diosmosis
commented
9 years ago Using the mobile app w/ LoginLdap requires that the Always Use LDAP for Authentication setting be unchecked. This is because the mobile app calculates the token auth of a user, it doesn't query Piwik for the token auth in the DB. So the token auth it uses will be different from what is in the DB unless the actual password of a user is stored in Piwik's DB.
There are two ways around this:
- Uncheck Always Use LDAP for Authentication. Users will be able to login via the mobile app, though they'll have to login at least once through the web UI first. You'll have to erase the LDAP users from piwik_user again.
- Create separate users for mobile access (ie, user1, user1-mobile). The user permissions for each user would have to be managed individually.
I think neither of these solutions is ideal for you since you've removed existing user entries, so I'll keep trying to think of another way to solve this.
mattab
lolllpop
Just upgraded to Piwik 2.9.1 and LoginLDAP 3.1.0 (from 2.2.7). For this, I completely re-configured the LDAP config, deleted all accounts (but my master admin) from the piwik_user table and synchronized all accounts via console. For LoginLdap, I have to following setup:
Always Use LDAP for Authentication: yes Synchronize Users After Successful Login: yes Use Web Server Auth: no Generate Random token_auth For New Users: yes
Records in piwik_user have passwords starting with {LDAP}xxx and a new tokens. Within the web app, everything is working fine (thanks!). User and admin accounts can login and have their old authorizations to the websites.
However, login with the iOS MobileApp 2.2 is not possible anymore. It tells me that I should check username and password and have access to at least one website, but credentials and authorizations are correct. Any ideas?
Thanks Martin