-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
If this plugin works with taiga6 please indicate #45
Comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
There is a problem with authentication fallback to "normal" in recent Taiga versions. Please note that the plugin tries to implement a fallback to the default authentication implementation called "normal" (FALLBACK is "normal" by default) in
but in recent Taiga versions get_auth_plugins() returns a dictionary with a single item "ldap" only. Warning: Since this plugin cannot provide superusers at the moment superuser have to defined be "normal" users (e.g. the initial user). This kind of users are not able to login into recent Taiga versions any more when ldap auth is enable because the fallback implementation to "normal" users fails. Nevertheless I wonder whether a fallback should by implemented by the plugin itself. I would suggest the core should query all registered plugins and implement multiple querying authentication providers and fallback itself. |
I would love to update to Taiga6, but since LDAP breaks, that's not an option! Is there any update here? |
I ended up using the https://github.com/robrotheram/taiga-contrib-openid-auth plugin, setting up keycloak and configuring keycloak to use ldap. |
Work fine with Taiga 6.5.1. @madmath03 many thanks for this plugin ! |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Hello,
To debug if it's not working:
Edit: here's my Dockerfile. It allows to set LDAP with env variables.
|
I made our modified docker images public at https://github.com/brick4u/taiga-pm-docker. |
Sorry guys, I'm not working on this anymore, so I have no idea if it still works with latest versions of Taiga. |
If I had to take a shot in the dark, I would recommend to add the configuration LDAP_MAP_USERNAME_TO_UID = None At least this was a problem I encountered while setting up the plugin (I briefly mentioned it in the README of the fork I created). If |
https://github.com/TuringTux/taiga-contrib-ldap-auth-ext-2 This worked for latest Taiga 6.5.1, thank you @TuringTux |
I have some trouble setting this up with 6.7. I don't get any error messages, login just fails even for "normal" accounts. This is the relevant part in my config: #########################################
## LDAP
#########################################
if os.getenv("LDAP_SERVER"):
INSTALLED_APPS += ["taiga_contrib_ldap_auth_ext"]
# Multiple LDAP servers are currently not supported, see
# https://github.com/Monogramm/taiga-contrib-ldap-auth-ext/issues/16
LDAP_SERVER = os.getenv("LDAP_SERVER")
LDAP_PORT = os.getenv("LDAP_PORT", 636)
LDAP_START_TLS = os.getenv('LDAP_START_TLS', 'false').lower() == 'true'
LDAP_BIND_DN = os.getenv("LDAP_BIND_DN", "CN=SVC Account,OU=Service Accounts,OU=Servers,DC=example,DC=com")
LDAP_BIND_PASSWORD = os.getenv("LDAP_BIND_PASSWORD")
LDAP_SEARCH_BASE = os.getenv("LDAP_SEARCH_BASE", 'OU=DevTeam,DC=example,DC=net')
LDAP_USERNAME_ATTRIBUTE = os.getenv("LDAP_USERNAME_ATTRIBUTE", "uid")
LDAP_EMAIL_ATTRIBUTE = os.getenv("LDAP_EMAIL_ATTRIBUTE", "mail")
LDAP_FULL_NAME_ATTRIBUTE = os.getenv("LDAP_FULL_NAME_ATTRIBUTE", "givenName")
LDAP_SAVE_LOGIN_PASSWORD = False
LDAP_MAP_USERNAME_TO_UID = None
if DEBUG:
print("LDAP extenstion enabled") This is the dockerfile i use: FROM python:3.9
RUN apt-get update -q && \
apt-get install -q -y \
gettext && \
apt-get clean
RUN git clone https://github.com/kaleidos-ventures/taiga-back.git /usr/src/back
WORKDIR /usr/src/back
RUN set -e; \
git checkout 6.7.0; \
pip install --no-cache-dir -r requirements.txt; \
pip install git+https://github.com/kaleidos-ventures/[email protected]#egg=taiga-contrib-protected;
# Taiga contrib ldap auth ext
RUN pip install taiga-contrib-ldap-auth-ext==0.5.0
COPY docker-entrypoint.sh .
COPY settings/local.py settings/local.py
ENV DJANGO_SETTINGS_MODULE=settings.local
EXPOSE 8001
ENTRYPOINT ["./docker-entrypoint.sh"]
CMD ["gunicorn", "taiga.wsgi:application", \
"--name", "taiga_api", \
"--bind", "0.0.0.0:8001", \
"--workers", "3", \
"--worker-tmp-dir", "/dev/shm", \
"--log-level", "info", \
"--access-logfile", "-"] my entrypoint: #!/bin/bash
# Inspired from: https://github.com/benhutchins/docker-taiga/blob/master/docker-entrypoint.sh
# Setup database automatically if needed
echo "Configuring initial database"
python manage.py migrate --noinput
python manage.py loaddata initial_project_templates
python manage.py compilemessages
echo "Database ready"
if [ ! -d "/usr/src/back/static" ]; then
echo "Look for static folder, if it does not exist, then generate it"
python manage.py collectstatic --noinput
fi
echo "Start Taiga backend Django server"
exec "$@" Do you have any advice for me how to debug this thing? |
Have been working to get this to work with a taiga6 docker style installation.
Thought I saw that this was confirmed to work with taiga6 but at last check I did not see such an indication.
If this does work with taiga6 please have the version updated at the Taiga Resources page & on the github page somewhere.
The text was updated successfully, but these errors were encountered: