[Enhancement] LDAP authentication

LycheeOrg / Lychee

A great looking and easy-to-use photo-management-system you can run on your server, to manage and share photos.

https://lycheeorg.github.io/

MIT License

3.3k stars 293 forks source link

[Enhancement] LDAP authentication #324

Open jsaathof opened 5 years ago

jsaathof commented 5 years ago

I have found Lychee just recently and migrated quickly to the new Laravel version which works just fine for me. Haven't found any issues. I am really happy that I can use my PostgreSQL database instead of having to run an MySQL/MariaDB next to my PostgreSQL database. And I really like the feature of having multiple users.

However my users are in an LDAP database. I would really like to have LDAP authentication added to Lychee-Laravel to simplify user management and having just one password for users. I have found a project to add LDAP to a Laravel application called adldap2. See https://github.com/Adldap2/Adldap2-Laravel. I don't know if that can be used it Lychee-Laravel. I hope LDAP authentication makes it into the application.

Cheers.

Jurriaan

jsaathof commented 3 years ago

I have found a successor of the project Adldap2 called ldaprecord. There is a lot of documentation available on the site. I can install the module but when I have to change the authentication I'm kind of lost.

https://ldaprecord.com/

ildyria commented 3 years ago

Hummm....

I assume the following setting. You have:

a LDAP server
a Lychee install.

The question is more how do you determine the local ID for the used. For the connection, you could basically add a line to check against a user in the LDAP server here: https://github.com/LycheeOrg/Lychee/blob/376f8c7c9c463816252319dcbdab2975d221ed8a/app/ModelFunctions/SessionFunctions.php#L141

jsaathof commented 3 years ago

Hi,

I do have an LDAP server, that is the main reason to request LDAP support. And I am running Lychee. But I’m not a PHP programmer. So I’m having a hard time implementing this myself. I will take a look at the code you mentioned.

-- Sincerely,

Jurriaan

On 30 Mar 2021, at 12:25, Benoît Viguier @.***> wrote:

Hummm....

I assume the following setting. You have:

• a LDAP server • a Lychee install. The question is more how do you determine the local ID for the used. For the connection, you could basically add a line to check against a user in the LDAP server here: https://github.com/LycheeOrg/Lychee/blob/376f8c7c9c463816252319dcbdab2975d221ed8a/app/ModelFunctions/SessionFunctions.php#L141

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

julianfoad commented 1 year ago

The YunoHost Lychee integration would become most excellent if it included LDAP integration. That Lychee-YunoHost integration is currently declared "YunoHost level 8" meaning "quite good" but its lack of integration with YunoHost's user account system is quite a drawback.

In fact, any self-hosting these days is hampered by having its own user account management. Single Sign-On (SSO) is the way to go, if we want to get ordinary people using our lovely self-hosted FOSS things. And LDAP support is a step towards SSO.

julianfoad commented 1 year ago

Now the good news: apparently Lychee LDAP integration already exists: see the Lychee-LDAP fork by 'hfr'.

Some caveats: I haven't tested or studied it; I see a gripe/grudge written in its README which is a bit in bad taste; it looks substantially documented but also a bit complex, and I don't know if that's just how complex it has to be (as LDAP's a bit fiddly itself anyway).

Surely it's worth a good look?

ildyria commented 1 year ago

Now the good news: apparently Lychee LDAP integration already exists: see the Lychee-LDAP fork by 'hfr'.

The fork from hfr has not been updated since its creation. See https://github.com/LycheeOrg/Lychee/pull/1322 for the associated Pull Request and why it was not merged.

We are still open to a pull request for LDAP. :)

julianfoad commented 1 year ago

Thanks for the feedback and the link to the PR. I have skimmed and digested that now. What a pity.

I opened a place-holder issue in YunoHost: lychee_ynh: Lychee LDAP integration #57, effectively blocked on this one.

I can only hope some new developer will come along and pick up the pieces and put it all together.

ildyria commented 7 months ago

If someone wants to give it a try, there are a package that would make the integration with Lychee easier. https://github.com/DirectoryTree/LdapRecord-Laravel https://ldaprecord.com/docs/laravel/v3/

jsaathof commented 7 months ago

What a coincidence: I opted the same module three years ago...

jsaathof commented 4 months ago

I have created a pull request (#2386) adding Keycloak as option for Oauth. Since opening this ticket I have added a Keycloak environment (together with PrivacyIdea for centralized 2FA) to my setup. And Keycloak supports LDAP so my issue would be solved.

ildyria commented 4 months ago

I have created a pull request (#2386) adding Keycloak as option for Oauth. Since opening this ticket I have added a Keycloak environment (together with PrivacyIdea for centralized 2FA) to my setup. And Keycloak supports LDAP so my issue would be solved.

And pull request merged ! :) Thanks a lot for your contribution.