how can i login with uid or email ?

[darellwu]

The default configuration is to log in with dn，for example: cn=admin,dc=example,dc=com.

but i want to login with uid or email. How can I configure it?

3q.

[OndrejHome]

Hi @darellwu,

You can change the attribute by which the users log in in login->attr variable of PHPLDAPADMIN_LDAP_HOSTS. For example command below will use the uid attribute to login instead of DN

  docker run --env PHPLDAPADMIN_LDAP_HOSTS="#PYTHON2BASH:[{'ldap.example.org': [{'server': [{'tls': True}]},{'login': [{'attr': 'uid'}]}]}]" --detach osixia/phpldapadmin:0.9.0

You can check the phpLDAPAdmin documentation on Server definitions for additional options that can be added/changed.

[shanehughes1990]

I for the life of my cannot get this to work, this is the relative docker-compose chunk with sensitive info redacted, Ive only been able to login with the DN of any user.

  ldapadmin:
    container_name: $STACK-admin
    image: osixia/phpldapadmin
    restart: always
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
    environment:
      VIRTUAL_PORT: 80
      VIRTUAL_HOST: $PHPLDAPADMIN.$LDAP.$DOMAIN
      LETSENCRYPT_HOST: $PHPLDAPADMIN.$LDAP.$DOMAIN
      PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap.example.com': [{'server': [{'tls': True}]},{'login': [{'attr': 'uid'}]}]}]"
      PHPLDAPADMIN_HTTPS: "false"
    networks:
      - ext_net
      - int_net

[shanehughes1990]

I still cannot figure this out, if someone would be able to point me in the right direction here is the complete compose file, Please note I have tried both:

tls: True port: 636
tls: False port: 389

I have also tried wrapping PYTHON2BASH in single quotes and '#PYTHON2BASH:[{"openldap": etc etc}]' And trying it the way suggested above with wrapped in double quotes "PYTHON2BASH:[{'openldap': etc etc}]"

I can however login with DN of any user ie:

This is my ldap dn layout
cn=admin,dc=ldap,dc=example,dc=com
uid=user,ou=people,dc=ldap,dc=example,dc=com

version: '3.8'
services:
  openldap:
    container_name: $STACK-ldap
    image: osixia/openldap:1.4.0
    restart: always
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
    hostname: $LDAP_DOMAIN
    domainname: $DOMAIN
    tty: true
    stdin_open: true
    ports:
      - 389:389
      - 636:636
    environment:
      LDAP_LOG_LEVEL: "256"
      LDAP_ORGANISATION: $LDAP_ORGANISATION_NAME
      LDAP_DOMAIN: $LDAP_DOMAIN.$DOMAIN
      LDAP_ADMIN_PASSWORD: $LDAP_ADMIN_PASSWORD
      LDAP_CONFIG_PASSWORD: $LDAP_CONFIG_PASSWORD
      LDAP_READONLY_USER: "true"
      LDAP_READONLY_USER_USERNAME: "bind"
      LDAP_READONLY_USER_PASSWORD: $LDAP_READONLY_USER_PASSWORD
      LDAP_RFC2307BIS_SCHEMA: "true"
      LDAP_BACKEND: "mdb"
      LDAP_TLS: "true"
      LDAP_TLS_CRT_FILENAME: "ldap.crt"
      LDAP_TLS_KEY_FILENAME: "ldap.key"
      LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
      LDAP_TLS_ENFORCE: "false"
      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
      LDAP_TLS_VERIFY_CLIENT: "demand"
      LDAP_REPLICATION: "false"
      KEEP_EXISTING_CONFIG: "false"
      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
      LDAP_SSL_HELPER_PREFIX: "ldap"
    volumes:
      - $APPDATA/$STACK/openldap/config:/etc/ldap/slapd.d
      - $APPDATA/$STACK/openldap/data:/var/lib/ldap
    networks:
      - int_net

  phpldapadmin:
    container_name: $STACK-admin
    image: osixia/phpldapadmin:latest
    restart: always
    labels:
      # - "traefik.enable=false"
      # - "traefik.http.routers.$STACK-phpldapadmin.rule=Host(`$LDAP_ADMIN_DOMAIN.$DOMAIN`)"
      # - "traefik.http.routers.$STACK-phpldapadmin.entrypoints=websecure"
      # - "traefik.http.routers.$STACK-phpldapadmin.tls.certresolver=mytlschallenge"
      # - "traefik.http.services.$STACK-phpldapadmin.loadbalancer.server.port=443"
      - "com.centurylinklabs.watchtower.enable=true"
    environment:
      VIRTUAL_PORT: 443
      VIRTUAL_HOST: $LDAP_ADMIN_DOMAIN.$LDAP_DOMAIN.$DOMAIN
      VIRTUAL_PROTO: https
      LETSENCRYPT_HOST: $LDAP_ADMIN_DOMAIN.$LDAP_DOMAIN.$DOMAIN
      PHPLDAPADMIN_LDAP_HOSTS: '#PYTHON2BASH:[{"openldap": [{"server": [{"tls": false},{"port": 389}]},{"login": [{"attr": "uid"}]}]}]'
      PHPLDAPADMIN_HTTPS: "true"
      PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
    networks:
      - int_net
      - ext_net

networks:
  int_net:
    external:
      name: internal_network
  ext_net:
    external:
      name: external_network

[ydniw]

any luck?? I have the same problem, need to login using email.

[darellwu]

First create this user on the operating system（for example：adduser shell command），

then I think it is ok.

At 2020-12-10 19:47:44, "windyhen" notifications@github.com wrote:

any luck?? I have the same problem, need to login using email.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[d-bourdon]

Hi, for the people like me who search a full answer:

• you need to set the login attribute like said before
• But, you need also to set a bind user like explain on the documentation:

When this value (login:attr) is not dn, PLA will perform an anonymous bind to the LDAP server to find the DN, whose value is found by this attribute id (and the attribute value the user provided on the login form). http://phpldapadmin.sourceforge.net/wiki/index.php/Server:login:attr

So if you are not allowing anonymous to query user, as it is by default in osixia/docker-openldap, it will not work. You need to define a bind_id and a bind_pass that will be used to search the value. Think to add fallback_dn, or you will be unable to login as a cn=admin

Here a full server config that was working for me:

 phpldapadmin:
    image: osixia/phpldapadmin:stable
    container_name: phpldapadmin
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap.example.org': [{'server': [{'port': 0}]}, {'login': [{'bind_id': 'cn=admin,dc=example,dc=org'}, {'bind_pass': 'ADMIN_PASS'}, {'attr': 'uid'}, {'fallback_dn': True}]}]}]"
      PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: "ca_server.pem"
      PHPLDAPADMIN_HTTPS: "false" # behind a reverse proxy
    volumes:
      - ./ca_server.pem:/container/service/ldap-client/assets/certs/ca_server.pem