LDAP connection not working properly

Installation Issues
1

Hello there,

I’m facing some issues to get LDAP working 100%.
I’m currently facing two issues:

  • Some users get identicated. But it works only locally on the hosting server. If I try to log these users from another computer in the Intranet, login is successfull but users are redirected to the login page. This used to work before but then stopped working.

Here is the debug log output when users are logged in but are redirected to the login page:

[2021-11-03 15:27:57] [debug] ###############################################
[2021-11-03 18:28:08] [debug] Kanboard\Core\Controller\Runner::executeMiddleware
[2021-11-03 18:28:08] [debug] Subscriber executed: Kanboard\Subscriber\BootstrapSubscriber::execute
[2021-11-03 15:28:08] [debug] Kanboard\Core\Controller\BaseMiddleware::next => Kanboard\Middleware\AuthenticationMiddleware
[2021-11-03 15:28:08] [debug] Kanboard\Core\Controller\Runner::executeController => \Kanboard\Controller\AuthController::check
[2021-11-03 15:28:08] [debug] BaseDN=DC=be,DC=vvb
[2021-11-03 15:28:08] [debug] Filter=(&(objectClass=user)(sAMAccountName=myusername))
[2021-11-03 15:28:08] [debug] Attributes=samaccountname, displayname, mail, memberof
[2021-11-03 15:28:08] [debug] NbEntries=1
[2021-11-03 15:28:08] [info] Authenticate this user: CN=Support myusername,OU=SUPPORT,DC=BE,DC=VVB
[2021-11-03 15:28:08] [debug] Subscriber executed: Kanboard\Subscriber\AuthSubscriber::afterLogin
[2021-11-03 15:28:08] [debug] SQL: SELECT “data” FROM “sessions” WHERE “id” = ? LIMIT 1
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.0012829303741455
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.0012829303741455
[2021-11-03 15:28:08] [debug] SQL: SELECT “option”, “value” FROM “settings”
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.00012087821960449
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.00140380859375
[2021-11-03 15:28:08] [debug] SQL: SELECT * FROM “actions”
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.0001060962677002
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.0015099048614502
[2021-11-03 15:28:08] [debug] SQL: SELECT * FROM “action_has_params”
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.00010204315185547
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.0016119480133057
[2021-11-03 15:28:08] [debug] SQL: SELECT 1 FROM “users” WHERE “username” = ? AND “lock_expiration_date” != ? AND “lock_expiration_date” >= ?
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.00017213821411133
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.001784086227417
[2021-11-03 15:28:08] [debug] SQL: SELECT “nb_failed_login” FROM “users” WHERE “username” = ? LIMIT 1
[2021-11-03 15:28:08] [debug] SQL: query_duration=7.7009201049805E-5
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.0018610954284668
[2021-11-03 15:28:08] [debug] SQL: SELECT “id”, “password” FROM “users” WHERE “username” = ? AND “disable_login_form” = ? AND “is_ldap_user” = ? AND “is_active” = ? LIMIT 1
[2021-11-03 15:28:08] [debug] SQL: query_duration=7.7962875366211E-5
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.001939058303833
[2021-11-03 15:28:08] [debug] SQL: SELECT * FROM “users” WHERE “username” = ? LIMIT 1
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.00021600723266602
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.002155065536499
[2021-11-03 15:28:08] [debug] SQL: UPDATE “users” SET “is_ldap_user”=?, “id”=? WHERE “id” = ?
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.0096991062164307
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.01185417175293
[2021-11-03 15:28:08] [debug] SQL: SELECT groups.id, groups.external_id, groups.name FROM “group_has_users” LEFT JOIN “groups” ON “groups”.“id”=“group_has_users”.“group_id” WHERE group_has_users.user_id = ? ORDER BY groups.name ASC
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.0001988410949707
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.0120530128479
[2021-11-03 15:28:08] [debug] SQL: SELECT * FROM “groups” WHERE “external_id” IN (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.00012993812561035
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.012182950973511
[2021-11-03 15:28:08] [debug] SQL: UPDATE “users” SET “nb_failed_login”=?, “lock_expiration_date”=? WHERE “username” = ?
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.00015997886657715
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.012342929840088
[2021-11-03 15:28:08] [debug] SQL: SELECT “id” FROM “last_logins” WHERE “user_id” = ? ORDER BY “id” DESC
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.00012493133544922
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.012467861175537
[2021-11-03 15:28:08] [debug] SQL: DELETE FROM “last_logins” WHERE “user_id” = ? AND “id” NOT IN (?, ?, ?, ?, ?, ?, ?, ?, ?)
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.0088489055633545
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.021316766738892
[2021-11-03 15:28:08] [debug] SQL: INSERT INTO “last_logins” (“auth_type”, “user_id”, “ip”, “user_agent”, “date_creation”) VALUES (:auth_type, :user_id, :ip, :user_agent, :date_creation)
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.0090010166168213
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.030317783355713
[2021-11-03 15:28:08] [debug] SQL: DELETE FROM “remember_me” WHERE “user_id” = ? AND “expiration” < ?
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.00020694732666016
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.030524730682373
[2021-11-03 15:28:08] [debug] SQL: INSERT INTO “remember_me” (“user_id”, “ip”, “user_agent”, “token”, “sequence”, “expiration”, “date_creation”) VALUES (:user_id, :ip, :user_agent, :token, :sequence, :expiration, :date_creation)
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.0090060234069824
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.039530754089355
[2021-11-03 15:28:08] [debug] SQL: SELECT 1 FROM “sessions” WHERE “id” = ?
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.00015997886657715
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.039690732955933
[2021-11-03 15:28:08] [debug] SQL: UPDATE “sessions” SET “expire_at”=?, “data”=? WHERE “id” = ?
[2021-11-03 15:28:08] [debug] SQL: query_duration=0.0011990070343018
[2021-11-03 15:28:08] [debug] SQL: total_execution_time=0.040889739990234
[2021-11-03 15:28:08] [debug] APP: nb_queries=19
[2021-11-03 15:28:08] [debug] APP: rendering_time=0.31005191802979
[2021-11-03 15:28:08] [debug] APP: memory_usage=5.5M
[2021-11-03 15:28:08] [debug] APP: uri=/kanboard/?controller=AuthController&action=check

  • Some users don’t get identicated. They have a failed login message while used credentials are correct. The error is the same locally on the hosting server or from another machine on the intranet

Here is the debug log when connection is failing

[2021-11-03 15:28:09] [debug] ###############################################
[2021-11-03 18:30:03] [debug] Kanboard\Core\Controller\Runner::executeMiddleware
[2021-11-03 18:30:03] [debug] Subscriber executed: Kanboard\Subscriber\BootstrapSubscriber::execute
[2021-11-03 15:30:03] [debug] Kanboard\Core\Controller\BaseMiddleware::next => Kanboard\Middleware\AuthenticationMiddleware
[2021-11-03 15:30:03] [debug] Kanboard\Core\Controller\Runner::executeController => \Kanboard\Controller\AuthController::check
[2021-11-03 15:30:03] [debug] BaseDN=DC=be,DC=vvb
[2021-11-03 15:30:03] [debug] Filter=(&(objectClass=user)(sAMAccountName=myotherusername))
[2021-11-03 15:30:03] [debug] Attributes=samaccountname, displayname, mail, memberof
[2021-11-03 15:30:03] [debug] NbEntries=1
[2021-11-03 15:30:03] [info] Authenticate this user: CN=Myotherusername,OU=Super-Users,OU=Users,OU=Production,OU=VVB,DC=BE,DC=VVB
[2021-11-03 15:30:03] [debug] Subscriber executed: Kanboard\Subscriber\AuthSubscriber::onLoginFailure
[2021-11-03 15:30:03] [debug] SQL: SELECT “data” FROM “sessions” WHERE “id” = ? LIMIT 1
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.0013492107391357
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0013492107391357
[2021-11-03 15:30:03] [debug] SQL: SELECT “option”, “value” FROM “settings”
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.0001370906829834
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0014863014221191
[2021-11-03 15:30:03] [debug] SQL: SELECT * FROM “actions”
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.00011181831359863
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0015981197357178
[2021-11-03 15:30:03] [debug] SQL: SELECT * FROM “action_has_params”
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.00010490417480469
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0017030239105225
[2021-11-03 15:30:03] [debug] SQL: SELECT 1 FROM “users” WHERE “username” = ? AND “lock_expiration_date” != ? AND “lock_expiration_date” >= ?
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.00016689300537109
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0018699169158936
[2021-11-03 15:30:03] [debug] SQL: SELECT “nb_failed_login” FROM “users” WHERE “username” = ? LIMIT 1
[2021-11-03 15:30:03] [debug] SQL: query_duration=9.4175338745117E-5
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0019640922546387
[2021-11-03 15:30:03] [debug] SQL: SELECT “id”, “password” FROM “users” WHERE “username” = ? AND “disable_login_form” = ? AND “is_ldap_user” = ? AND “is_active” = ? LIMIT 1
[2021-11-03 15:30:03] [debug] SQL: query_duration=7.0095062255859E-5
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0020341873168945
[2021-11-03 15:30:03] [debug] SQL: SELECT * FROM “users” WHERE “username” = ? LIMIT 1
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.00021219253540039
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0022463798522949
[2021-11-03 15:30:03] [debug] SQL: SELECT groups.id, groups.external_id, groups.name FROM “group_has_users” LEFT JOIN “groups” ON “groups”.“id”=“group_has_users”.“group_id” WHERE group_has_users.user_id = ? ORDER BY groups.name ASC
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.00015997886657715
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0024063587188721
[2021-11-03 15:30:03] [debug] SQL: SELECT * FROM “groups” WHERE “external_id” IN (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
[2021-11-03 15:30:03] [debug] SQL: query_duration=8.9883804321289E-5
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0024962425231934
[2021-11-03 15:30:03] [debug] SQL: UPDATE “users” SET “nb_failed_login”=“nb_failed_login”+1 WHERE “username” = ?
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.00014901161193848
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0026452541351318
[2021-11-03 15:30:03] [debug] SQL: SELECT “nb_failed_login” FROM “users” WHERE “username” = ? LIMIT 1
[2021-11-03 15:30:03] [debug] SQL: query_duration=8.1062316894531E-5
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0027263164520264
[2021-11-03 15:30:03] [debug] SQL: SELECT “nb_failed_login” FROM “users” WHERE “username” = ? LIMIT 1
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.0001060962677002
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0028324127197266
[2021-11-03 15:30:03] [debug] SQL: SELECT 1 FROM “sessions” WHERE “id” = ?
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.0001070499420166
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0029394626617432
[2021-11-03 15:30:03] [debug] SQL: UPDATE “sessions” SET “expire_at”=?, “data”=? WHERE “id” = ?
[2021-11-03 15:30:03] [debug] SQL: query_duration=0.0013041496276855
[2021-11-03 15:30:03] [debug] SQL: total_execution_time=0.0042436122894287
[2021-11-03 15:30:03] [debug] APP: nb_queries=15
[2021-11-03 15:30:03] [debug] APP: rendering_time=0.28731608390808
[2021-11-03 15:30:03] [debug] APP: memory_usage=5.64M
[2021-11-03 15:30:03] [debug] APP: uri=/kanboard/?controller=AuthController&action=check
[2021-11-03 15:30:03] [debug] ###############################################

As well the debug log is not showing the correct date. It should be 16:30 instead of 15:30. But I will look further timing on the logs are not correct.

Here is my configuration:

<?php /*******************************************************************/ /* Rename this file to config.php if you want to change the values */ /* */ /* Make sure all paths are absolute by using __DIR__ where needed */ /*******************************************************************/ // Data folder (must be writeable by the web server user and absolute) define('DATA_DIR', __DIR__.DIRECTORY_SEPARATOR.'data'); // Enable/Disable debug define('DEBUG', true); // Available log drivers: syslog, stderr, stdout, system or file define('LOG_DRIVER', 'file'); // Log filename if the log driver is "file" define('LOG_FILE', DATA_DIR.DIRECTORY_SEPARATOR.'debug.log'); // Plugins directory define('PLUGINS_DIR', __DIR__.DIRECTORY_SEPARATOR.'plugins'); // Plugins directory URL define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json'); // Enable/Disable plugin installer (Disabled by default for security reasons) // There is no code review or any approval process to submit a plugin. // This is up to the Kanboard instance owner to validate if a plugin is legit. define('PLUGIN_INSTALLER', false); // Available cache drivers are "file" and "memory" define('CACHE_DRIVER', 'memory'); // Cache folder to use if cache driver is "file" (must be writeable by the web server user) define('CACHE_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'cache'); // Folder for uploaded files (must be writeable by the web server user) define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files'); // Enable/disable email configuration from the user interface define('MAIL_CONFIGURATION', true); // E-mail address used for the "From" header (notifications) define('MAIL_FROM', 'kanboard@mydomain.com'); // E-mail address used for the "Bcc" header to send a copy of all notifications define('MAIL_BCC', ''); // Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid" define('MAIL_TRANSPORT', 'mail'); // SMTP configuration to use when the "smtp" transport is chosen define('MAIL_SMTP_HOSTNAME', 'relay.mydomain.com'); define('MAIL_SMTP_PORT', 26); define('MAIL_SMTP_USERNAME', ''); define('MAIL_SMTP_PASSWORD', ''); define('MAIL_SMTP_HELO_NAME', null); // valid: null (default), or FQDN define('MAIL_SMTP_ENCRYPTION', null); // Valid values are null (not a string "null"), "ssl" or "tls" // Sendmail command to use when the transport is "sendmail" define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/sendmail -bs'); // Run automatically database migrations // If set to false, you will have to run manually the SQL migrations from the CLI during the next Kanboard upgrade // Do not run the migrations from multiple processes at the same time (example: web page + background worker) define('DB_RUN_MIGRATIONS', true); // Database driver: sqlite, mysql or postgres (sqlite by default) define('DB_DRIVER', 'sqlite'); // Mysql/Postgres username define('DB_USERNAME', 'root'); // Mysql/Postgres password define('DB_PASSWORD', ''); // Mysql/Postgres hostname define('DB_HOSTNAME', 'localhost'); // Mysql/Postgres database name define('DB_NAME', 'kanboard'); // Mysql/Postgres custom port (null = default port) define('DB_PORT', null); // Mysql SSL key define('DB_SSL_KEY', null); // Mysql SSL certificate define('DB_SSL_CERT', null); // Mysql SSL CA define('DB_SSL_CA', null); // Mysql SSL server verification, set to false if you don't want the Mysql driver to validate the certificate CN define('DB_VERIFY_SERVER_CERT', null); // Timeout value for PDO attribute define('DB_TIMEOUT', null); // Enable LDAP authentication (false by default) define('LDAP_AUTH', true); // LDAP server protocol, hostname and port URL (ldap[s]://hostname:port) define('LDAP_SERVER', 'myldapserver.domain.local'); // By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification define('LDAP_SSL_VERIFY', false); // Enable LDAP START_TLS define('LDAP_START_TLS', false); // By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive) // Set to true if you want to preserve the case define('LDAP_USERNAME_CASE_SENSITIVE', false); // LDAP bind type: "anonymous", "user" or "proxy" define('LDAP_BIND_TYPE', 'user'); // LDAP username to use with proxy mode // LDAP username pattern to use with user mode define('LDAP_USERNAME', '%s@be.vvb'); // LDAP password to use for proxy mode define('LDAP_PASSWORD', null); // LDAP DN for users // Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local // Example for OpenLDAP: ou=People,dc=example,dc=com define('LDAP_USER_BASE_DN', 'DC=be,DC=vvb'); // LDAP pattern to use when searching for a user account // Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))' // Example for OpenLDAP: 'uid=%s' define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))'); // LDAP attribute for username // Example for ActiveDirectory: 'sAMAccountName' // Example for OpenLDAP: 'uid' define('LDAP_USER_ATTRIBUTE_USERNAME', 'sAMAccountName'); // LDAP attribute for user full name // Example for ActiveDirectory: 'displayname' // Example for OpenLDAP: 'cn' define('LDAP_USER_ATTRIBUTE_FULLNAME', 'displayname'); // LDAP attribute for user email define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail'); // LDAP attribute to find groups in user profile define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof'); // LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto define('LDAP_USER_ATTRIBUTE_PHOTO', ''); // LDAP attribute for user language, example: 'preferredlanguage' // Put an empty string to disable language sync define('LDAP_USER_ATTRIBUTE_LANGUAGE', ''); // Allow automatic LDAP user creation define('LDAP_USER_CREATION', false); // Set new user as Manager define('LDAP_USER_DEFAULT_ROLE_MANAGER', false); // LDAP DN for administrators // Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local define('LDAP_GROUP_ADMIN_DN', 'CN=MyGroup,CN=Users,DC=BE,DC=VVB'); // LDAP DN for managers // Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local define('LDAP_GROUP_MANAGER_DN', ''); // Enable LDAP group provider for project permissions // The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects define('LDAP_GROUP_PROVIDER', false); // LDAP Base DN for groups define('LDAP_GROUP_BASE_DN', ''); // LDAP group filter // Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*)) define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))'); // LDAP user group filter // If this filter is configured, Kanboard will search user groups in LDAP_GROUP_BASE_DN with this filter // Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s)) define('LDAP_GROUP_USER_FILTER', ''); // LDAP attribute for the user in the group filter // 'username' or 'dn' define('LDAP_GROUP_USER_ATTRIBUTE', 'username'); // LDAP attribute for the group name define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn'); // Enable/disable the reverse proxy authentication define('REVERSE_PROXY_AUTH', false); // Header name to use for the username define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER'); // Username of the admin, by default blank define('REVERSE_PROXY_DEFAULT_ADMIN', ''); // Header name to use for the username define('REVERSE_PROXY_EMAIL_HEADER', 'REMOTE_EMAIL'); // Default domain to use for setting the email address define('REVERSE_PROXY_DEFAULT_DOMAIN', ''); // Enable/disable remember me authentication define('REMEMBER_ME_AUTH', true); // Enable or disable "Strict-Transport-Security" HTTP header define('ENABLE_HSTS', true); // Enable or disable "X-Frame-Options: DENY" HTTP header define('ENABLE_XFRAME', true); // Escape html inside markdown text define('MARKDOWN_ESCAPE_HTML', true); // API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617 define('API_AUTHENTICATION_HEADER', ''); // Enable/disable url rewrite define('ENABLE_URL_REWRITE', true); // Hide login form, useful if all your users use Google/Github/ReverseProxy authentication define('HIDE_LOGIN_FORM', false); // Disabling logout (useful for external SSO authentication) define('DISABLE_LOGOUT', false); // Enable captcha after 3 authentication failure define('BRUTEFORCE_CAPTCHA', 3); // Lock the account after 6 authentication failure define('BRUTEFORCE_LOCKDOWN', 6); // Lock account duration in minute define('BRUTEFORCE_LOCKDOWN_DURATION', 15); // Session duration in second (0 = until the browser is closed) // See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime define('SESSION_DURATION', 0); // Session handler: db or php define('SESSION_HANDLER', 'db'); // HTTP client proxy define('HTTP_PROXY_HOSTNAME', ''); define('HTTP_PROXY_PORT', '3128'); define('HTTP_PROXY_USERNAME', ''); define('HTTP_PROXY_PASSWORD', ''); define('HTTP_PROXY_EXCLUDE', 'localhost'); // Set to false to allow self-signed certificates define('HTTP_VERIFY_SSL_CERTIFICATE', true); // TOTP (2FA) issuer name define('TOTP_ISSUER', 'Kanboard'); // Comma separated list of fields to not synchronize when using external authentication providers define('EXTERNAL_AUTH_EXCLUDE_FIELDS', 'username'); // Enable or disable displaying group-memberships in userlist (true by default) define('SHOW_GROUP_MEMBERSHIPS_IN_USERLIST', true); // Limit number of groups to display in userlist (The full list of group-memberships is always shown, ... // ... when hovering the mouse over the group-icon of a given user!) // If set to 0 ALL group-memberships will be listed (7 by default) define('SHOW_GROUP_MEMBERSHIPS_IN_USERLIST_WITH_LIMIT', 7); I'm looking further in the mean time but any help would be nice as I'm turning mad. :smiley: Arnaud
2

I could solve it again concerning the login from another computer in the intranet.
(By replacing my config.php file. Which is strange because I copy pasted the needed content for my LDAP config)

So I have remaining the issue that I can login with my admin account but not with another admin or user admin account. The strange is that it’s telling me bad username or password but I don’t see the captcha coming after 3 times.
If I type 3 wrong passwords it’s well prompting the captcha.

I checked all 3 accounts I use for testing but see no difference in the attribute editor of Active Directory. I will have to perform more tests with other accounts to see if I can find any logic in the errors.

3

I had a similar issue , is you LDAP server ldaps type? if yes i think the
LDAP_SSL_VERIFY and LDAP_START_TLS’ should be set to TRUE.
Or alternatively I managed to make it work using the reverse proxy Plugin

4

Hello Kanji.
Thanks a lot. I switched to proxy mode (I saw that it’s indeed the recommended option). But the situation remain the same. I’m only able to login with one account. (The one used to install kanboard)
I begin wondering if I have rights issue on the folder or something like that.

I’m using LDAP (not LDAPS) at the moment to test the basic and will implement LDAPS afterwards.

5

Hello guys.
I could solve all my problems. I misunderstood the point of the ldap_user_creation. My bad.

I still have one remaining question regarding the application URL. I should change it as I changed my URL to be able to use an existing wildcard certificate. But I see the field greyed out in the web page and don’t find any place to change it in my configuration files.

I could read that it is stored in the applciation database but is there any way to change it? Thanks a lot for your help.

Arnaud