Open tromlet opened 3 years ago
Hello, I was about to open an issue for this problem as well, here is my log :
[INFO] TLS connected
[INFO] Binding UserDN "cn=readonly,dc=mydom"
[INFO] Searching user "myuser"
[DEBUG] searchOptions {
"filter": "(&(&(|(objectclass=inetOrgPerson))(|(memberof=cn=wekan,ou=groups,dc=mydom)))(uid=myuser))",
"scope": "sub",
"sizeLimit": 0
}
[DEBUG] BaseDN "ou=users,dc=mydom"
[INFO] Search result count 1
[INFO] Authenticating "cn=myuser,ou=users,dc=mydom"
[INFO] Authenticated "cn=myuser,ou=users,dc=mydom"
[DEBUG] Identifying user with: uid
[INFO] Querying user
[DEBUG] userQuery {
"services.ldap.id": "616c62616e2e65737069656775696c6c6f6e"
}
[INFO] Logging user
[DEBUG] Updating admin status
Exception while invoking method 'login' TypeError: ldap.getUserGroups(...).filter is not a function
at MethodInvocation.<anonymous> (packages/wekan-ldap/server/loginHandler.js:185:61)
at packages/accounts-base/accounts_server.js:487:31
at tryLoginMethod (packages/accounts-base/accounts_server.js:1329:14)
at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:485:22)
at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:545:31)
at packages/check/match.js:118:15
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._failIfArgumentsAreNotAllChecked (packages/check/match.js:116:43)
at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1768:18)
at packages/ddp-server/livedata_server.js:719:19
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at packages/ddp-server/livedata_server.js:717:46
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at packages/ddp-server/livedata_server.js:715:46
at new Promise (<anonymous>)
at Session.method (packages/ddp-server/livedata_server.js:689:23)
at packages/ddp-server/livedata_server.js:559:43
[INFO] Idle
[INFO] Disconecting
[INFO] Closed
(node:1) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
And related LDAP variables :
LDAP_LOG_ENABLED: 'true'
LDAP_ENABLE: 'true'
LDAP_PORT: '389'
LDAP_HOST: 'ldap.mydom.com'
LDAP_ENCRYPTION: 'tls'
LDAP_BASEDN: 'ou=users,dc=mydom'
LDAP_LOGIN_FALLBACK: 'false'
LDAP_RECONNECT: 'true'
LDAP_AUTHENTIFICATION: 'true'
LDAP_AUTHENTIFICATION_USERDN: 'cn=readonly,dc=mydom'
LDAP_AUTHENTIFICATION_PASSWORD: 'pwd'
LDAP_BACKGROUND_SYNC: 'true'
LDAP_BACKGROUND_SYNC_INTERVAL: 'every 4 hour'
LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED: 'false'
LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS: 'true'
LDAP_USER_SEARCH_FILTER: '(&(|(objectclass=inetOrgPerson))(|(memberof=cn=wekan,ou=groups,dc=mydom)))'
LDAP_USER_SEARCH_SCOPE: 'sub'
LDAP_USER_SEARCH_FIELD: 'uid'
LDAP_SEARCH_PAGE_SIZE: '0'
LDAP_SEARCH_SIZE_LIMIT: '0'
LDAP_UTF8_NAMES_SLUGIFY: 'true'
LDAP_USERNAME_FIELD: 'uid'
LDAP_FULLNAME_FIELD: 'cn'
LDAP_EMAIL_MATCH_ENABLE: 'true'
LDAP_EMAIL_FIELD: 'mail'
LDAP_EMAIL_MATCH_VERIFIED: 'false'
LDAP_SYNC_USER_DATA: 'true'
LDAP_SYNC_USER_DATA_FIELDMAP: '{"cn":"name", "mail":"email"}'
LDAP_DEFAULT_DOMAIN: 'mydom.com'
LDAP_SYNC_ADMIN_STATUS: 'true'
LDAP_SYNC_ADMIN_GROUPS: 'sysadmins'
There is some LDAP_GROUP_FILTER*
variables that I was not sure about, the documentation is unclear about thoses and I did not used them
The logs are not the same as @tromlet tho
I'm not sure, but looking at openldap logs it seems wekan try to bind with the user I wish to log in wekan with
Idk why... @xet7 ?
5fe1efec conn=2067 op=1 BIND dn="cn=readonly,dc=mydom" method=128
5fe1efec conn=2067 op=1 BIND dn="cn=readonly,dc=mydom" mech=SIMPLE ssf=0
5fe1efec conn=2067 op=1 RESULT tag=97 err=0 text=
5fe1efec conn=2067 op=2 SRCH base="ou=users,dc=mydom" scope=1 deref=0 filter="(&(&(|(objectClass=inetOrgPerson))(|(memberOf=cn=wekan,ou=groups,dc=mydom)))(uid=myuser))"
5fe1efec conn=2067 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
5fe1efec conn=2067 op=3 BIND anonymous mech=implicit ssf=0
5fe1efec conn=2067 op=3 BIND dn="cn=myuser,ou=users,dc=mydom" method=128
5fe1efec conn=2067 op=3 BIND dn="cn=myuser,ou=users,dc=mydom" mech=SIMPLE ssf=0
5fe1efec conn=2067 op=3 RESULT tag=97 err=0 text=
how to turn on the option so that ldap authentication appears in the admin panel?
@veloprofz
https://github.com/wekan/wekan/wiki/LDAP
sudo snap set wekan ldap-enable='true'
https://github.com/wekan/wekan/blob/master/docker-compose.yml#L488
Issue: I am unable to set users in my LDAP "admins" group to be automatically imported into WeKan AS administrators. Also, it kind of looks generally like there is no group functionality at all. For the most part, my LDAP settings ARE working - I can login using my LDAP credentials - I just don't have admin powers when I do (despite
snap set wekan ldap-sync-admin-status='true'
andsnap set wekan ldap-sync-admin-groups='<ADMIN LDAP GROUP>'
). I get some errors in my log, which I've highlighted below:Output of
snap get wekan
:Log output via
journalctl -fu snap.wekan.wekan
: