Omeka - platform for digital cultural heritage web publishing
-
@girish, I'm trying to go ahead with the configuration of Ldap module.
Settings are located at the bottom of
/app/data/config/local.config.phpThe following configuration allows a first authentication from the username however the account created does not retrieve the email address but an address like this
<username>@<ip>.'ldap' => [ 'adapter_options' => [ 'server1' => [ 'host' => getenv('CLOUDRON_LDAP_SERVER'), 'port' => getenv('CLOUDRON_LDAP_PORT'), 'username' => getenv('CLOUDRON_LDAP_BIND_DN'), 'password' => getenv('CLOUDRON_LDAP_BIND_PASSWORD'), 'bindRequiresDn' => true, 'baseDn' => getenv('CLOUDRON_LDAP_USERS_BASE_DN'), 'accountFilterFormat' => '(&(objectClass=user)(username=%s))', 'accountCanonicalForm' => 4, 'accountDomainName' => getenv('CLOUDRON_LDAP_HOST'), ], ], ],With Omeka, it is usual to connect with the mail but the filter
(&(objectClass=user)(mail=%s))does not work.The module documentation is here https://github.com/biblibre/omeka-s-module-Ldap
-
@girish, I'm trying to go ahead with the configuration of Ldap module.
Settings are located at the bottom of
/app/data/config/local.config.phpThe following configuration allows a first authentication from the username however the account created does not retrieve the email address but an address like this
<username>@<ip>.'ldap' => [ 'adapter_options' => [ 'server1' => [ 'host' => getenv('CLOUDRON_LDAP_SERVER'), 'port' => getenv('CLOUDRON_LDAP_PORT'), 'username' => getenv('CLOUDRON_LDAP_BIND_DN'), 'password' => getenv('CLOUDRON_LDAP_BIND_PASSWORD'), 'bindRequiresDn' => true, 'baseDn' => getenv('CLOUDRON_LDAP_USERS_BASE_DN'), 'accountFilterFormat' => '(&(objectClass=user)(username=%s))', 'accountCanonicalForm' => 4, 'accountDomainName' => getenv('CLOUDRON_LDAP_HOST'), ], ], ],With Omeka, it is usual to connect with the mail but the filter
(&(objectClass=user)(mail=%s))does not work.The module documentation is here https://github.com/biblibre/omeka-s-module-Ldap
-
So, after some debugging I found that the LDAP code hits a
LDAP_X_DOMAIN_MISMATCHexception. This is because of theaccountDomainNamelooks like. It expects the email ids to be in the same domain as the one we set there. Removing it, still fails though. -
@girish, I'm trying to go ahead with the configuration of Ldap module.
Settings are located at the bottom of
/app/data/config/local.config.phpThe following configuration allows a first authentication from the username however the account created does not retrieve the email address but an address like this
<username>@<ip>.'ldap' => [ 'adapter_options' => [ 'server1' => [ 'host' => getenv('CLOUDRON_LDAP_SERVER'), 'port' => getenv('CLOUDRON_LDAP_PORT'), 'username' => getenv('CLOUDRON_LDAP_BIND_DN'), 'password' => getenv('CLOUDRON_LDAP_BIND_PASSWORD'), 'bindRequiresDn' => true, 'baseDn' => getenv('CLOUDRON_LDAP_USERS_BASE_DN'), 'accountFilterFormat' => '(&(objectClass=user)(username=%s))', 'accountCanonicalForm' => 4, 'accountDomainName' => getenv('CLOUDRON_LDAP_HOST'), ], ], ],With Omeka, it is usual to connect with the mail but the filter
(&(objectClass=user)(mail=%s))does not work.The module documentation is here https://github.com/biblibre/omeka-s-module-Ldap
this works (login with username and not email):
'ldap' => [ 'adapter_options' => [ 'server1' => [ 'host' => getenv('CLOUDRON_LDAP_SERVER'), 'port' => getenv('CLOUDRON_LDAP_PORT'), 'username' => getenv('CLOUDRON_LDAP_BIND_DN'), 'password' => getenv('CLOUDRON_LDAP_BIND_PASSWORD'), 'bindRequiresDn' => true, 'baseDn' => getenv('CLOUDRON_LDAP_USERS_BASE_DN'), 'accountFilterFormat' => '(&(objectclass=user)(username=%s))', 'accountCanonicalForm' => 1, // 'accountDomainName' => getenv('CLOUDRON_LDAP_HOST'), ], ], ], -
@girish, I'm trying to go ahead with the configuration of Ldap module.
Settings are located at the bottom of
/app/data/config/local.config.phpThe following configuration allows a first authentication from the username however the account created does not retrieve the email address but an address like this
<username>@<ip>.'ldap' => [ 'adapter_options' => [ 'server1' => [ 'host' => getenv('CLOUDRON_LDAP_SERVER'), 'port' => getenv('CLOUDRON_LDAP_PORT'), 'username' => getenv('CLOUDRON_LDAP_BIND_DN'), 'password' => getenv('CLOUDRON_LDAP_BIND_PASSWORD'), 'bindRequiresDn' => true, 'baseDn' => getenv('CLOUDRON_LDAP_USERS_BASE_DN'), 'accountFilterFormat' => '(&(objectClass=user)(username=%s))', 'accountCanonicalForm' => 4, 'accountDomainName' => getenv('CLOUDRON_LDAP_HOST'), ], ], ],With Omeka, it is usual to connect with the mail but the filter
(&(objectClass=user)(mail=%s))does not work.The module documentation is here https://github.com/biblibre/omeka-s-module-Ldap
-
@jeau it seems the email and displayname fields are simply filled with the DN like
cn=uid-fc561e94-2711-4411-83cd-4d9a7ffe57d4,ou=users,dc=cloudron. I guess we need to ask the module-ldap author on how we can get this properly read in from LDAP.@girish yes, I asked Julian from Biblibre who who develops this module. He talk me that the current released (0.3.0) of Ldap module I used does not allow to configure the LDAP attributes to retrieve the name and email. I tried from source, it's works partially, I retreive the user mail address but I can sign in only with username, not mail.
-
@jeau said in Omeka - platform for digital cultural heritage web publishing:
I can sign in only with username
That is no problem at all as app like Wordpress and Nextcloud also uses usernames as login.
-
@jeau said in Omeka - platform for digital cultural heritage web publishing:
I can sign in only with username
That is no problem at all as app like Wordpress and Nextcloud also uses usernames as login.
-
@imc67 you're right, it's works with the Ldap module, but usually Omeka S users use their email address and in their profile there's no username.
-
@girish said in Omeka - platform for digital cultural heritage web publishing:
@jeau atleast the login form of omeka s says "email or username".
Indeed and for me it’s ok. And for the time being as “Unstable” in the AppStore it might be possible to use username as Account name?
-
@girish said in Omeka - platform for digital cultural heritage web publishing:
@jeau atleast the login form of omeka s says "email or username".
Indeed and for me it’s ok. And for the time being as “Unstable” in the AppStore it might be possible to use username as Account name?
-
-
@girish I installed some components required for official modules and made some settings and tests. I think we can provide this application as "unstable" in the store. I hope I haven't forgotten anything important.
-
@jeau this is great! I've just ran the tests and we are looking good.
I will update the manifest to add things like mediaLinks and such for the appstore and then push it out as unstable later today.Thanks a lot for the work
@nebulon thank's
About tests. Is there a way to test the ldap connection? For my tests, I could connect with my initial administrator, activate and configure the Ldap module but then how to verify? I can't seriously give a Cloudron login and password inside my test code and repo.
-
@nebulon thank's
About tests. Is there a way to test the ldap connection? For my tests, I could connect with my initial administrator, activate and configure the Ldap module but then how to verify? I can't seriously give a Cloudron login and password inside my test code and repo.
@jeau I've now pushed it as unstable for a start to collect further feedback.
Regarding the LDAP tests, I have to take a closer look as well how to do that. If you are just concerned about the username/password, then we usually follow the pattern that you run the tests with a USERNAME and PASSWORD env variable locally against a test Cloudron. But since we have the package now in the store, we will test new releases from here on on our test Cloudrons anyways.
-
@jeau I've now pushed it as unstable for a start to collect further feedback.
Regarding the LDAP tests, I have to take a closer look as well how to do that. If you are just concerned about the username/password, then we usually follow the pattern that you run the tests with a USERNAME and PASSWORD env variable locally against a test Cloudron. But since we have the package now in the store, we will test new releases from here on on our test Cloudrons anyways.
@nebulon @jeau I just installed the app from the appstore and discovered after activating the LDAP module indeed as @girish wrote earlier a "strange" username and email.
However after trial and error I succeeded to make it very workable:
The 2 attributes were empty after activating and as you see with just those 2 LDAP attributes is works fine!!
For new users it might be an idea to activate the module on install and fill the fields with those to attributes?
-
@nebulon @jeau I just installed the app from the appstore and discovered after activating the LDAP module indeed as @girish wrote earlier a "strange" username and email.
However after trial and error I succeeded to make it very workable:
The 2 attributes were empty after activating and as you see with just those 2 LDAP attributes is works fine!!
For new users it might be an idea to activate the module on install and fill the fields with those to attributes?
@imc67 thank's for testing.
I mentioned in the documentation that you have to activate and configure the Ldap module manually. But I forgot write this in the postinstall file in order to make this information visible immediately after installation. I just did it.
I'll investigate to activate the module automatically. However I hesitate to operate directly in the database. I'll ask on the Omeka forum
-
@imc67 thank's for testing.
I mentioned in the documentation that you have to activate and configure the Ldap module manually. But I forgot write this in the postinstall file in order to make this information visible immediately after installation. I just did it.
I'll investigate to activate the module automatically. However I hesitate to operate directly in the database. I'll ask on the Omeka forum
I will report this issue.