Can't connect throught SSO nor LDAP

Question

Can't connect throught SSO nor LDAP

Coninox opened this issue 3 years ago · comments

Describe the bug

Since the update to 12.1.0, I can't login to my Piwigo account anymore.

When I come from SSO, i'm not automatically connected to my account, and the following error message is displayed:

Notice
: Undefined index: ld_forgot_url in
/var/www/piwigo/plugins/Ldap_Login/main.inc.php
on line
97

If I try to connect from piwigo, I've the following error message :

Notice
: Undefined index: ld_host in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
196


Notice
: Undefined index: ld_user_filter in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
298


Notice
: Undefined index: ld_user_class in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
300


Notice
: Undefined index: ld_user_attr in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
300


Notice
: Undefined index: ld_basedn in
/var/www/piwigo/plugins/Ldap_Login/class.ldap.php
on line
314


Notice
: Undefined index: ld_forgot_url in
/var/www/piwigo/plugins/Ldap_Login/main.inc.php
on line
97

Nom d'utilisateur ou mot de passe invalide !

I have two instances of Piwigo installed on this server, and only one is causing me problems. So maybe there is a dirty thing somewhere in its configuration.
I've tried to deactivate all the plugins excepted "Ldap_Login" and "Log Failed Logins", without success.

Context

Hardware: Old laptop
YunoHost version: 4.3.4.2

Steps to reproduce

Update piwigo throught the webadmin, but I can't reproduce this problem myself on my second instance of piwigo...

Lionel Coupouchetty-Ramouchetty · Answer 1 · Fri Dec 17 2021 03:30:52 GMT+0800 (China Standard Time)

I have the same issue, although I suspect it arose when I restored the application (I migrated my yunohost server a few weeks ago).

The workaround I have is to reset my password on piwigo, then I can access my photos but I have to authenticate twice: once through yunohost portal since I set up piwigo to be privately accessible, then through piwigo's interface.

Coninox · Answer 2 · Fri Dec 17 2021 17:11:59 GMT+0800 (China Standard Time)

That could be an interresting temporary solution, but the email adress associated with my piwigo account is not functionnable.
My FAI block the corresponding ports, so I was unable (and uninterrested) to self host my mails.
It seems that piwigo use the same mail address than the yunohost account, but yunohost doesn't allow to select a mail adress from an outside provider (we have to use a domain name managed by Yunohost)

My user is still connected on my phone, so I was thinking to change the mail adress of my piwigo user from here, but I can't find a way to do it. I can see the adress in the Admin panel, but I chan't change it. (anymay, that should be insufficient to allow piwigo to send mails)

So... I'm still stuck.

Lionel Coupouchetty-Ramouchetty · Answer 3 · Sun Dec 19 2021 03:27:33 GMT+0800 (China Standard Time)

That could be an interresting temporary solution, but the email adress associated with my piwigo account is not functionnable. My FAI block the corresponding ports, so I was unable (and uninterrested) to self host my mails. It seems that piwigo use the same mail address than the yunohost account, but yunohost doesn't allow to select a mail adress from an outside provider (we have to use a domain name managed by Yunohost)

My user is still connected on my phone, so I was thinking to change the mail adress of my piwigo user from here, but I can't find a way to do it. I can see the adress in the Admin panel, but I chan't change it. (anymay, that should be insufficient to allow piwigo to send mails)

So... I'm still stuck.

You could maybe use webmail at least to get your yunohost domain mails, something like roundcube I think is packaged. That could be a bit much but if you're really stuck...

Coninox · Answer 4 · Sun Dec 19 2021 04:55:07 GMT+0800 (China Standard Time)

It can't work either because the domain name filled in my piwigo user is an old domain name from a free service , and I no longer have access to it.

It was my default domain name when I installed Yunohost, since then I have changed my domain name,but I never thought about changing the email adress associated with my user, since I've never used it.

I don't think changing this information in Yunohost will be automatically repercuted in Piwigo.
Maybe I could try to change the adress of my Piwigo user with a SQL request, to change it for an adress with the domain name I actually use, then try to access to my mails with roundcube. But that seems to start to be complicated.

Lionel Coupouchetty-Ramouchetty · Answer 5 · Sun Dec 19 2021 06:46:28 GMT+0800 (China Standard Time)

I dug around in the code and saw that there was a debug file /var/www/piwigo/plugins/Ldap_Login/logs/ldap_login.log, I tried a login to see what would show up in the file.

Nothing appeared when I entered my credentials on the YNH SSO page but when I logged in on the piwigo's authentication page I got this:

[2021:12:18 23:38:839374] DEBUG: New LDAP Instance
[2021:12:18 23:38:839540] DEBUG: [function]> login
[2021:12:18 23:38:839602] DEBUG: [function]> ldap_conn
[2021:12:18 23:38:839650] DEBUG: [function]> make_ldap_conn
[2021:12:18 23:38:839699] DEBUG: [make_ldap_conn]> ld_port is 389. Connecting using default protocol
[2021:12:18 23:38:840076] DEBUG: [make_ldap_conn]> connected (LDAP_OPT_PROTOCOL_VERSION 3)
[2021:12:18 23:38:840149] DEBUG: [ldap_conn]> true
[2021:12:18 23:38:840199] DEBUG: [function]> ldap_search_dn
[2021:12:18 23:38:840243] DEBUG: [function]> ldap_search_dn(myusername)
[2021:12:18 23:38:840285] DEBUG: [ldap_search_dn]> Connecting to server
[2021:12:18 23:38:840327] DEBUG: [ldap_search_dn]> make_ldap_bind_as($this->cnx, ,$this->config['ld_bindpw']
[2021:12:18 23:38:840369] DEBUG: [function]> make_ldap_bind_as
[2021:12:18 23:38:840409] DEBUG: [make_ldap_bind_as]> $conn,
[2021:12:18 23:38:841746] DEBUG: [make_ldap_bind_as]> Bind was successfull
[2021:12:18 23:38:841875] DEBUG: [ldap_search_dn]> @ldap_search($this->cnx,ou=users,dc=yunohost,dc=org,(&(&(objectClass=person)(uid=myusername))(cn=*)),array('dn'),0,1)
[2021:12:18 23:38:842656] DEBUG: [ldap_search_dn]> ldap_search successfull
[2021:12:18 23:38:842799] DEBUG: [ldap_search_dn]> RESULT: uid=myusername,ou=users,dc=yunohost,dc=org
[2021:12:18 23:38:842865] DEBUG: [function]> ldap_bind_as
[2021:12:18 23:38:842914] DEBUG: [ldap_bind_as]> uid=myusername,ou=users,dc=yunohost,dc=org
[2021:12:18 23:38:842972] DEBUG: [function]> make_ldap_bind_as
[2021:12:18 23:38:843018] DEBUG: [make_ldap_bind_as]> $conn,uid=myusername,ou=users,dc=yunohost,dc=org
[2021:12:18 23:38:851701] DEBUG: [make_ldap_bind_as]> Bind failed
[2021:12:18 23:38:851763] DEBUG: [ldap_bind_as]> Bind failed
[2021:12:18 23:38:852359] DEBUG: [login]> wrong u/p or no group access