have already tried the following:
Installed Open OnDemand as per official documentation.
Confirmed system users are resolved via LDAP.
NGINX and systemd services are running, but the user login fails silently.
Some issues and queries we would like your guidance on:
LDAP Integration: Are there recommended practices or configuration snippets for OOD integration with a central LDAP directory?
Debugging Login Issues: What logs and diagnostic steps do you suggest to trace failed user logins (currently no .ondemand-nginx folder is created in home directory)?
Portal Customization: We would also like to eventually tailor the user dashboard and integrate specific HPC apps. What is the best way to plan this in phases?
We would appreciate any guidance, example configurations, or community pointers that could help streamline the process. Please let us know if any additional information would help in diagnosing the issue.
LDAP support isn’t directly documented because it’s not secure. I would try to dissuade you from using this in production.
That said, there’s plenty of apache documentation for the same. You could increase the logging for that component with something like this (or with trace1 or similar):
LogLevel mod_authnz_ldap:debug
That said, you could try ondemand-dex for OIDC logins that can tie into your LDAP just like apache does. You would still need to debug the LDAP query, but OIDC would give you a lot more security around your authentication than the apache LDAP module.
We are setting up Open OnDemand on RHEL 9.6, and recently enabled Dex (OIDC) with LDAP and HTTPS support. We’re seeing an Internal Server Error (500) when accessing:
https://oodtest.res.in/dex/.well-known/openid-configuration loads fine and gives the expected login page.
Apache (httpd) is running and listens on port 443. /opt/ood/ood-portal-generator/sbin/update_ood_portal runs successfully.
No specific error is visible in /var/log/httpd/error_log or journalctl -u httpd -f.
User home directories are mounted correctly from NFS (/ghome -> /home), and exist.
We use the following OOD config:
Checked NGINX stage logs under /var/log/ondemand-nginx/*
Verified that /home/anilkumar exists
SSL works fine — verified with curl -vk https://oodtest.res.in
Is there any other place where Open OnDemand logs auth/session startup issues (e.g., PAM, NGINX stage)?
What else can we try to trace this Internal Server Error?
Oh I see - then you may find something in /var/log/httpd. Maybe it’s not in the generic error_log but some other log like <hostname>_error.log or similar. Maybe even try greping for 500 across all files to see something.
If you can’t login at all, then there’s some issue with dex + apache integration and the information should be there in the apache logs.