search

Crivaledaz / Mattermost-LDAP

This module provides an external LDAP authentication in Mattermost for the Team Edition (free).
MIT License
357 stars 71 forks source link

Update from 1.1 to 2.1 [proposed Label] Help needed #103

Open nic-Oban opened 1 year ago

nic-Oban commented 1 year ago

Good morning, I use your Mattermost-LDAP plugin (bare-metal) to authenticate our users from our LDAP server into our mattermost server. Everything is working fine with the v1.1 version since years! Thanks a lot!!

As some users want to be able to use the desktop client, I'm trying to update to v2.1 but I'm a bit lost. Is there a migration procedure you can provide to help me?

I set up the /var/www/html/oauth/ part and fill the parameters to config_db.php and LDAP/config_ldap.php. I edited the config.json of mattermost to modifiy User API Endpoint : http://HOSTNAME/oauth/resource.php Auth Endpoint: http://HOSTNAME/oauth/authorize.php Token Endpoint: http://HOSTNAME/oauth/token.php And finally added "location /oauth/access_token" and "location /oauth/authorize" parts to nginx conf.

When I click the "GitLab" button on the Mattermost login page, I'm sent to a 500 Internal server Error page... I must miss something!

Thanks a lot if you can help me to upgrade this great Mattermost-LDAP server! Have a good day Nicolas

Crivaledaz commented 1 year ago

Hi,

Thank you for using Mattermost-LDAP for years. I'm glad it fulfils your needs.

Mattermost-LDAP V1.1 is a bit old now, and I think updating to V2.1 is a good choice. Unfortunately, there is no dedicated documentation for migration. However, I have added this subject to my ToDo list and will create one in the future. Note that the master branch is stable and contains a few fixes, so I suggest migrating directly to the latest commit.

However, the migration from V1.1 to V2.1 should not be complicated. First, for any new release, you need to checkout the new version, then adapt config_db.php and LDAP/config_ldap.php with your values.

Since Mattermost enforces URL checking, and as it is stated in the "Breaking Changes" of the V2.1, you should adapt you web server configuration (ie NGINX) to add the following URI redirection :

You can refer to the NGINX configuration used for the Demo.

After that, you should adapt your GitLab configuration in config.json. You need to check that your Mattermost server reads configuration from that file, not from the database directly (see #83). You should mainly edit the Auth Endpoint which must point to http://HOSTNAME/oauth/authorize (without the .php at the end). Then, restart your Mattermost server to take the change into account.

Following these steps should bring you a working Mattermost-LDAP V2.1.

Finally, I saw from your title you were looking for a Help needed label. Note there is already a label Help wanted, you can use. You can see available labels here. Nevertheless, I should add a template for this kind of issue. Another thing to add to my ToDo List ;)

Regards

nic-Oban commented 1 year ago

Hi @Crivaledaz thanks for your answer. I did most of the suggested configs but without success. I still have to have a look at #83 ;)

About the label, as a simple user, I just have a choice between "Bug Report" and "Feature Request" when creating a new issue. Even if I saw the labels list, I didn't find how to apply them to my message, sorry for that.

Thanks again for your indications and hope I will find my way to use the master branch version! Have a good day.

Fidoshnik commented 1 year ago

Hello! I also met this error when the authorization server was migrated. The solution was very different. I'll try to help. 1) Can you open a simple authorization page without a forward from the mattermost server? http://your ip//oauth/access_token 2) Check that Selinux is disabled (sestatus. If enabled, try disabling setenforce 0) 3) After you changed the configuration in the files, you may have changed the owner. Must be apache:apache) **chown -R apache:apache /var/www/html/oauth/** 4) look at the log /var/log/php-fpm what error is there?

5)the following transfers were also added to the httpd.conf file

DocumentRoot "/var/www/html"

Rewrite Engine On RewriteRule "/oauth/authorize" "/oauth/authorize.php" RewriteRule "/oauth/token" "/oauth/token.php" RewriteRule "/api/v4/user" "/oauth/resource.php" RewriteRule "/oauth/access_token" "/oauth/index.php"