Omeka - platform for digital cultural heritage web publishing
-
So, after some debugging I found that the LDAP code hits a
LDAP_X_DOMAIN_MISMATCHexception. This is because of theaccountDomainNamelooks like. It expects the email ids to be in the same domain as the one we set there. Removing it, still fails though. -
this works (login with username and not email):
'ldap' => [ 'adapter_options' => [ 'server1' => [ 'host' => getenv('CLOUDRON_LDAP_SERVER'), 'port' => getenv('CLOUDRON_LDAP_PORT'), 'username' => getenv('CLOUDRON_LDAP_BIND_DN'), 'password' => getenv('CLOUDRON_LDAP_BIND_PASSWORD'), 'bindRequiresDn' => true, 'baseDn' => getenv('CLOUDRON_LDAP_USERS_BASE_DN'), 'accountFilterFormat' => '(&(objectclass=user)(username=%s))', 'accountCanonicalForm' => 1, // 'accountDomainName' => getenv('CLOUDRON_LDAP_HOST'), ], ], ], -
@jeau it seems the email and displayname fields are simply filled with the DN like
cn=uid-fc561e94-2711-4411-83cd-4d9a7ffe57d4,ou=users,dc=cloudron. I guess we need to ask the module-ldap author on how we can get this properly read in from LDAP. -
@girish yes, I asked Julian from Biblibre who who develops this module. He talk me that the current released (0.3.0) of Ldap module I used does not allow to configure the LDAP attributes to retrieve the name and email. I tried from source, it's works partially, I retreive the user mail address but I can sign in only with username, not mail.
-
@jeau said in Omeka - platform for digital cultural heritage web publishing:
I can sign in only with username
That is no problem at all as app like Wordpress and Nextcloud also uses usernames as login.
-
-
-
@girish said in Omeka - platform for digital cultural heritage web publishing:
@jeau atleast the login form of omeka s says "email or username".
Indeed and for me it’s ok. And for the time being as “Unstable” in the AppStore it might be possible to use username as Account name?
-
-
-
-
-
@nebulon thank's
About tests. Is there a way to test the ldap connection? For my tests, I could connect with my initial administrator, activate and configure the Ldap module but then how to verify? I can't seriously give a Cloudron login and password inside my test code and repo.
-
@jeau I've now pushed it as unstable for a start to collect further feedback.
Regarding the LDAP tests, I have to take a closer look as well how to do that. If you are just concerned about the username/password, then we usually follow the pattern that you run the tests with a USERNAME and PASSWORD env variable locally against a test Cloudron. But since we have the package now in the store, we will test new releases from here on on our test Cloudrons anyways.
-
@nebulon @jeau I just installed the app from the appstore and discovered after activating the LDAP module indeed as @girish wrote earlier a "strange" username and email.
However after trial and error I succeeded to make it very workable:
The 2 attributes were empty after activating and as you see with just those 2 LDAP attributes is works fine!!
For new users it might be an idea to activate the module on install and fill the fields with those to attributes?
-
@imc67 thank's for testing.
I mentioned in the documentation that you have to activate and configure the Ldap module manually. But I forgot write this in the postinstall file in order to make this information visible immediately after installation. I just did it.
I'll investigate to activate the module automatically. However I hesitate to operate directly in the database. I'll ask on the Omeka forum
-
I will report this issue.
