LDAP users cannot remove devices #1131
Labels
No labels
Bug
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/Hydra
Matrix/MSC
Matrix/Media
Meta
Meta/CI
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status/Blocked
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
To-Merge
Wont fix
old/ci/cd
old/rust
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
continuwuation/continuwuity#1131
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
When attempting to use a client to delete no-longer-used devices, LDAP users will be prompted for a password. From my understanding, the password that is expected is one that the user cannot easily provide, as LDAP accounts have generated passwords that are otherwise bypassed by the LDAP login process.
Example setup:
With this setup, the user is prompted with the password box when attempting to remove devices, and will find their LDAP password is routinely denied.
From my understanding this is because it's using the local matrix account to verify, instead of the LDAP account, so the user would need to provide the generated password (or have the password changed). Attempting to use curl to make the request using the LDAP name in place of the matrix account's username will also no work, due to "M_FORBIDDEN: User ID and access token mismatch", which would make sense as I believe this request does not make it to the LDAP server. This cannot be bypassed by manually resetting the matrix user password, as changing matrix user passwords that are tied to LDAP accounts is unsupported using admin commands