Ok, thanks.

@colonelpanic thank you!!

@infogulch said in Upstream dropped LDAP support with v5.7.0:

Did you happen to check whether the x-forwarded-* headers are stripped from the original request? Theres a potential impersonation vuln if we're not careful with these headers in particular.

Right... The headers are always set/cleared across all locations in the nginx proxy auth config. It's in our e2e tests as well (though they have not passed yet).

@girish Thank you very much!!

@girish - that did the trick. I upgraded to 2.3.0-1 and I can log in as before.

The main reason is that their rewrite of the LDAP connector does not work anymore and is pending fixes. I had some attempts to contribute a fix, but I so far lack the in-depth knowledge of the PHP frameworks used. It is still on my list to hopefully be able to contribute a fix. You can track the upstream issue at https://github.com/firefly-iii/firefly-iii/issues/5133

I have added a note in the docs and in the UI as well.

Oh looks like you reported it already at https://github.com/firefly-iii/firefly-iii/issues/4960 . But it seems you are not running Cloudron at all. This is a forum for apps installed using Cloudron and not a general app support forum for Firefly III. The github issue tracker is the correct place.

@hillside502 done!

This is issue is now fixed ! thanks a lot !!! 🙂

Screenshot.png

Right now with cloudron, some apps supports LDAP, some don't.

If I need to do a cloudron setup comprising apps that are all LDAP, I of course use LDAP in order to get one login to rule them all.

But if I do a cloudron setup where an app is not LDAP, I prefer to have all app not using LDAP.
It's confusing to have to explain to people that for those X apps, you need to use the same login, but for those X apps, it's separate logins, even though it's all based on the same main domain.

That's why I prefer to have both LDAP and non LDAP version of an app available.

In the case of Firefly, I think LDAP is even less useful, because it's personal finance and probably less useful in an organization context. For example, if I want to give a Firefly instance for a friend, I don't need to have an additional LDAP user. I'd prefer to have the friend has its own login with the app.