Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

non ldap but already registered user can't login when ldap authentication is activated. #2037

Open
vlebourl opened this issue Feb 16, 2024 · 1 comment
Open

non ldap but already registered user can't login when ldap authentication is activated. #2037

vlebourl opened this issue Feb 16, 2024 · 1 comment
Labels
feature request

Comments

@vlebourl
Copy link

Bug report

Expected Behavior

being able to login with both ldap and local user

Actual Behavior

ldap user is logging in correctly but existing local user can't login.

CDash Version

v3.2.3

Additional Information

in the .env file, using this:

CDASH_ROOT_ADMIN_EMAIL=admin@host.com
CDASH_ROOT_ADMIN_PASS=<password>
# USERNAME_PASSWORD_AUTHENTICATION_ENABLED=true

# CDASH_AUTHENTICATION_PROVIDER=ldap
# LDAP_HOSTS=sub.host.com
# LDAP_BASE_DN="cn=users,dc=host,dc=com"
# LDAP_USERNAME="cn=cdash,cn=users,dc=host,dc=com"
# LDAP_PASSWORD=${DB_PASSWORD}
# LDAP_BIND_USERS_BY=userPrincipalName
# LDAP_PROVIDER=activedirectory

can login correctly,

Using

CDASH_ROOT_ADMIN_EMAIL=admin@host.com
CDASH_ROOT_ADMIN_PASS=<password>
USERNAME_PASSWORD_AUTHENTICATION_ENABLED=true

CDASH_AUTHENTICATION_PROVIDER=ldap
LDAP_HOSTS=sub.host.com
LDAP_BASE_DN="cn=users,dc=host,dc=com"
LDAP_USERNAME="cn=cdash,cn=users,dc=host,dc=com"
LDAP_PASSWORD=${DB_PASSWORD}
LDAP_BIND_USERS_BY=userPrincipalName
LDAP_PROVIDER=activedirectory

An ldap user can correctly login, but user admin@host.com can't login anymore. The testing.INFO logs shows

cdash           | [Fri Feb 16 14:38:53.058313 2024] [php:notice] [pid 477] [client 10.10.10.51:63205] [2024-02-16 15:38:53] testing.INFO: LDAP (ldap://sub.host.com.com:389) - Connection: default - Operation: Binding - Username: cn=cdash,cn=users,dc=host,dc=com  \n, referer: https://cdash.host.com/index.php?project=Project
cdash           | [Fri Feb 16 14:38:53.093743 2024] [php:notice] [pid 477] [client 10.10.10.51:63205] [2024-02-16 15:38:53] testing.INFO: LDAP (ldap://sub.host.com.com:389) - Connection: default - Operation: Bound - Username: cn=cdash,cn=users,dc=host,dc=com  \n, referer: https://cdash.host.com/index.php?project=Project
cdash           | [Fri Feb 16 14:38:53.097430 2024] [php:notice] [pid 477] [client 10.10.10.51:63205] [2024-02-16 15:38:53] testing.INFO: LDAP (ldap://sub.host.com.com:389) - Connection: default - Operation: Search - Base DN: cn=users,dc=host,dc=com - Filter: (&(objectclass=user)(objectcategory=person)(!(objectclass=contact))(mail=admin@host.com)) - Selected: (*,objectguid) - Time Elapsed: 2  \n, referer: https://cdash.host.com/index.php?project=Project

My understanding was that USERNAME_PASSWORD_AUTHENTICATION_ENABLED=true would allow to log in with the non ldap user even though ldap authentication is activated. But I guess I'm wrong. How could I circumvent that? Thanks very much for the help.
@zackgalbreath
Copy link
Contributor

My understanding was that USERNAME_PASSWORD_AUTHENTICATION_ENABLED=true would allow to log in with the non ldap user even though ldap authentication is activated. But I guess I'm wrong. How could I circumvent that? Thanks very much for the help.

Unfortunately as you discovered, CDash's LDAP authentication currently blocks "regular" (database) authentication when it is enabled. We'll keep your use case in mind as we work to improve and expand our authentication support in CDash.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zackgalbreath @vlebourl @williamjallen