Steph - Has anyone gotten LLDAP two work with t...
# troubleshootingn
nitnelave
10/09/2023, 8:09 PMLet's see what you have so far
nitnelave
10/09/2023, 8:15 PMI dug a little bit, and without running any query with it I see an issue: when trying to extract the CN from the DN, it expects the DN to be formatted as
cn=username,...uid=username,...nitnelave
10/09/2023, 8:16 PMInstead they should request the
cncnnitnelave
10/09/2023, 8:16 PMFor reference, I'm talking about this line: https://github.com/sftpgo/sftpgo-plugin-auth/blob/main/authenticator/ldap.go#L237
nitnelave
10/09/2023, 8:16 PM(bear in mind that I didn't look at the rest of the plugin, I just browsed the LDAP part)
f
final_stephiroth
10/09/2023, 8:22 PMok thanks a lot, appreciated, ill have to parse what youre saying when im a bit less fried, here is an example of my env variables for the plugin
n
nitnelave
10/09/2023, 8:54 PMBasically, the plugin needs to be updated to work with LLDAP. They make assumptions about the response from the LDAP server that don't always hold. You probably need to create an issue with them
f
final_stephiroth
10/09/2023, 9:09 PMok gotcha, thanks again for your help
s
sbj1576
10/10/2023, 8:39 AM@final_stephiroth would you mind giving an update here, with whatever you end up concluding? I have some loose plans of using sftpgo together with lldap as well
n
nitnelave
10/11/2023, 7:45 PMI'm also suspicious of the `cachedUserPasswords`: LLDAP doesn't respond with
userPasswords
sbj1576
10/12/2023, 6:40 PMLooks like the cache can at least be disabled through another env var.
f
final_stephiroth
10/20/2023, 11:46 AM@sbj1576 i will pivot to OIDC and use LLDAP as a source of truth, I'll update you when I have something that works, could be a bit
s
sbj1576
10/26/2023, 11:01 AMThanks, would love an update 👍