I was struggling with the same issue, have the same discourse version. I gave it another try and now it is working for me. I probably had some wrong settings in the plugin configuration.
- Create user in LDAP
- Visit login page in discourse
- click on “Login with LDAP”
- enter credentials set in LDAP
- A prompt is shown to “create a new user account”. The email address from LDAP is set in the first input, I can change the “Name”, which is filled with the name (full name, not username) set in LDAP
- Due to my settings I have to confirm the newly created user account. Afterwards I can log in with that user account, but only via “Login with LDAP”, not the normal login form
- I change the password within discourse
- I can log in via the normal login form with the username and the new password. I can log in via the LDAP login with the username and the OLD password
In my opinion this is very unintuitive. I was hoping for a seemless user integration, the user should not need to have the knowledge where his user account comes from. I will have users that should be able to use the same username and password for several applications (discourse, nextcloud, …) and be able to change it. That said, I cannot disable normal login as I also want foreign users to be able to create a user account in discourse.
LDAP integration is done very nicely in nextcloud where only a single login form exists. When logging in, LDAP is checked for a user on the fly but you can also have native nextcloud users. Per default, users from LDAP cannot change their password within nextcloud. It can be enabled, nextcloud seems to require a TLS connection to LDAP but then changes the password right inside LDAP, not inside a cloned version of the user account. I wonder if that is even possible with the login management done in discourse. Any advice on this?
Maybe it helps tagging @jonmbake here