Error "Could not find LDAP password for user" when logging into Matomo
-
Hello,
I've been having this error for quite a while honestly but I rarely login so haven't been too concered since it seems I can still login without issues, and it shows me all the data I'm allowed to view.
The error I see when logging into Matomo:
WARNING: UserMapper::getPiwikPasswordForLdapUser: Could not find LDAP password for user '<myUserAccount>', generating random one. (Module: LoginLdap, In CLI mode: false)
The closest thing I could find online (but didn't really offer a solution other than to open a bug defect) is this one: https://forum.matomo.org/t/ldap-warning-upon-first-time-login/18015 & https://github.com/matomo-org/plugin-LoginLdap/issues/204
In the second link, it seems that they propose setting
synchronize_users_after_login = 0
, but I'm confused why it seems nobody else is really encountering this issue within Cloudron, so it makes me wonder if it's more of a "me" issue or if it's really something we should change in the Cloudron package for Matomo to have that property as a default value. -
Where do you see this? I am not seeing this in our instance atleast. Screenshot?
-
Our LDAP is like this:
[LoginLdap] servers[] = "cloudron" ldap_user_id_field = "username" ldap_last_name_field = "sn" ldap_first_name_field = "givenName" ldap_mail_field = "mail" ldap_alias_field = "cn" use_ldap_for_authentication = 1 new_user_default_sites_view_access = "all" synchronize_users_after_login = 1
-
@girish Seems my config is the same (though oddly my "servers" field is at the bottom).
[LoginLdap] ldap_user_id_field = "username" ldap_last_name_field = "sn" ldap_first_name_field = "givenName" ldap_mail_field = "mail" ldap_alias_field = "cn" use_ldap_for_authentication = 1 new_user_default_sites_view_access = "all" synchronize_users_after_login = "1" servers[] = "cloudron"
Here's the screenshot I see every time I login:
-
@d19dotca strange, I can't reproduce this on a new install either. I guess we need to wait for https://github.com/matomo-org/plugin-LoginLdap/issues/204 to be resolved or something . Cloudron LDAP server does not expose LDAP password for security reasons as well.
-
@girish If I understand that GitHub issue correctly though it seems one suggestion was to switch
synchronize_users_after_login
to a value of0
, however that isn't working for me because every time I restart Matomo it seems to override any config I put in there. Is this intended behaviour or do you think it should be changed? Essentially this limit in the package seems to prevent me from even testing that proposed solution from the GitHub issue. -
-
@girish Ah okay, interesting, I can try that.
One latest attempt (haven't tried the repair mode yet though) as it was recommended upstream to change "warning" to "debug" on one of their lines of code in a particular file, but doesn't seem to save my changes from that either after restarting the app. I'm confused though because I thought items in /app/data were usually safe from overrides?
There will be a file called UserMapper.php in /path/to/your/matomo/plugins/plugins/LoginLdap/LdapInterop/UserMapper.php You need to search for word warning which will look something like this $this->logger->warning just replace the warning word with debug
-
-
-
I have to say I debugged this a lot but can never get that error message to show! I enabled all sorts of syncing in the configs, but that error message never shows.
-
@girish thanks for trying so hard on this, Girish! It’s definitely an odd issue but thankfully doesn’t seem to have an impact beyond the nagging window when logging in each time. I can ignore it for now but I also haven’t had a chance to test with that repair mode so I may try that soon too.
-
-