search

Crivaledaz / Mattermost-LDAP

This module provides an external LDAP authentication in Mattermost for the Team Edition (free).
MIT License
365 stars 72 forks source link

LDAP with latest version - folder unknown - forward direction not ok #42

Open jjjeroenski opened 4 years ago

jjjeroenski commented 4 years ago

If we install and test https://serverlink/oauth/index.php you get the LDAP login screen who works.

You get : " Congratulation you are authenticated !

However there is nothing to do here ... " So if we enable the gitlab button, than he sends you to a page who couldn't be found: https://serverlink/oauth/signup/gitlab/complete

What are we missing?

Could we disable the normal logon button so the user isn't confused about two logons?

Mattermost Team Edition Mattermost Version: 5.21.0 Database Schema Version: 5.21.0 Database: mysql Ubuntu 16.04.6 LTS

agabellini commented 4 years ago

Hello,

I get also: " Congratulation you are authenticated !

However there is nothing to do here ... " No error in the Apache (proxy in front of mattermost and virtual host of Mattermost-LDAP) No error in mattermost debug log Only a warning in the Apache error_log: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/web/oauth/OAuth2/Server.php on line 474

I'm using PHP 7.3. Is it a problem? Which is the PHP version suggested?

Mattermost Team Edition Mattermost Version: 5.21.0 Database Schema Version: 5.21.0 Database: mysql

Thanks, Andrea

Crivaledaz commented 4 years ago

Hi,

The PHP warning about the count() function was a compatibility issue between the Oauth server and PHP 7. This issue has been patched in Mattermost-LDAP V2.

Could you try the new Mattermost-LDAP version and verify it solves your problem, please.

Regards,

Crivaledaz commented 4 years ago

@jjjeroenski

If we install and test https://serverlink/oauth/index.php you get the LDAP login screen who works.

If you go to the Oauth server manually you can authenticate, but you are not redirected to Mattermost, because the authentication process does not have any token or redirect address (sent by Mattermost when you click on the 'Gitlab' button). So the behaviour you observe is expected :)

So if we enable the gitlab button, than he sends you to a page who couldn't be found

It seems you have misconfigured your Mattermost server. The redirect URL should be https://<mattermost_url>/signup/gitlab/complete. So the oauth/ directory should not appear in this URL, except if your Mattermost URL (defined by the site_url parameter) is set to https://serverlink/oauth/.

Could we disable the normal logon button so the user isn't confused about two logons?

Sure, you just need to turn off email sign in and sign up by updating EnableSignUpWithEmail, EnableSignInWithEmail and EnableSignInWithUsername parameters to false in the config.json file of your Mattermost server.

Regards