Closed xet7 closed 5 years ago
Akuket
commented
5 years ago There is an error in the doc for the docker-compose.yml
Can you copy here the result of the log with that?
DrGraypFroot
commented
5 years ago Hi @Akuket & @xet7 I don't get any errors using this syntax, but:
The full name is still not mapped...
[INFO] Init LDAP login "xyz"
[INFO] Init setup
[INFO] Connecting "ldap://xxxx:389"
[DEBUG] connectionOptions{ url: 'ldap://xxxx:389',
timeout: 10000,
connectTimeout: 10000,
idleTimeout: 10000,
reconnect: true,
log:
Logger {
domain: null,
_events: {},
_eventsCount: 0,
_maxListeners: undefined,
_level: 30,
streams: [ [Object] ],
serializers: null,
src: false,
fields:
{ name: 'ldapjs',
component: 'client',
hostname: '162d2e23e12e',
pid: 1 } } }
[INFO] LDAP connected
[INFO] Binding UserDN "cn=admin,ou=admin,ou=prod,dc=...,dc=..."
[INFO] Searching user "xyz"
[DEBUG] searchOptions {
"filter": "(&(sAMAccountName=xyz))",
"scope": "sub",
"sizeLimit": 0
}
[DEBUG] BaseDN "ou=prod,dc=...,dc=..."
[INFO] Search result count 1
[INFO] Authenticating "CN=xyz,OU=Users,DC=...,DC=..."
[INFO] Authenticated "CN=xyz,OU=Users,DC=...,DC=..."
[DEBUG] Identifying user with: sAMAccountName
[INFO] Querying user
[DEBUG] userQuery {
"services.ldap.id": "656875"
}
[DEBUG] userQuery {
"username": "xyz"
}
[INFO] User does not exist, creating "xyz"
[DEBUG] Identifying user with: sAMAccountName
[DEBUG] Mapping field cn -> name
[DEBUG] user.name changed to: xyz
[DEBUG] Mapping field mail -> email
[DEBUG] Identifying user with: sAMAccountName
[DEBUG] New user data {
"username": "xyz",
"email": "xyz@xyz.com"
}
[INFO] Syncing user data
[DEBUG] user {
"email": "xyz@xyz.com",
"_id": "mYfhPqfgEABzt2942"
}
[INFO] Idle
[INFO] Disconecting
[INFO] Closed
Normally this is no longer caused by my changes. See with @maximest-pierre he may know more?
maximest-pierre
commented
5 years ago I have no idea what can cause this to be honest. I am looking at my LDAP directory at work and our CN are the username and not the full name.
DrGraypFroot
commented
5 years ago I've tried it with specifying LDAP_SYNC_USER_DATA_FIELDMAP={"displayName":"name"} but still, the Full Name in Wekan remains completely empty... Also exchanged "name" with "fullname", as that's what it is shown as in the MongoDB..
I manually added the Full Name in the GUI User administration section, this is what the user looks like in the DB:
{
"_id" : "8na9XRWd9HSq7WCzL",
"createdAt" : ISODate("2018-10-30T16:06:43.194Z"),
"services" : {
"ldap" : {
"id" : "656875"
},
"resume" : {
"loginTokens" : [
{
"when" : ISODate("2018-10-30T16:06:43.222Z"),
"hashedToken" : "7H/iQFP9a4+p0uKTZwoMEwW7uWqLwMa6sxd3CUJH96k="
}
]
}
},
"username" : "ltv",
"emails" : [
{
"address" : "linus.torvalds@microsoft.com",
"verified" : true
}
],
"isAdmin" : true,
"profile" : {
"boardView" : "board-view-lists",
"fullname" : "Linus Torvalds"
},
"authenticationMethod" : "ldap",
"loginDisabled" : false
}Maybe the FIELDMAP Var needs to specify that "fullname" is a child of "profile"? Just a wild guess though..
maximest-pierre
commented
5 years ago I am going to check it out when I have the time. I will open a new issue with a reference to this one on wekan_ldap since this is clearly a wekan_ldap issue.
xet7
commented
5 years ago Moved to here from #15
From @jolentes
Server Setup Information:
Problem description: LDAP authentication is configured and works. On a fresh DB and Wekan container started with docker-compose the user can login. The user account is created. Email address is synched. The full name stayes empty! I tried to upload a screenshot but I was not able to.
I tried both settings for the mapping: LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mailPrimaryAddress":"email"} LDAP_SYNC_USER_DATA_FIELDMAP={\"cn\":\"name\", \"mailPrimaryAddress\":\"email\"}
Log output on docker show this: wekan-app | [INFO] User does not exist, creating "firstname.lastname" wekan-app | [DEBUG] Identifying user with: uid wekan-app | [DEBUG] Mapping field cn -> name wekan-app | [DEBUG] user.name changed to: Firstname Lastname wekan-app | [DEBUG] Mapping field mailPrimaryAddress -> email wekan-app | [DEBUG] Identifying user with: uid wekan-app | [DEBUG] New user data { wekan-app | "username": "firstname.lastname", wekan-app | "email": "firstname.lastname@example.com" wekan-app | } wekan-app | [INFO] Syncing user data wekan-app | [DEBUG] user { wekan-app | "email": "firstname.lastname@example.com", wekan-app | "_id": "MJgtrqoRmNXfTzfHy" wekan-app | } wekan-app | [INFO] Idle wekan-app | [INFO] Disconecting wekan-app | [INFO] Closed
I even tried: LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"fullname", "mailPrimaryAddress":"email"} But then I get a debug message that the field fullname is not whitelisted.
How can the fullname be synced from LDAP? Is there a list of user attributes documented that are availble for sync?
xet7
commented
5 years ago Moved to here from #12
From @vincowl
I am successfully using edge branch with LDAP. This is a great great work ! To push it a bit further, it would be great to have a way to map full name, is admin flag and avatar picture to LDAP fields.
alkemyst
commented
5 years ago Hello, everyone. I think I've got an idea on how to do this (provided that mapping an ldap field to the "fullname" property of the user does not pose any security threat. Nevertheless I have a different problem: I am using an openshift server and compose to load the software and I have no idea where the code is actually pulled from! Is there any simple way for me to edit the code that is running on an instance and test my patch? If so, I would be glad to contribute with a PR (at least for the fullname part).
xet7
commented
5 years ago @alkemyst
Simplest way is that you just add PR, and I will make new docker image tag for you, that you can try in OpenShift.
xet7
commented
5 years ago @alkemyst
You can add PR to edge branch
alkemyst
commented
5 years ago Thanks for the help offer. Actually I need first a way to debug the code... can I do that on an openshift installation? Or should I install a local version to play with first (snap?).
xet7
commented
5 years ago @alkemyst
For developing you can Build from Source.
alkemyst
commented
5 years ago I just have one more question: I forked wekan, now I want to compile it using wekan-ldap. How can I do that? Should I git clone wekan-ldap somewhere inside wekan?
Sorry for my ignorance :-)
xet7
commented
5 years ago @alkemyst
git clone git@github.com:alkemyst/wekan.git
cd wekan
./releases/rebuild-wekan.shcd wekan
meteor --port 4000@alkemyst
It's not ignorance. Wekan info is all over the place, and wiki sometimes outdated, so you make fastest progress, when you ask any questions you have in mind immediately. See for example this blog post about what one newbie did.
xet7
commented
5 years ago Please test is this now fixed.
sudo snap refresh wekan --beta --amendIf this then works with Fullname, I will release it to stable.
You can later change back to stable with:
sudo snap refresh wekan --stable --amendUse this image in docker-compose.yml:
image: quay.io/wekan/wekan:v1.74.1Fix is from this PR: https://github.com/wekan/wekan-ldap/pull/18
alkemyst
commented
5 years ago I tested the image v1.74.1 and it works as intended.
xet7
commented
5 years ago @alkemyst
Thanks for testing! I'll push it to everyone.
Mystikal57
commented
5 years ago Hello, It doesn't work for me... fullname is blank avec account creation from ldap: Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] userQuery { Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: "username": "xusername" Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: } Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [INFO] User does not exist, creating "xusername" Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] Identifying user with: sAMAccountName Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] Mapping field cn -> name Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] user.name changed to: X NAME Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] Mapping field mail -> email Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] Identifying user with: sAMAccountName Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] New user data { Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: "email": "xusername@domain.com" Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: } Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [INFO] Syncing user data Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] user { Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: "email": "xusername@domain.com", Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: "_id": "d5ze2FGNpdvgRWjxu" Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: }
alkemyst
commented
5 years ago Hi @Mystikal57 you should be first sure to be able to connect to your LDAP server. I posted some suggestions here: https://github.com/wekan/wekan-ldap/issues/14 Please let me know if this does not work for you.
Mystikal57
commented
5 years ago Hi, yes connection work, i'm able to connect with my ldap credentials
alkemyst
commented
5 years ago Did you test the syntax with ldapsearch and ldapwhoami as described in #14?
Mystikal57
commented
5 years ago Yes, i get all properties of my user with ldapsearch
I got this report from Stanalone Wekan Docker user:
Today I've been trying to map CN to Fullname:
However, if I use the line as mentioned in the example (above) the login doesn't work anymore and the following is displayed in the log:
The only way I don't get that error is if I leave out all the backslashes, eg:
but the Name doesn't get mapped.
@Akuket Can you look at this?