I'm using pretty much the standard, the default .htaccess that comes with the data-importer tool, and the generated .htpasswd file I created. I've just added the below. Just update the # Whitelist API Requests line with API requests from the services you're using with the data-import tool.

@pawel-biskupski maybe you can ask this in the upstream forum - https://github.com/orgs/firefly-iii/discussions

Does the latest package solve any of these issues?

@girish thanks! It's working fine now.
This is the reason why I love cloudroun ❤

@nottheend thanks for the update! fixed the title as well.

To support Bearer authentication with proxyAuth, I have added a new flag in the manifest called supportsBearerAuth . This will be available in 7.3. After that, the curl request works.

@jordanurbs Which package version are you on ? It's listed in the Update section of the app.

As it stands, if it doesn't find any users, it means there are no users in the database atleast. Are you first able to roll back to a working app and run the command to verify your user is still there?

Ok, thanks.

@colonelpanic thank you!!

@infogulch said in Upstream dropped LDAP support with v5.7.0:

Did you happen to check whether the x-forwarded-* headers are stripped from the original request? Theres a potential impersonation vuln if we're not careful with these headers in particular.

Right... The headers are always set/cleared across all locations in the nginx proxy auth config. It's in our e2e tests as well (though they have not passed yet).

@girish Thank you very much!!

@girish - that did the trick. I upgraded to 2.3.0-1 and I can log in as before.

The main reason is that their rewrite of the LDAP connector does not work anymore and is pending fixes. I had some attempts to contribute a fix, but I so far lack the in-depth knowledge of the PHP frameworks used. It is still on my list to hopefully be able to contribute a fix. You can track the upstream issue at https://github.com/firefly-iii/firefly-iii/issues/5133

I have added a note in the docs and in the UI as well.

Oh looks like you reported it already at https://github.com/firefly-iii/firefly-iii/issues/4960 . But it seems you are not running Cloudron at all. This is a forum for apps installed using Cloudron and not a general app support forum for Firefly III. The github issue tracker is the correct place.

@hillside502 done!

This is issue is now fixed ! thanks a lot !!! 🙂

Screenshot.png

Right now with cloudron, some apps supports LDAP, some don't.

If I need to do a cloudron setup comprising apps that are all LDAP, I of course use LDAP in order to get one login to rule them all.

But if I do a cloudron setup where an app is not LDAP, I prefer to have all app not using LDAP.
It's confusing to have to explain to people that for those X apps, you need to use the same login, but for those X apps, it's separate logins, even though it's all based on the same main domain.

That's why I prefer to have both LDAP and non LDAP version of an app available.

In the case of Firefly, I think LDAP is even less useful, because it's personal finance and probably less useful in an organization context. For example, if I want to give a Firefly instance for a friend, I don't need to have an additional LDAP user. I'd prefer to have the friend has its own login with the app.