LDAP Login doesn't work since 2.43

[sophieqc]

Hi Team,

When debugging ldap, I use debug mode with environment variables :

• LDAP_LOG_ENABLED=true
• LDAP_INTERNAL_LOG_LEVEL=debug

It worked fine until 2.42, since 2.43 It doesn't anymore, debug and login.

• 2.42 = ok, ldap logins succeed, debug is shown.
• 2.43 = nok, ldap logins fails, no debug is shown, on web interface we got "User has no password set"
• 2.44 = same
• 2.45 = same
• latest = same

Any ideas to provide more logs/infos ?

Thank you

[Daniel-H76]

Same problem here. Upgraded from 2.37 to 2.46 and LDAP login doesn't work anymore...

[xet7]

Please try Wekan v2.47 when building new release is finished, you see Snap version at https://sandcraft.io/wekan and Docker version at https://quay.io/wekan/wekan .

If there is still problems, please add comment to this issue, so I will open this again.

[sophieqc]

Hi @xet7

The issue is still present for me in 2.47.

Nothing in the Wekan logs, and also nothing in my LDAP access log, it seems that the app doesn't even try to contact the server.

Thanks

[Daniel-H76]

Also not working with 2.47 at my site. It seems that the login form only uses password authentication, even if LDAP is selected, When I enter password user credentials and choose LDAP authentication the logjn is successfull even if LDAP fallback is disabled...

[xet7]

I will fix tomorrow when I wake up.

[xet7]

If you really are in a hurry, use Docker wekan with version tag.

[Daniel-H76]

@pcurie Is v2.48 working at your side?

I still have problems: The LDAP communication to the server is working now (I can se a request and the successful response includes the correct user!), but thereafter the "authentication method" drop down disappears and I get a message "Must be logged in". That's all....

[xet7]

@Daniel-H76

I think you have this selected:

Admin Panel / Layout / Display Authentication Method: [_] Yes [X] No

[xet7]

Wekan also has default authentication method setting, but I have not developed or tried that: https://github.com/wekan/wekan/blob/devel/docker-compose.yml#L335-L337

[xet7]

It's also possible to change setting in database with nosqlbooster. Related Docker commands for import/export.

[sophieqc]

@pcurie Is v2.48 working at your side?

I still have problems: The LDAP communication to the server is working now (I can se a request and the successful response includes the correct user!), but thereafter the "authentication method" drop down disappears and I get a message "Must be logged in". That's all....

v2.48 works on my setup, thanks @xet7.

@Daniel-H76 can you provide debug logs from wekan ?

[Daniel-H76]

I think you have this selected: Admin Panel / Layout / Display Authentication Method: [_] Yes [X] No

No, it's not selected!

I tested a little bit further and noticed following behavior: With a fresh v2.48 install the first (!) LDAP login of a new user always works and the authentication method dropdown is visible. If I logout and relogin it sometimes works fine but sometimes I get "Must be logged in" and the "authentication method" dropdown disappears at the same time. If I reload the browser tab, the dropdown reappears!

Therefore I was trying to disable the "authentication method" and set LDAP as default as a workaround:

Admin Panel / Layout / Display Authentication Method: [_] Yes [X] No
snap set wekan default-authentication-method='ldap'
snap set wekan ldap-login-fallback='true'

With this I can successfully login with a dedicated local admin account (fallback) as well with LDAP accounts without need to select the authentication method, but sometimes I still get "Must be logged in" or "User has no password set" errors. It seems the login form is somehow unreliable. Maybe it's related to the new "auto login feature" I noticed in one of the last release notes?