Omeka - platform for digital cultural heritage web publishing
-
-
@girish, I'm trying to go ahead with the configuration of Ldap module.
Settings are located at the bottom of
/app/data/config/local.config.phpThe following configuration allows a first authentication from the username however the account created does not retrieve the email address but an address like this
<username>@<ip>.'ldap' => [ 'adapter_options' => [ 'server1' => [ 'host' => getenv('CLOUDRON_LDAP_SERVER'), 'port' => getenv('CLOUDRON_LDAP_PORT'), 'username' => getenv('CLOUDRON_LDAP_BIND_DN'), 'password' => getenv('CLOUDRON_LDAP_BIND_PASSWORD'), 'bindRequiresDn' => true, 'baseDn' => getenv('CLOUDRON_LDAP_USERS_BASE_DN'), 'accountFilterFormat' => '(&(objectClass=user)(username=%s))', 'accountCanonicalForm' => 4, 'accountDomainName' => getenv('CLOUDRON_LDAP_HOST'), ], ], ],With Omeka, it is usual to connect with the mail but the filter
(&(objectClass=user)(mail=%s))does not work.The module documentation is here https://github.com/biblibre/omeka-s-module-Ldap
-
So, after some debugging I found that the LDAP code hits a
LDAP_X_DOMAIN_MISMATCHexception. This is because of theaccountDomainNamelooks like. It expects the email ids to be in the same domain as the one we set there. Removing it, still fails though. -
this works (login with username and not email):
'ldap' => [ 'adapter_options' => [ 'server1' => [ 'host' => getenv('CLOUDRON_LDAP_SERVER'), 'port' => getenv('CLOUDRON_LDAP_PORT'), 'username' => getenv('CLOUDRON_LDAP_BIND_DN'), 'password' => getenv('CLOUDRON_LDAP_BIND_PASSWORD'), 'bindRequiresDn' => true, 'baseDn' => getenv('CLOUDRON_LDAP_USERS_BASE_DN'), 'accountFilterFormat' => '(&(objectclass=user)(username=%s))', 'accountCanonicalForm' => 1, // 'accountDomainName' => getenv('CLOUDRON_LDAP_HOST'), ], ], ], -
@jeau it seems the email and displayname fields are simply filled with the DN like
cn=uid-fc561e94-2711-4411-83cd-4d9a7ffe57d4,ou=users,dc=cloudron. I guess we need to ask the module-ldap author on how we can get this properly read in from LDAP. -
@girish yes, I asked Julian from Biblibre who who develops this module. He talk me that the current released (0.3.0) of Ldap module I used does not allow to configure the LDAP attributes to retrieve the name and email. I tried from source, it's works partially, I retreive the user mail address but I can sign in only with username, not mail.
-
@jeau said in Omeka - platform for digital cultural heritage web publishing:
I can sign in only with username
That is no problem at all as app like Wordpress and Nextcloud also uses usernames as login.
-
-
-
@girish said in Omeka - platform for digital cultural heritage web publishing:
@jeau atleast the login form of omeka s says "email or username".
Indeed and for me it’s ok. And for the time being as “Unstable” in the AppStore it might be possible to use username as Account name?
-
-
-
-
-
@nebulon thank's
About tests. Is there a way to test the ldap connection? For my tests, I could connect with my initial administrator, activate and configure the Ldap module but then how to verify? I can't seriously give a Cloudron login and password inside my test code and repo.
-
@jeau I've now pushed it as unstable for a start to collect further feedback.
Regarding the LDAP tests, I have to take a closer look as well how to do that. If you are just concerned about the username/password, then we usually follow the pattern that you run the tests with a USERNAME and PASSWORD env variable locally against a test Cloudron. But since we have the package now in the store, we will test new releases from here on on our test Cloudrons anyways.
I will report this issue.