LDAP issues

[tio-trom]

If your YNH admin main email is X, then you install Discourse, you can login via LDAP and are admin on Discourse. All good. Now say you change your main YNH email address into Y. Try now to login on Discourse via LDAP with username and YNH admin password. It will grab the email Y and try to create a new account. Therefore you won't be able to login as your original admin account, unless you change back your YNH main email into X.

This is not ok because it gets you entangled with the main YNH email....

What can be done?

[JimboJoe]

Hi, Are you logging in with your username name as the login (without the domain prefix)?

[tio-trom]

Hi, Yes I login only with the username. No domain just the username.

[JimboJoe]

And when you say you "change you email address", you're only changing the associated domain, right?

[tio-trom]

I am saying I change from tio@domain1.com to tiotrom@domain2.org or whatever else. So it is an entirely new "main" email.

[JimboJoe]

Ah so you're changing the login, that explains the difficulty... I guess this change must be poorly handled by quite many other apps that set the admin user during the installation. I guess it could be worked around with an app hook, but it needs some thoughts...

[tio-trom]

It is a bit of an uncomfortable situation since I cannot change my main admin email now, and then login to my Discourse admin....isn't there a way to deactivate LDAP altogether and keep my admin as is, and login normally?

[JimboJoe]

Understood... I'm no expert in Discourse (and not even user as of now), so it's quite difficult to bring immediate support. You could try some things:

cd /var/www/discourse
sudo -i -u discourse RAILS_ENV=production bin/rake --tasks

There are commands accessibles through CLI: you could create another admin user (admin:create), or rename your user (users:rename).

Hope it helps...

[tio-trom]

Thank you!

[tio-trom]

@yalh76 so you fixed this issue in the upcoming release?

[yalh76]

no, but does not seems an issue... sounds like normal way. ldap authentication use email to lookup

https://github.com/jonmbake/discourse-ldap-auth/blob/84635b1c352b2145b8e6074d94047f1e2020dcbc/config/settings.yml#L6-L7

so if you change the email, for the system it's a new user

The readme explain how to switch to username if you prefer

[tio-trom]

Ok but then why can't I login with the email address and password, without LDAP, and still work?

[yalh76]

because the user you created is authenticate on LDAP, if you deactivate LDAP, the user can't be authenticated.

[tio-trom]

Ok. Will look more into it, thanks.

[tio-trom]

Now I moved my discord to a new server and restored my users and discourse. Fully. Same users, same domains, all of that. If I login via LDAP with the same credentials I am redirected to a "testuser" but not my admin user. I am deeply confused how this works. I try to keep on digging but I am not sure how to "recover" my admin user....