continuwuation/continuwuity
continuwuation/continuwuity
12
46
Fork 42
Code Issues 97 Pull requests 22 Releases 24 Packages 3 Activity Actions

fix: Allow using LDAP passwords in UIAA #1226

Merged
ginger merged 1 commit from jade/fix-ldap-uiaa into main 2025-12-16 14:04:36 +00:00
Conversation 7 Commits 1 Files changed 1 +33 -10
Jade commented 2025-12-14 01:14:35 +00:00
Owner
Copy link

Fixes #1131

Fixes #1131
fix: Allow using LDAP passwords in UIAA
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 56s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Failing after 1m51s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 11m6s
Details
816f487766
 
Fixes #1131

Co-authored-by: Jade Ellis <jade@ellis.link>
Jade 2025-12-14 01:15:12 +00:00
Jade force-pushed jade/fix-ldap-uiaa from 816f487766
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 56s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Failing after 1m51s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 11m6s
Details
to fb09b700ce
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m6s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m21s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 10m53s
Details
2025-12-14 01:21:45 +00:00 Compare
nex approved these changes 2025-12-14 19:53:11 +00:00
nex left a comment
Owner
Copy link

Do any of us have a way to test this?

Do any of us have a way to test this?
Jade commented 2025-12-15 00:59:39 +00:00
Author
Owner
Copy link

Nope, but it looks like it should work to me. ideally @Clubs or one of the otehr users who reported this could test it

Nope, but it looks like it should work to me. ideally @Clubs or one of the otehr users who reported this could test it
👍 1
Clubs commented 2025-12-15 06:39:34 +00:00
First-time contributor
Copy link

Attempted to make a dockerfile to give it a check, and still getting the error. I can check back when I'm less sleepy to see if my steps for setting up the image and compose files were flawed. However as of right now, it seems like there may still be an issue. I can also double check to make sure I didn't configure something wrong with LDAP either, and see if I can't figure out some more on my end

Attempted to make a dockerfile to give it a check, and still getting the error. I can check back when I'm less sleepy to see if my steps for setting up the image and compose files were flawed. However as of right now, it seems like there may still be an issue. I can also double check to make sure I didn't configure something wrong with LDAP either, and see if I can't figure out some more on my end
Clubs commented 2025-12-15 08:06:06 +00:00
First-time contributor
Copy link

Okay scratch that kinda, it works if the LDAP name and mxid local part are an exact match. The configuration being used over here with LDAP has uppercase characters in the names used at login, but that are lowercase with the mxids, which means one of the checks fails, and that leads to an m_forbidden due to an access token and user id mismatch. Changing the name of a user to lowercase in the LDAP setup fixes the issue and it works as intended. I'm unsure if thats considered a misconfiguration of the LDAP config, or if thats something that user id/access token validation is supposed to take into account

Okay scratch that kinda, it works if the LDAP name and mxid local part are an exact match. The configuration being used over here with LDAP has uppercase characters in the names used at login, but that are lowercase with the mxids, which means one of the checks fails, and that leads to an m_forbidden due to an access token and user id mismatch. Changing the name of a user to lowercase in the LDAP setup fixes the issue and it works as intended. I'm unsure if thats considered a misconfiguration of the LDAP config, or if thats something that user id/access token validation is supposed to take into account
ginger commented 2025-12-15 13:59:04 +00:00
Owner
Copy link

@Clubs wrote in #1226 (comment):

Okay scratch that kinda, it works if the LDAP name and mxid local part are an exact match. The configuration being used over here with LDAP has uppercase characters in the names used at login, but that are lowercase with the mxids, which means one of the checks fails, and that leads to an m_forbidden due to an access token and user id mismatch. Changing the name of a user to lowercase in the LDAP setup fixes the issue and it works as intended. I'm unsure if thats considered a misconfiguration of the LDAP config, or if thats something that user id/access token validation is supposed to take into account

There's not really a way for Continuwuity's validation to take this into account because it always searches for the lowercase mxid and can't guess how it might be capitalized on the LDAP side.

@Clubs wrote in https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1226#issuecomment-22173: > Okay scratch that kinda, it works if the LDAP name and mxid local part are an exact match. The configuration being used over here with LDAP has uppercase characters in the names used at login, but that are lowercase with the mxids, which means one of the checks fails, and that leads to an m_forbidden due to an access token and user id mismatch. Changing the name of a user to lowercase in the LDAP setup fixes the issue and it works as intended. I'm unsure if thats considered a misconfiguration of the LDAP config, or if thats something that user id/access token validation is supposed to take into account There's not really a way for Continuwuity's validation to take this into account because it always searches for the lowercase mxid and can't guess how it might be capitalized on the LDAP side.
Clubs commented 2025-12-15 16:35:26 +00:00
First-time contributor
Copy link

@ginger wrote in #1226 (comment):

@Clubs wrote in #1226 (comment):

Okay scratch that kinda, it works if the LDAP name and mxid local part are an exact match. The configuration being used over here with LDAP has uppercase characters in the names used at login, but that are lowercase with the mxids, which means one of the checks fails, and that leads to an m_forbidden due to an access token and user id mismatch. Changing the name of a user to lowercase in the LDAP setup fixes the issue and it works as intended. I'm unsure if thats considered a misconfiguration of the LDAP config, or if thats something that user id/access token validation is supposed to take into account

There's not really a way for Continuwuity's validation to take this into account because it always searches for the lowercase mxid and can't guess how it might be capitalized on the LDAP side.

Yeah, definitely feels like more of a configuration issue than a Continuwuity issue at this point. I'll do some reconfiguring of our LDAP setup on my end, which should let me check in with some other users as well. The only thing I'd suggest on this front is maybe a note about case being important somewhere, but I also don't know how much that would occur in the wild to begin with. Thank y'all so much for this

@ginger wrote in https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1226#issuecomment-22176: > @Clubs wrote in #1226 (comment): > > > Okay scratch that kinda, it works if the LDAP name and mxid local part are an exact match. The configuration being used over here with LDAP has uppercase characters in the names used at login, but that are lowercase with the mxids, which means one of the checks fails, and that leads to an m_forbidden due to an access token and user id mismatch. Changing the name of a user to lowercase in the LDAP setup fixes the issue and it works as intended. I'm unsure if thats considered a misconfiguration of the LDAP config, or if thats something that user id/access token validation is supposed to take into account > > There's not really a way for Continuwuity's validation to take this into account because it always searches for the lowercase mxid and can't guess how it might be capitalized on the LDAP side. Yeah, definitely feels like more of a configuration issue than a Continuwuity issue at this point. I'll do some reconfiguring of our LDAP setup on my end, which should let me check in with some other users as well. The only thing I'd suggest on this front is maybe a note about case being important somewhere, but I also don't know how much that would occur in the wild to begin with. Thank y'all so much for this
Clubs commented 2025-12-15 18:44:32 +00:00
First-time contributor
Copy link

Can confirm that changing the casing has made it work for me and some of the other users with our ldap setup that were having the issue under this fix. Thank y'all so much

Can confirm that changing the casing has made it work for me and some of the other users with our ldap setup that were having the issue under this fix. Thank y'all so much
ginger force-pushed jade/fix-ldap-uiaa from fb09b700ce
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m6s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m21s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 10m53s
Details
to cdc53b3421
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 53s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 1m27s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 8m46s
Details
Documentation / Build and Deploy Documentation (push) Successful in 1m5s
Details
Checks / Prek / Pre-commit & Formatting (push) Successful in 2m38s
Details
Release Docker Image / Build linux-amd64 (release) (push) Successful in 6m11s
Details
Release Docker Image / Build linux-arm64 (release) (push) Successful in 6m28s
Details
Release Docker Image / Create Multi-arch Release Manifest (push) Failing after 10s
Details
Checks / Prek / Clippy and Cargo Tests (push) Has been cancelled
Details
Release Docker Image / Build linux-amd64 (max-perf) (push) Successful in 15m10s
Details
Release Docker Image / Build linux-arm64 (max-perf) (push) Successful in 15m8s
Details
Release Docker Image / Create Max-Perf Manifest (push) Failing after 10s
Details
2025-12-16 13:55:35 +00:00 Compare
ginger scheduled this pull request to auto merge when all checks succeed 2025-12-16 13:56:05 +00:00
ginger merged commit cdc53b3421 into main 2025-12-16 14:04:36 +00:00
ginger added this to the 0.5.0 milestone 2025-12-16 14:04:52 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
nex
Labels
Clear labels   
Blocked

This pull request or issue is currently blocked from being merged/closed

  
Bug

Something isn't working as intended

  
Cherry-picking

Commits picked from other conduit projects

  
Database

This requires or includes changes to the database

  
Dependencies

Something dependency related

  
Dependencies/Renovate

Automatic dependency upgrades by Renovate

  
Difficulty
Easy
Low difficulty to implement - touches few parts of the codebase, low complexity

  
Difficulty
Hard
High difficulty to implement - touches many parts of the codebase, high complexity

  
Difficulty
Medium
Medium difficulty to implement - touches more parts of the codebase, higher complexity

  
Documentation

Improvements or additions to documentation

  
Enhancement

New feature or request

  
Good first issue

Good for newcomers

  
Help wanted

Additional eyes and keyboards are required for this one

  
Inherited

Issues that have been inhereted from the project pre-fork

  
Matrix/Administration

Features pertaining to homeserver administration

  
Matrix/Appservices

Features pertaining to the appservice API

  
Matrix/Auth

Features pertaining to authentication

  
Matrix/Client

Features pertaining to client-to-server interactions

  
Matrix/Core

Issues relating to core matrix functionality, such as state resolution and PDU formats

  
Matrix/Federation

Features pertaining to server-to-server interactions

  
Matrix/Hydra

Issues related to room version 12 and related changes (temporary label)

  
Matrix/MSC

Features pertaining to unstable matrix features

  
Matrix/Media

Features pertaining to media interactions

  
Meta

Related to housekeeping, maintenance, or other repo-meta.

  
Meta/CI

Issues related to CI changes

  
Meta/Packaging

Packaging

  
Priority
Blocking
This issue is blocking the next release

  
Priority
High
This issue is very important

  
Priority
Low
This issue is of a rather low priority

  
Security

This item is related to general security

  
Status
Confirmed
This issue has enough information and is confirmed

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
This issue doesn't seem right

  
Status
Needs Investigation
This issue needs further investigation

  
Support

Questions or support requests

  
To-Merge

   
Wont fix

This will not be worked on

  
old/ci/cd

Ci/CD

Archived

  
old/rust

Pull requests that update Rust code

Archived

No labels
Blocked
Bug
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/Hydra
Matrix/MSC
Matrix/Media
Meta
Meta/CI
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Support
To-Merge
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
0.5.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
continuwuation/continuwuity!1226
No description provided.