Closed xet7 closed 5 years ago
There is an error in the doc for the docker-compose.yml
Can you copy here the result of the log with that?
Hi @Akuket & @xet7 I don't get any errors using this syntax, but:
The full name is still not mapped...
[INFO] Init LDAP login "xyz"
[INFO] Init setup
[INFO] Connecting "ldap://xxxx:389"
[DEBUG] connectionOptions{ url: 'ldap://xxxx:389',
timeout: 10000,
connectTimeout: 10000,
idleTimeout: 10000,
reconnect: true,
log:
Logger {
domain: null,
_events: {},
_eventsCount: 0,
_maxListeners: undefined,
_level: 30,
streams: [ [Object] ],
serializers: null,
src: false,
fields:
{ name: 'ldapjs',
component: 'client',
hostname: '162d2e23e12e',
pid: 1 } } }
[INFO] LDAP connected
[INFO] Binding UserDN "cn=admin,ou=admin,ou=prod,dc=...,dc=..."
[INFO] Searching user "xyz"
[DEBUG] searchOptions {
"filter": "(&(sAMAccountName=xyz))",
"scope": "sub",
"sizeLimit": 0
}
[DEBUG] BaseDN "ou=prod,dc=...,dc=..."
[INFO] Search result count 1
[INFO] Authenticating "CN=xyz,OU=Users,DC=...,DC=..."
[INFO] Authenticated "CN=xyz,OU=Users,DC=...,DC=..."
[DEBUG] Identifying user with: sAMAccountName
[INFO] Querying user
[DEBUG] userQuery {
"services.ldap.id": "656875"
}
[DEBUG] userQuery {
"username": "xyz"
}
[INFO] User does not exist, creating "xyz"
[DEBUG] Identifying user with: sAMAccountName
[DEBUG] Mapping field cn -> name
[DEBUG] user.name changed to: xyz
[DEBUG] Mapping field mail -> email
[DEBUG] Identifying user with: sAMAccountName
[DEBUG] New user data {
"username": "xyz",
"email": "xyz@xyz.com"
}
[INFO] Syncing user data
[DEBUG] user {
"email": "xyz@xyz.com",
"_id": "mYfhPqfgEABzt2942"
}
[INFO] Idle
[INFO] Disconecting
[INFO] Closed
Normally this is no longer caused by my changes. See with @maximest-pierre he may know more?
I have no idea what can cause this to be honest. I am looking at my LDAP directory at work and our CN are the username and not the full name.
I've tried it with specifying LDAP_SYNC_USER_DATA_FIELDMAP={"displayName":"name"} but still, the Full Name in Wekan remains completely empty... Also exchanged "name" with "fullname", as that's what it is shown as in the MongoDB..
I manually added the Full Name in the GUI User administration section, this is what the user looks like in the DB:
{
"_id" : "8na9XRWd9HSq7WCzL",
"createdAt" : ISODate("2018-10-30T16:06:43.194Z"),
"services" : {
"ldap" : {
"id" : "656875"
},
"resume" : {
"loginTokens" : [
{
"when" : ISODate("2018-10-30T16:06:43.222Z"),
"hashedToken" : "7H/iQFP9a4+p0uKTZwoMEwW7uWqLwMa6sxd3CUJH96k="
}
]
}
},
"username" : "ltv",
"emails" : [
{
"address" : "linus.torvalds@microsoft.com",
"verified" : true
}
],
"isAdmin" : true,
"profile" : {
"boardView" : "board-view-lists",
"fullname" : "Linus Torvalds"
},
"authenticationMethod" : "ldap",
"loginDisabled" : false
}
Maybe the FIELDMAP Var needs to specify that "fullname" is a child of "profile"? Just a wild guess though..
I am going to check it out when I have the time. I will open a new issue with a reference to this one on wekan_ldap since this is clearly a wekan_ldap issue.
Moved to here from #15
From @jolentes
Server Setup Information:
Problem description: LDAP authentication is configured and works. On a fresh DB and Wekan container started with docker-compose the user can login. The user account is created. Email address is synched. The full name stayes empty! I tried to upload a screenshot but I was not able to.
I tried both settings for the mapping: LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mailPrimaryAddress":"email"} LDAP_SYNC_USER_DATA_FIELDMAP={\"cn\":\"name\", \"mailPrimaryAddress\":\"email\"}
Log output on docker show this: wekan-app | [INFO] User does not exist, creating "firstname.lastname" wekan-app | [DEBUG] Identifying user with: uid wekan-app | [DEBUG] Mapping field cn -> name wekan-app | [DEBUG] user.name changed to: Firstname Lastname wekan-app | [DEBUG] Mapping field mailPrimaryAddress -> email wekan-app | [DEBUG] Identifying user with: uid wekan-app | [DEBUG] New user data { wekan-app | "username": "firstname.lastname", wekan-app | "email": "firstname.lastname@example.com" wekan-app | } wekan-app | [INFO] Syncing user data wekan-app | [DEBUG] user { wekan-app | "email": "firstname.lastname@example.com", wekan-app | "_id": "MJgtrqoRmNXfTzfHy" wekan-app | } wekan-app | [INFO] Idle wekan-app | [INFO] Disconecting wekan-app | [INFO] Closed
I even tried: LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"fullname", "mailPrimaryAddress":"email"} But then I get a debug message that the field fullname is not whitelisted.
How can the fullname be synced from LDAP? Is there a list of user attributes documented that are availble for sync?
Moved to here from #12
From @vincowl
I am successfully using edge branch with LDAP. This is a great great work ! To push it a bit further, it would be great to have a way to map full name, is admin flag and avatar picture to LDAP fields.
Hello, everyone. I think I've got an idea on how to do this (provided that mapping an ldap field to the "fullname" property of the user does not pose any security threat. Nevertheless I have a different problem: I am using an openshift server and compose to load the software and I have no idea where the code is actually pulled from! Is there any simple way for me to edit the code that is running on an instance and test my patch? If so, I would be glad to contribute with a PR (at least for the fullname part).
@alkemyst
Simplest way is that you just add PR, and I will make new docker image tag for you, that you can try in OpenShift.
@alkemyst
You can add PR to edge branch
Thanks for the help offer. Actually I need first a way to debug the code... can I do that on an openshift installation? Or should I install a local version to play with first (snap?).
@alkemyst
For developing you can Build from Source.
I just have one more question: I forked wekan, now I want to compile it using wekan-ldap. How can I do that? Should I git clone wekan-ldap somewhere inside wekan?
Sorry for my ignorance :-)
@alkemyst
git clone git@github.com:alkemyst/wekan.git
cd wekan
./releases/rebuild-wekan.sh
cd wekan
meteor --port 4000
@alkemyst
It's not ignorance. Wekan info is all over the place, and wiki sometimes outdated, so you make fastest progress, when you ask any questions you have in mind immediately. See for example this blog post about what one newbie did.
Please test is this now fixed.
sudo snap refresh wekan --beta --amend
If this then works with Fullname, I will release it to stable.
You can later change back to stable with:
sudo snap refresh wekan --stable --amend
Use this image in docker-compose.yml:
image: quay.io/wekan/wekan:v1.74.1
Fix is from this PR: https://github.com/wekan/wekan-ldap/pull/18
I tested the image v1.74.1 and it works as intended.
@alkemyst
Thanks for testing! I'll push it to everyone.
Hello, It doesn't work for me... fullname is blank avec account creation from ldap: Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] userQuery { Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: "username": "xusername" Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: } Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [INFO] User does not exist, creating "xusername" Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] Identifying user with: sAMAccountName Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] Mapping field cn -> name Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] user.name changed to: X NAME Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] Mapping field mail -> email Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] Identifying user with: sAMAccountName Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] New user data { Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: "email": "xusername@domain.com" Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: } Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [INFO] Syncing user data Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: [DEBUG] user { Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: "email": "xusername@domain.com", Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: "_id": "d5ze2FGNpdvgRWjxu" Dec 13 08:46:02 VWEB01 wekan.wekan[66812]: }
Hi @Mystikal57 you should be first sure to be able to connect to your LDAP server. I posted some suggestions here: https://github.com/wekan/wekan-ldap/issues/14 Please let me know if this does not work for you.
Hi, yes connection work, i'm able to connect with my ldap credentials
Did you test the syntax with ldapsearch and ldapwhoami as described in #14?
Yes, i get all properties of my user with ldapsearch
I got this report from Stanalone Wekan Docker user:
Today I've been trying to map CN to Fullname:
However, if I use the line as mentioned in the example (above) the login doesn't work anymore and the following is displayed in the log:
The only way I don't get that error is if I leave out all the backslashes, eg:
but the Name doesn't get mapped.
@Akuket Can you look at this?