LDAP Configuration Error

[alyfilipe]

Question Hello. We are having difficulty configuring LDAP. We added all the necessary fields and received the error message below when trying to login:

insert into "users" ("createdAt", "email", "isActive", "isSystem", "isVerified", "localeCode", "name", "pictureUrl", "providerId", "providerKey", "tfaIsActive", "updatedAt") values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) returning "id" - invalid byte sequence for encoding "UTF8": 0x00

LDAP Debug is enable and self-registration too.

Host Info OS: [Docker] Wiki.js version: [2.4.107] Database engine: [postgres:11-alpine] LDAP: FreeIPA

Active Configurations:

LDAP URL ldap://x-x-x-x:389 ​ Admin Bind DN uid=xxxxx,cn=users,cn=accounts,dc=xxxx,dc=local ​ Admin Bind Credentials x-x-x-x ​ Search Base cn=users,cn=accounts,dc=xxxx,dc=local ​ Search Filter (uid={{username}}) ​ Unique ID Field Mapping uid ​ Email Field Mapping mail ​ Display Name Field Mapping cn ​ Avatar Picture Field Mapping jpegPhoto

This configuration is functional in many internal systems.

Thanks.

[BuhtigithuB]

I had difficulty with ldap vs ldapS at first when I try you might make sure you didn't try to authenticate to 389 with ldapS and 636 with ldap... There is also the check box for TLS and for cert TLS to uncheck in case of 389 (ldap)...

Then make sure you user "uid" AD field and not "sAMAccountName"... You seems to user FreeIPA, don't know it and how well support it is...

Finally, I didn't get LDAP authentication working with TLS/LDAPS/636 no verification, yet and I try rely hard...

[alyfilipe]

I can't use ldaps. He complains about the self-signed certificate -> "warn: LDAP LOGIN ERROR (c1): self signed certificate in certificate chain"

And using ldap on port 389, it seems to work, but some field goes empty for the bank and gives the mentioned error -> warn: LDAP LOGIN ERROR (c2): update "users" set "email" = $1, "name" = $2, "pictureUrl" = $3, "updatedAt" = $4 where "users"."id" = $5 - invalid byte sequence for encoding "UTF8": 0x00

There is no possibility to work without LDAP. So I'm already selling other wiki alternatives, in case wikijs don't work

[rafacouto]

I can confirm the bug reported by @alyfilipe with similar configurations (dockers requarks/wiki:2 and postgres:11) and LDAP / Active Directory authentication module.

Anyway, I think it is not related to LDAP module but the problem seems with postgresql when trying to do auto registration the first time the user is authenticated. I have done a valid installation with mariadb (ldap and ldaps+certificate running OK).

[rafacouto]

Related: #849

[rafacouto]

Confirmed: it is a problem with Postgresql and the Avatar Picture Field Mapping (maybe with any non existent attribute for the user in the LDAP). It is working now after using displayName (existing attribute for that field):

[alyfilipe]

Perfect. Using the informed parameter it worked without problems. I appreciate the help

[rafacouto]

Well, the problem is just a trick to avoid the fatal error. The bug must be arranged to do the avatar picture mapping...

[NGPixel]

@rafacouto See #849

[rafacouto]

@NGPixel Why both issues are closed? It is clearly a bug and it should be solved. The explained trick is a bypass to avoid the error with postgresql and auto-registration with the avatar: the postgresql wikijs layer must manage binaries with avatar field or it must be deactivated with this database engine. Do you prefer to open a new one to treat the bug?

[NGPixel]

@rafacouto Have you actually read the last reply #849 or you just assumed it was closed for no reason?

[rafacouto]

Sorry, your commit was 11 hours ago and this issue was closed 2 days ago... Updated and tested: it allows autoregister with postgresql :+1: