Comments (10)
Looks like the error is actually something else.
After adding CONVOS_PLUGINS=Convos::Plugin::Auth::LDAP
as an environmental variable I now get the following error on login: Can't locate object method "email" via package "Mojo::Promise"
The debug log says this:
Net::LDAP=HASH(some number) sending:
*Retracted as it contains secrets in clear text*
Net::LDAP=HASH(some number) received:
[2023-01-09 21:35:52.12058] [1] [error] {"message":"Can't locate object method \"email\" via package \"Mojo::Promise\" at \/app\/lib\/Convos\/Controller\/User.pm line 90.\n","status":400}
Unhandled rejected promise: Invalid email or password. at /app/local/lib/perl5/Mojo/Reactor/Poll.pm line 129.
from convos.
Edit: Seems like the above is nonsense and after loadif the LDAP auth plugin via the environment variable another bug is happening, see second message.
What do you mean with "above" ?
there doesn't seem to be a way to pass a Simple Bind with DN and password
The Convos documentation is lacking there, but you can use this environment variable:
CONVOS_AUTH_LDAP_URL=ldap://localhost:389?password=MyS3cret
Is it possible that the LDAP plugin is not enabled on that
It's present, but not enabled. You have to enable it yourself with the environment variable that you added in your second comment.
from convos.
Sorry, I meant the below.
Maybe I am missing something, but only a password? What username will be used?
Edit: ah I guess some shared secret function? Seems not like that is my problem here.
And anyway, see the second message. After loading the plugin it still fails. Do you think that might be a bug or am I still configurating something wrong?
Edit: I am pretty sure the User/pass combination I use to try and log in via LDAP is correct. How can I force it to use the LDAP back end? Because it still accepts non-ldap logins.
Thanks for the help.
from convos.
The query parameters are transformed into a hash and the url and hash are passed to the Net::LDAP constuctor
from convos.
Well that doesn't clarify anything though.
Looking at the ldap login debug log posted above and going by the bugfix @jhthorsen did, the problem seems to be that my user and password are not accepted as correct.
My current guess is that the LDAP auth silently fails somewhere and the fallback to the non-LDAP auth (that is working for existing users) returns a wrong email or password error as the user I am trying to log in with only exists in the LDAP backend.
from convos.
Ah looks like with LLDAP verbose logging I am getting a hint (actual user replaced with [email protected]
):
2023-01-10T18:13:39.267121011+00:00 INFO LDAP session [ 110µs | 39.39% / 100.00% ]
2023-01-10T18:13:39.267339254+00:00 INFO ┕━ LDAP request [ 66.8µs | 52.07% / 60.61% ]
2023-01-10T18:13:39.267349334+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 8, op: BindRequest(LdapBindRequest { dn: "uid=user,dc=example,dc=com", cred: Simple("********") }), ctrl: [] }
2023-01-10T18:13:39.267352398+00:00 DEBUG ┝━ do_bind [ 9.41µs | 8.54% ]
2023-01-10T18:13:39.267355679+00:00 DEBUG │ ┕━ 🐛 [debug]: DN: uid=user,dc=example,dc=com
2023-01-10T18:13:39.267372701+00:00 DEBUG ┕━ 🐛 [debug]: | response: BindResponse(LdapBindResponse { res: LdapResult { code: NamingViolation, matcheddn: "", message: "Unexpected DN format. Got \"uid=user,dc=example,dc=com\", expected: \"uid=id,ou=people,dc=example,dc=com\"", referral: [] }, saslcreds: None })
So it seems like the request from Convos is missing a ou=people
?
from convos.
Passing it via CONVOS_AUTH_LDAP_URL="ldap://localhost:3890?ou=people
doesn't seem to work either (same error), so I think this is a bug in the LDAP auth plugin as the ou=people
seems required by the LDAP specs?
from convos.
Got it to work via CONVOS_AUTH_LDAP_DN="uid=%uid,ou=people,dc=%domain,dc=%tld"
But it still fails on first login attempt with the same error. I think it needs to create the user Convos side first. On a retry it works with LLDAP.
from convos.
You can also activate verbose logging on the Convos side using CONVOS_LOG_LEVEL=debug
(or even trace)
But it still fails on first login attempt with the same error. I think it needs to create the user Convos side first. On a retry it works with LLDAP.
That's strange, since it should create the user on the Convos side on registration. Maybe you can provide the debug output after setting the environment variable mentioned above. The debug output should contain something like:
[LDAP/[email protected]] code=X, exists=yes"
from convos.
I'll try that tomorrow and comment on the new specific bug-report.
from convos.
Related Issues (20)
- Some text that should be clickable actually isn't HOT 1
- Individual expand/collapse of image/website previews HOT 2
- Restrict videos to a certain size in the chat window HOT 6
- Public paste preview page cuts off the preview HOT 1
- Option to overcome cluttered channels tree HOT 2
- Login Page "Sign In" button not using base path HOT 2
- Stable version is bugged. HOT 16
- Bot support for Codeberg.org / Gitea HOT 4
- Admin email setting adds "mailto:" every time I press "save settings" HOT 2
- Login with LDAP fails on first try HOT 1
- Asks for irc-libera on first connection even though a different default connection is configured HOT 1
- Emojis do not show up in Emoji picker and are delayed in the normal chat window HOT 13
- CMS theming not working with custom theme files HOT 3
- Option to join new video chat with Jitsi Meet HOT 2
- Option to minimize networks and user settings? HOT 1
- Force predefined list of networks?
- Version check wrong behavior HOT 1
- Can't install HOT 1
- Search function doesn't return new results HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from convos.