taiga-contrib-ldap-auth icon indicating copy to clipboard operation
taiga-contrib-ldap-auth copied to clipboard

Published 20 hours ago verified publisher icon ensky

Support for 3.0?

Open mroe1234 opened this issue 8 years ago • 9 comments

Before I start my upgrade, should this plug-in work with 3.0?

mroe1234 avatar Oct 07 '16 19:10 mroe1234

So take this at a grain of salt for your use case but I have gotten this plugin to work on taiga v 3.0. Since I was setting up a new tiaga instalation with a new ldap server so I had no data to migrate between versions. I am also using new small openldap server with 2 users. But I had no errors in the instaltion of this plugin so it may work in your case

robrotheram avatar Oct 13 '16 13:10 robrotheram

I cannot authenticate using this module in the current taiga version. I've done all described in the readme. Here I'm not sure about the two properties:

LDAP_SERVER and LDAP_SEARCH_PROPERTY.

Until now, I've got some applications using ldap, but all they need was something like ldap_bind_dn, ldap_bind_password, ldap_search_base or the ldap_port. So here I'm using the same settings but for the two properties mentionend above, I can not compare to the settings of the running apps.

I would like to use the email address as username. I've tried it with:

  1. For LDAP_SERVER I've entered: ldap://ldap.domain.tld Here I just entered the same values as I'm using at the end, inside the LDAP_SEARCH_BASE -> dc=domain,dc=tld not quite sure If this is correct, or is it possible to find that values somewhere inside phpldapadmin?
  2. Tried several possibilities like: LDAP_SEARCH_PROPERTY = 'sAMAccountName', LDAP_SEARCH_PROPERTY = 'mail', LDAP_SEARCH_PROPERTY = 'cn', LDAP_SEARCH_PROPERTY = 'uid'

Am I missing something?

leonidas-o avatar Oct 13 '16 16:10 leonidas-o

Here is my working LDAP config for 2.0:

LDAP_SERVER = 'ldap://nis.domain.local' LDAP_PORT = 389 LDAP_SEARCH_BASE = 'dc=domain,dc=local' LDAP_SEARCH_PROPERTY = 'uid' LDAP_SEARCH_SUFFIX = None # '@example.com'

LDAP_EMAIL_PROPERTY = 'mail' LDAP_FULL_NAME_PROPERTY = 'cn'

On 10/13/2016 12:39 PM, Leo wrote:

I cannot authenticate using this module in the current taiga version. I've done all described in the readme. Here I'm not sure about the two properties:

LDAP_SERVER and LDAP_SEARCH_PROPERTY.

Until now, I've got some applications using ldap, but all they need was something like ldap_bind_dn, ldap_bind_password, ldap_search_base or the ldap_port. So here I'm using the same settings but for the two properties mentionend above, I can not compare to the settings of the running apps.

I would like to use the email address as username. I've tried it with:

For LDAP_SERVER I've entered: ldap://ldap.domain.tld
Here I just entered the same values as I'm using at the end, inside the LDAP_SEARCH_BASE ->
dc=domain,dc=tld
not quite sure If this is correct, or is it possible to find that values somewhere inside
phpldapadmin?

Tried several possibilities like:
LDAP_SEARCH_PROPERTY = 'sAMAccountName',
LDAP_SEARCH_PROPERTY = 'mail',
LDAP_SEARCH_PROPERTY = 'cn',
LDAP_SEARCH_PROPERTY = 'uid'

Am I missing something?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ensky/taiga-contrib-ldap-auth/issues/36#issuecomment-253568206, or mute the thread https://github.com/notifications/unsubscribe-auth/AG10p8KIKFr7d_cyK1kcBUZad0xmfnA1ks5qzl6wgaJpZM4KRXzC.

mroe1234 avatar Oct 13 '16 17:10 mroe1234

@mroe1234 so you are using your user names to login, in my case i would just change that to mail. Right now I'm also set it to uid for testing purposes. Where is this "nis" comming from ('ldap://nis.domain.local'). I've left it on 'ldap://ldap.domain.local'. Can I somewhere look that up?

leonidas-o avatar Oct 13 '16 17:10 leonidas-o

yes, you can change the attribute you want to use for 'username' to whatever you want. nis.domain.local is the DNS name for my ldap server.

On 10/13/2016 01:46 PM, Leo wrote:

@mroe1234 https://github.com/mroe1234 so you are using your user names to login, in my case i would just change that to mail. Right now I'm also set it to uid for testing purposes. Where is this "nis" comming from ('ldap://nis.domain.local'). I've left it on 'ldap://ldap.domain.local'. Can I somewhere look that up?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ensky/taiga-contrib-ldap-auth/issues/36#issuecomment-253585841, or mute the thread https://github.com/notifications/unsubscribe-auth/AG10p3LG_58ZG84I0JtsKFWt3liDBUzlks5qzm5rgaJpZM4KRXzC.

mroe1234 avatar Oct 13 '16 17:10 mroe1234

yeah, okay got it. Was the LDAP_SERVER property, so authentication via uid is working but not using mail. Have you ever tested it via mail?

leonidas-o avatar Oct 13 '16 18:10 leonidas-o

Yes this is a known issue: #18

flyingcircle avatar Oct 13 '16 18:10 flyingcircle

@flyingcircle no not really. As I see, this issue is about invitation email. I'm talking about to use LDAP_SEARCH_PROPERTY = 'mail' instead of the username. So that each user should use his ldap email as username to log in. I will open a new issue for that.

leonidas-o avatar Oct 14 '16 09:10 leonidas-o

I see @lorsulic opened #37 for their issue.

As to OP, it works for us using Taiga 3.0 and taiga-contrib-ldap-auth v0.1.1. This is a direct installation of Taiga 3.0, though, not an upgrade from 2.0.

@mroe1234 I guess I'd also recommend using displayName (if possible) for LDAP_FULL_NAME_PROPERTY - see superuser.

ffwd-txnx avatar Nov 28 '16 18:11 ffwd-txnx