-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hubot wont authenticate agains ldap #58
Comments
|
|
@giray simplest way would be to create a local rocket.chat user instead of using a ldap user it will likely work. |
@geekgonecrazy that doesn't quite work if you enable ldap authentication. I'm not sure on how to create a 'system users' as @Sing-Li has described. |
@giray We need to allow for local user creation with ldap. I think the solution might be to disable ldap add the user then re-enable ldap. I'll try and get one of the guys that worked on the ldap piece to take a look and see what we can do for bots. |
@geekgonecrazy disabling ldap, creating local user and re-enable ldap seems to work |
@giray I know that feels hacky. But glad you at least have it working. |
+1 - I'm logging into the hubot/bot account with the browser/client - but when using hubot docker it just says: |
@RocketChat/core Right now we're using Asteroid Login Method: login: (username, password) =>
@logger.info "Logging In"
# promise returned
return @asteroid.loginWithPassword username, password From: https://github.com/RocketChat/hubot-rocketchat/blob/master/src/rocketchat_driver.coffee#L41 It looks like that method is calling the meteor method
Call found here: https://github.com/mondora/asteroid/blob/master/src/core/login.js#L123 Do we know what the payload should look like for ldap authentication? Or is there another meteor method that needs called instead if its an ldap authentication? |
I think to login with LDAP you should call |
@sampaiodiego ah! So what kind of options would need passed as the 3rd parameter? @teon / @giray: So provided we can make this work. Would you be ok with having to set an environment variable like: But the case still needs to be made.... Should hubot really login with ldap? Or should hubot only ever really log in as a user created specifically for the bot in rocket.chat? We can improve that process to make it easier and we plan to. Can either of you make a case as to why use ldap vs rocket.chat specific user? |
@geekgonecrazy - problem with LDAP auth provider is that when you are trying to change password for a selected user - it tries to edit it in LDAP and not Rocket.Chat as you would expect/or are suggesting. Thus there is no possibility to have local and LDAP accounts in parallel... |
@geekgonecrazy our problem was that once you switch over to ldap, you are not able to get back to the local accounts. I'm fine with not being able to change passwords. LDAP=true as env var would be great. |
@geekgonecrazy - exactly as @giray wrote ;-) you need to know we have LDAP enabled ;-) |
So you would rather have the bot as a user on your ldap server instead of maybe being able to create a local user in like a bot section of the Rocket.Chat config? Maybe a as easy as clicking I just want to make sure LDAP is for sure something that is practical for the bot to be able to do. If it would be better in the long run to go the other route, then we can put more effort there. |
@geekgonecrazy it would be much better if Rocket.Chat would enable LDAP + local accounts - I could have accounts for bots or other people that are not (and will not be) in our company LDAP.. |
@teon this is kind of what I suspected. I used to do some sys admin stuff and I don't think I would have ever wanted to create an ldap user for a bot. Unless.... the bot needed to login to other systems on the network? Is this even feasible? Or would you expect to have to pass the credentials in another way to the bot to connect to that other system? |
@geekgonecrazy you want to have central control of all accounts, that does not mean that you bot "service" accounts is able to log in anywhere else. If you allow local accounts you may loose control / overview of accounts on large sites. |
Guys, please vote for this PR mondora/asteroid#87 |
Can you guys try the hubot-rocketchat@0.0.26 Now you can set the environment variable |
Only works with the branch |
@engelgabriel works! thanks! will hubot-gitsy also work? |
Yes. hubot-gitsy is independent of the adapter (hubot-rocketchat). Closing, verified by @teon. |
I need this fix, but I'm waiting for the release. What do I need to get it working? (please, update the docs)
Am I missing something? |
Rocket.Chat 0.15.0 is released. https://github.com/RocketChat/Rocket.Chat/releases/tag/0.15.0 |
I get the following error
LDAP is on and email verification is off. I tried running
The bot was created on LDAP and was able to authenticate. |
EADDRINUSE means that the port number which listen() tries to bind the server to is already in use. But thats unrelated to the "Unrecognized options for login request". You must be running an old version or Rocket.Chat. Check on your version of https://demo.rocket.chat/api/info to se the version. |
@engelgabriel Ok, thank you. It's working! |
while the bot is able to login via the webinterface
and this is what I capture via tcpdump
The text was updated successfully, but these errors were encountered: