Improving LDAP-Setting-Docs required?

[daMihe]

Currently, the examples are a bit mixed up (maybe some parameters have been renamed) and some doc-strings are missing. However, it was hard for me to set wekan-ldap-settings correctly as description was missing partly or not fully clear. I would share what i've learned in form of some docstrings. Where is the right place for that?

[xet7]

@daMihe

You can add pull request to change these files:

• https://github.com/wekan/wekan/blob/master/docker-compose.yml
• https://github.com/wekan/wekan/blob/master/torodb-postgresql/docker-compose.yml
• https://github.com/wekan/wekan/blob/master/snap-src/bin/config
• https://github.com/wekan/wekan/blob/master/snap-src/bin/wekan-help

Also, if you have any additional improvements to wiki page https://github.com/wekan/wekan/wiki/LDAP you can add them as comments to this issue. I added a link to this issue at top of that wiki page.

[daMihe]

Wekan seems to make the search as the user currently logged in, even if a separate user is used for searching users. This results in the requirement that every authenticated user has to have at least the right to search the ldap tree and to read the wekan-relevant groups.

This is verified using OpenLDAP allowing search to all authenticated users in whole tree and read for corresponding groups.

[daMihe]

Thank you for the fast process of reviewing and merging!

[xet7]

From @daMihe

Wekan seems to make the search as the user currently logged in, even if a separate user is used for searching users. This results in the requirement that every authenticated user has to have at least the right to search the ldap tree and to read the wekan-relevant groups.

This is verified using OpenLDAP allowing search to all authenticated users in whole tree and read for corresponding groups.

If that is incorrect behaviour, you could look at LDAP code https://github.com/wekan/wekan/tree/master/packages/wekan-ldap about can you fix that. I know very little about how LDAP works, or should work.

[daMihe]

Hm - let's say the behavior is a bit... strange. If you know it, it's not so hard to work around. However i'll take a look whether i can do a simple fix these days.