Subsonic icon indicating copy to clipboard operation
Subsonic copied to clipboard
verified publisher icon daneren2005

ldap login does not work with this app

Open emtie opened this issue 5 years ago • 1 comments

Hi,

I have purchased this app in google playstore. With the configure demo server the app looks very good and it features android auto. That's great. But when I tried to configure my airsonic server the connection test failed. I tested a bit around and found out that when I use the admin credentials in your app everything seems to work fine. But when I try to login with my LDAP settings the login fails. In the webinterface and in the subsonic app ldap login works fine.

I am on airsonic 10.5.0-RELEASE Apache Tomcat/8.5.38 (Debian), java 11.0.5, Linux (raspbian 10)

The logs show the following (IP, user and pw have been changed for security reasons)

123.123.123.123 - - [31/Jan/2020:13:38:54 +0100] "POST /airsonic/rest/getRandomSongs.view?u=username&p=enc:58476572672e3232313031393831&v=1.2.0&c=android&size=50 HTTP/1.1" 200 23788 123.123.123.123 - - [31/Jan/2020:13:39:05 +0100] "POST /airsonic/rest/ping.view?u=username&p=enc:58476572672e3232313031393831&v=1.2.0&c=android HTTP/1.1" 200 136 172.16.44.10 - - [31/Jan/2020:13:39:06 +0100] "POST /airsonic/rest/getLicense.view?u=username&p=enc:58476572672e3232313031393831&v=1.2.0&c=android HTTP/1.1" 200 294

What else can I provide to help solve this issue?

cu emtie

emtie avatar Jan 31 '20 13:01 emtie

See also https://github.com/airsonic/airsonic/issues/260#issuecomment-568776584.

DSub defaults to using the "better" token+salt method of authentication when it believes the server supports it -- that is, when the server it's connecting to is a late-enough version to have this. It makes a special exception for Madsonic because it doesn't support this method, so it falls back to plain password. They're distinguishable because Madsonic replies with a "madsonic-response" instead of a "subsonic-response".

This all works okay-ish until you realise that Subsonic botched their API authentication in the first place, and the only way you can authenticate with LDAP (that they offer) is with plain password.

The hack workaround is to configure your server to trick DSub into thinking your server is Madsonic rather than Airsonic/Subsonic/etc. See the above thread for info. If you're unable to configure your server this way, there's no workaround except to use a different app.

I think this commit was supposed to handle this when DSub reintroduced using token+salt, but it's never worked for me and I've just used the workaround I linked above.

xeals avatar Jun 05 '20 14:06 xeals