New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support applications that verify the password themselves #53
Comments
I have plans to connect my nextcloud install to my glauth instance, so I'll look into this! One way or another, I'll do what I need to for it to work with NextCloud. |
Confirmed that NextCloud is stalling out on authentication. Will be hopefully digging into this more soon. edit: This was due to a minor misconfiguration on my end - NC is now working with GLAuth as-is. @jcgruenhage could you provide more info on ldap queries returning hashed passwords? In the LDAP experience I have (which I will admit is not as deep as I'd like but growing), I have not seen this, and auth is typically accomplished on the server via bind. |
Huh? Maybe I've completely misinterpreted what I've read (docs/logs).. I need to check my config then |
Closing this - feel free to reopen if you have issues or you find another good example which could make the case for this feature. I'd really rather not expose the password hashes. |
It's pretty likely that I misunderstood something somewhere. Sadly I haven't had the time to investigate more why my Nextcloud isn't working, I'll update this once I've gotten further.. |
No worries! Thanks for using glauth! |
Well thanks for writing it! |
Not sure if this is related, but it seems like GLAuth does not support password checks using LDAP's I'm using GLAuth for integration tests because it's really simple to get up and running. I thought I'd add my 50 cents, since:
Checking with Anyway, just thought I'd add this comment to the discussion. I can easily mock this out on my side, so it's not a feature I need. |
Some applications don't try to connect to the ldap server as the user it's trying to authenticate but look for the password in the result they get and calculate/compare the hash itself. As far as I can tell, glauth does not give those applications enough data to finish authentication.
Right now I only know of nextcloud that is acting this way, but I'm sure there are more things out there doing the same.
Possibly related to #3, because I don't think any other ldap implementation out there uses plain sha256.
The text was updated successfully, but these errors were encountered: