Admin Only Login

[sscholl]

Hello @milux the current version of Rocketchat requires, that an user can login to LDAP directly (exact request provided below). That means i needed to deactivate the admin-only login. See commit c37e75c.

Normal successful Request:

{
  "messageID": 2,
  "protocolOp": "SearchRequest",
  "baseObject": {
    "rdns": [
      {
        "o": "churchtools"
      }
    ],
    "rdnSpaced": false,
    "length": 1
  },
  "scope": "sub",
  "derefAliases": 0,
  "sizeLimit": 100000,
  "timeLimit": 10 ,
  "typesOnly": false,
  "filter": "(&(&(objectclass=ctperson))(|(cn=person@mail.de)(mail=person@mail.de)))",
  "attributes": [],
  "controls": []
}

New RocketChat unsuccessful Request:

{
  "messageID": 4,
  "protocolOp": "SearchRequest",
  "baseObject": {
    "rdns": [
      {
        "cn": "myusername"
      },
      {
        "ou": "users"
      },
      {
        "o": "churchtools"
      }
    ],
    "rdnSpaced": true,
    "length": 3
  },
  "scope": "sub",
  "derefAliases": 0,
  "sizeLimit": 0,
  "timeLimit": 10,
  "typesOnly": false,
  "filter": "(objectclass=*)",
  "attributes": [],
  "controls": []
}

I am not sure, why credentials are limited to root. At least, if LDAP is in a private network. (It is in my case). What do you think about that issue?

Thanks Simon

[sscholl]

any updates on this?

[milux]

Hey @sscholl, if this is still relevant after merging of churchtools/ctldap-ms, could you please create a new PR that targets develop (new default branch)? I forgot to set the base branch accordingly when I created this repo, master is reserved for the latest release sources.