Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't connect throught SSO nor LDAP #84

Open
Coninox opened this issue Dec 10, 2021 · 5 comments
Open

Can't connect throught SSO nor LDAP #84

Coninox opened this issue Dec 10, 2021 · 5 comments

Comments

@Coninox
Copy link

Coninox commented Dec 10, 2021

Describe the bug

Since the update to 12.1.0, I can't login to my Piwigo account anymore.

When I come from SSO, i'm not automatically connected to my account, and the following error message is displayed:

Notice
: Undefined index: ld_forgot_url in
/var/www/piwigo/plugins/Ldap_Login/main.inc.php
on line
97

If I try to connect from piwigo, I've the following error message :

Notice
: Undefined index: ld_host in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
196


Notice
: Undefined index: ld_user_filter in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
298


Notice
: Undefined index: ld_user_class in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
300


Notice
: Undefined index: ld_user_attr in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
300


Notice
: Undefined index: ld_basedn in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
314


Notice
: Undefined index: ld_forgot_url in
/var/www/piwigo/plugins/Ldap_Login/main.inc.php
on line
97

Nom d'utilisateur ou mot de passe invalide !

I have two instances of Piwigo installed on this server, and only one is causing me problems. So maybe there is a dirty thing somewhere in its configuration.
I've tried to deactivate all the plugins excepted "Ldap_Login" and "Log Failed Logins", without success.

Context

  • Hardware: Old laptop
  • YunoHost version: 4.3.4.2

Steps to reproduce

  • Update piwigo throught the webadmin, but I can't reproduce this problem myself on my second instance of piwigo...
@ashemsay
Copy link

I have the same issue, although I suspect it arose when I restored the application (I migrated my yunohost server a few weeks ago).

The workaround I have is to reset my password on piwigo, then I can access my photos but I have to authenticate twice: once through yunohost portal since I set up piwigo to be privately accessible, then through piwigo's interface.

@Coninox
Copy link
Author

Coninox commented Dec 17, 2021
edited
Loading

That could be an interresting temporary solution, but the email adress associated with my piwigo account is not functionnable.
My FAI block the corresponding ports, so I was unable (and uninterrested) to self host my mails.
It seems that piwigo use the same mail address than the yunohost account, but yunohost doesn't allow to select a mail adress from an outside provider (we have to use a domain name managed by Yunohost)

My user is still connected on my phone, so I was thinking to change the mail adress of my piwigo user from here, but I can't find a way to do it. I can see the adress in the Admin panel, but I chan't change it. (anymay, that should be insufficient to allow piwigo to send mails)

So... I'm still stuck.

@ashemsay
Copy link

That could be an interresting temporary solution, but the email adress associated with my piwigo account is not functionnable. My FAI block the corresponding ports, so I was unable (and uninterrested) to self host my mails. It seems that piwigo use the same mail address than the yunohost account, but yunohost doesn't allow to select a mail adress from an outside provider (we have to use a domain name managed by Yunohost)

My user is still connected on my phone, so I was thinking to change the mail adress of my piwigo user from here, but I can't find a way to do it. I can see the adress in the Admin panel, but I chan't change it. (anymay, that should be insufficient to allow piwigo to send mails)

So... I'm still stuck.

You could maybe use webmail at least to get your yunohost domain mails, something like roundcube I think is packaged. That could be a bit much but if you're really stuck...

@Coninox
Copy link
Author

Coninox commented Dec 18, 2021

It can't work either because the domain name filled in my piwigo user is an old domain name from a free service , and I no longer have access to it.

It was my default domain name when I installed Yunohost, since then I have changed my domain name,but I never thought about changing the email adress associated with my user, since I've never used it.

I don't think changing this information in Yunohost will be automatically repercuted in Piwigo.
Maybe I could try to change the adress of my Piwigo user with a SQL request, to change it for an adress with the domain name I actually use, then try to access to my mails with roundcube. But that seems to start to be complicated.

@ashemsay
Copy link

I dug around in the code and saw that there was a debug file /var/www/piwigo/plugins/Ldap_Login/logs/ldap_login.log, I tried a login to see what would show up in the file.

Nothing appeared when I entered my credentials on the YNH SSO page but when I logged in on the piwigo's authentication page I got this:

[2021:12:18 23:38:839374] DEBUG: New LDAP Instance
[2021:12:18 23:38:839540] DEBUG: [function]> login
[2021:12:18 23:38:839602] DEBUG: [function]> ldap_conn
[2021:12:18 23:38:839650] DEBUG: [function]> make_ldap_conn
[2021:12:18 23:38:839699] DEBUG: [make_ldap_conn]> ld_port is 389. Connecting using default protocol
[2021:12:18 23:38:840076] DEBUG: [make_ldap_conn]> connected (LDAP_OPT_PROTOCOL_VERSION 3)
[2021:12:18 23:38:840149] DEBUG: [ldap_conn]> true
[2021:12:18 23:38:840199] DEBUG: [function]> ldap_search_dn
[2021:12:18 23:38:840243] DEBUG: [function]> ldap_search_dn(myusername)
[2021:12:18 23:38:840285] DEBUG: [ldap_search_dn]> Connecting to server
[2021:12:18 23:38:840327] DEBUG: [ldap_search_dn]> make_ldap_bind_as($this->cnx, ,$this->config['ld_bindpw']
[2021:12:18 23:38:840369] DEBUG: [function]> make_ldap_bind_as
[2021:12:18 23:38:840409] DEBUG: [make_ldap_bind_as]> $conn,
[2021:12:18 23:38:841746] DEBUG: [make_ldap_bind_as]> Bind was successfull
[2021:12:18 23:38:841875] DEBUG: [ldap_search_dn]> @ldap_search($this->cnx,ou=users,dc=yunohost,dc=org,(&(&(objectClass=person)(uid=myusername))(cn=*)),array('dn'),0,1)
[2021:12:18 23:38:842656] DEBUG: [ldap_search_dn]> ldap_search successfull
[2021:12:18 23:38:842799] DEBUG: [ldap_search_dn]> RESULT: uid=myusername,ou=users,dc=yunohost,dc=org
[2021:12:18 23:38:842865] DEBUG: [function]> ldap_bind_as
[2021:12:18 23:38:842914] DEBUG: [ldap_bind_as]> uid=myusername,ou=users,dc=yunohost,dc=org
[2021:12:18 23:38:842972] DEBUG: [function]> make_ldap_bind_as
[2021:12:18 23:38:843018] DEBUG: [make_ldap_bind_as]> $conn,uid=myusername,ou=users,dc=yunohost,dc=org
[2021:12:18 23:38:851701] DEBUG: [make_ldap_bind_as]> Bind failed
[2021:12:18 23:38:851763] DEBUG: [ldap_bind_as]> Bind failed
[2021:12:18 23:38:852359] DEBUG: [login]> wrong u/p or no group access

@anythingtodaynet anythingtodaynet mentioned this issue Jan 6, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ashemsay @Coninox