Upgrade to 2.8.7 - LDAP login returns authentification error

[patronit]

Dear Contributors, first at all thank you very much for your wonderful and worthy work.

We use a virtual server appliance. The last upgrade to 2.8.7 leads to the impossibility to login with LDAP. We restored the backup - so no problem now.

Thank you, have a nice day!

[tio-trom]

Same here. Cannot login with LDAP: Restoring now.

EDIT: I am sent to this sort of URL https://forum.tromjaro.com/auth/failure?message=ldap_error&origin=https%3A%2F%2Fforum.tromjaro.com%2Flatest&strategy=ldap and the error is:

Sorry, there was an error authorizing your account. Please try again.

The issue is that I have restored to 2.8.6~ynh1 and I see the same issue. Now I wonder @patronit what versions have you restored to?

[patronit]

Before the upgrade I took a separate yunohost-backup of all data and applikations (ok, nineties style). After the error (same as you described), I deinstalled discourse und restored the separate backup.

[tio-trom]

I understand but I've done the same with Borg. A full backup. Can you please check what version are you running now?

[patronit]

• Discourse Version 2.7.13, no plugins
• up to date yunohost-server
• Dokuwiki
• all applications without public access

[tio-trom]

Yeah I think that's the issue. LDAP had problems from the 2.8.6~ynh1 version. I have that version unfortunately. Probably it worked with the version until I logged out and upgraded to the latest or something...now I'm toasted I can't login on my own forum haha.

[patronit]

I'm very sorry for you. The data is still there, I guess you need help from someone, who's fit in the used LDAP-plugin and SSOwat.

[JimboJoe]

Looks like a deprecation happened in Discourse that requires an update in the ldap plugin. The fix seems to exist, but no formal release has been done yet (I've added a comment)... 😥 As a short term workaround, you could try replacing the plugin directory of your install by the master of the ldap plugin repository...

[tio-trom]

Thank you for looking into it. I could try your solution but am not sure I got it. To remove all that is in this folder /var/www/discourse/plugins/discourse-ldap-auth and copy the raw files from here https://github.com/jonmbake/discourse-ldap-auth ?

[tio-trom]

Ok I did just that, I made sure the permissions/ownership are the same. And I still see the same error....Mind you the old folder had 141 files, 52 folders and the new one from the master has 21 files, 7 folders. Restarted the Discourse service too. No change.

[tio-trom]

By the way, for now is there a way to login without LDAP for my admin account?

[JimboJoe]

My piece of advice was poor, as there is much more than that to install a plugin (notably it downloads/installs the dependencies). I forgot we had documented how to install a plugin in the package README... 😅

cd /var/www/discourse
sudo -i -u discourse RAILS_ENV=production bin/rake --trace plugin:install repo=https://github.com/discourse/discourse-solved (for example)
sudo -i -u discourse RAILS_ENV=production bin/rake --trace assets:precompile
systemctl restart discourse

[tio-trom]

Thank you very much. I should have looked at it myself. Sorry for not having done that. But it still fails - here is the install log https://paste.trom.tf/ipocexujot.typescript

[JimboJoe]

I confirm the latest version of the plugin fixes the issue, but deploying by hand is a bit tricky:

• once installed, you must configure it in plugins/discourse-ldap-auth/config/settings.yml using this reference
• you must apply this patch to it Don't forget to assets:precompile and restart the service as in the comment above

I've asked the plugin developer for a release so that we can have a fix version of this package.

[tio-trom]

Thank you. So I have copied the https://github.com/YunoHost-Apps/discourse_ynh/blob/master/conf/settings.yml to the plugin, and I am wondering what do you mean by applying that patch. Can you tell me how please?

[JimboJoe]

Either you change manually the file as described in the patch, either you cd to plugins/discourse-ldap-auth/gems/2.7.6/gems/omniauth-ldap-1.0.5 and execute patch -p1 <path where you put the file>/ldap-auth-fix-subfolder.patch

[JimboJoe]

I've just opened a fix PR: could you please try to execute yunohost app upgrade discourse -u https://github.com/YunoHost-Apps/discourse_ynh/tree/fix_126 --force?

EDIT: you can directly try the testing 2.8.8 update that includes the fix yunohost app upgrade discourse -u https://github.com/YunoHost-Apps/discourse_ynh/tree/ci-auto-update-v2.8.8

[tio-trom]

Works thank you!

Unfortunately when I login with LDAP it asks me to create a new user....Thing is I changed my main email address in the YNH admin panel, even tho I have the old one too. It seems discord checks the main password in the YNH config and only wants that one. You know what I mean?

If I have the email X in my YNH - User settings. I install Discourse and create an user. It uses the X email address. Later on I change the email from User - Settings to Y. I then try to login to Discourse but when I do that it detects the Y email address and wants to create a new admin user. Even if I try to login with the X email address it will say that it cannot login.

Sorry, there was an error authorizing your account. Please try again.

Is this related to this patch?

[JimboJoe]

Hmm I usually login with my (short) login as username, not the complete e-mail... Did you try it? But I don't see how it could be related to the LDAP problem (which was due to a deprecation in Discourse API).

[tio-trom]

Yes I tried to login only with the username. The I will open a separate issue for this. Thanks for the support btw! Much appreciated!