Version 2.4.0.beta7 Broken ldap Account Creation

Hi,

I have recently updated to version 2.4.0.beta7 and it seems when users try to login via ldap to auto create an account for first time it doesn’t work.

The username and password box just go blank however I have managed to trick it into creating the account by putting in a non existent username and clicking the login button at top right on the error authenticating user page.

I suspect it may be the ldap plugin not having been updated for a year, I use GitHub - jonmbake/discourse-ldap-auth: Discourse plugin to enable LDAP/Active Directory authentication.

Has this been replaced by any other recently updated ldap method or is this likely to get fixed?

Thanks,
Jessica

I was struggling with the same issue, have the same discourse version. I gave it another try and now it is working for me. I probably had some wrong settings in the plugin configuration.

  1. Create user in LDAP
  2. Visit login page in discourse
  3. click on “Login with LDAP”
  4. enter credentials set in LDAP
  5. A prompt is shown to “create a new user account”. The email address from LDAP is set in the first input, I can change the “Name”, which is filled with the name (full name, not username) set in LDAP
  6. Due to my settings I have to confirm the newly created user account. Afterwards I can log in with that user account, but only via “Login with LDAP”, not the normal login form
  7. I change the password within discourse
  8. I can log in via the normal login form with the username and the new password. I can log in via the LDAP login with the username and the OLD password

In my opinion this is very unintuitive. I was hoping for a seemless user integration, the user should not need to have the knowledge where his user account comes from. I will have users that should be able to use the same username and password for several applications (discourse, nextcloud, …) and be able to change it. That said, I cannot disable normal login as I also want foreign users to be able to create a user account in discourse.

LDAP integration is done very nicely in nextcloud where only a single login form exists. When logging in, LDAP is checked for a user on the fly but you can also have native nextcloud users. Per default, users from LDAP cannot change their password within nextcloud. It can be enabled, nextcloud seems to require a TLS connection to LDAP but then changes the password right inside LDAP, not inside a cloned version of the user account. I wonder if that is even possible with the login management done in discourse. Any advice on this?

Maybe it helps tagging @jonmbake here :slight_smile:

This is a third party plugin, we can’t really help you here. Please don’t tag people.

See:

1 Like

Thanks for the advice. Are there any plans to officially support LDAP integration? I know there is a SSO integration but this one is not compatible with LDAP (which is widely supported as far as I know). Or am I wrong? (Sorry if this is now off topic)

I updated again yesterday and the issue seems to be resolved.

Thanks

1 Like