I just tried upgrading to 8.0.1 server from 7.1.5 as per the instructions (installing libmysqlclient-dev, future, mysqlclient etc. in advance) - this is on Ubuntu 18.04.
After installation, none of the accounts which authenticate against LDAP would log in (either through the web interface or desktop client) - however, local seafile accounts would authenticate fine.
There was no clue in the log files what was failing.
Reverting to 7.1.5, and the LDAP accounts all work fine (i.e. not an obvious problem with the LDAP server).
I would like to add myself to this error. Can you please tell us whats wrong. Error is still in version 8.0.2. The Users are still in the ccnet usermgr database. But are not shown in the ldap imported tab on the web-interface.
I can’t find any errors in any seafile log.
I have the same issue after migrating from 7.1.5 to 8.0.3 - I am not able to login and the error message in the UI is Incorrect email or password.
There is no error in any of the logs.
The moment I switch back to 7.1.5 everything works as expected.
Tried to launch seafile with this enviroment variable to debug SEAFILE_DEBUG=all but it looks like that change nothing about log level. Someone know how to enable full debug ?
I forgot to mention that my issue is happening on a Raspberry pi, so yes, maybe this is specific to ARM…
@daniel.pan, I would like to offer more information, is there anything I can do? BTW, thanks for a great product, I am using Seafile for years now, without any major issues.
@Josue I don’t know why it doesn’t work. I expected that this flag would do the trick. Since I don’t use Ldap, is difficult for me to analyse at my end. Do you get any error, or just doesn’t work?
I didn’t see any errors. Maybe if I find an option to make seafile server more verbose I could bring more information but I didn’t found any option which work.
I use this for the yunohost package. Maybe if you want you can test it by this way.
No luck for me either, the behavior and error are the same with version 8.0.5.
I wonder if this has something to do with the fact that ccnet component has been removed starting with version 8.x.
Could be that something has not been migrated properly in the database? E.g., I see that my LDAP user exists in the table ccnet_db.LDAPUsers but it does not exist in ccnet_db.EmailUser.
So it seems at login time, only table EmailUser is being checked. Or maybe this is the normal behavior when LDAP is activated…?
Anyway, later today or tomorrow I will try to install the AMD64 version on my laptop, with the same configuration and database as the ARM version, and see if the problem persists. At least we will know if it is an architecture specific issue or not.
Ah, one more thing, maybe this will also help identifying the problem: I am using SSO functionality which also doesn’t work in 8.x version but it works in 7.x version.
My configuration in seahub_settings.py is
ENABLE_REMOTE_USER_AUTHENTICATION = True
# Optional, HTTP header, which is configured in your web server conf file,
# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
REMOTE_USER_HEADER = 'HTTP_REMOTE_USER'
# Optional, whether to create new user in Seafile system, default value is True.
# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
# The admin has to first import the users from external systems like LDAP.
REMOTE_USER_CREATE_UNKNOWN_USER = False
# Optional, whether to activate new user in Seafile system, default value is True.
# If this setting is disabled, user will be unable to login by default.
# the administrator needs to manually activate this user.
REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
As per my understanding, when SSO is used, the password is not validated, which would mean the LDAP system is not invoked. But instead, the Seafile application would check the user from HTTP header HTTP_REMOTE_USER against its own database.
When trying to login with SSO, in version 8.0.x, I get the error Error, new user registration is not allowed, please contact administrator.
Which makes sense, considering that REMOTE_USER_CREATE_UNKNOWN_USER is set to False.
But that also shows that user existence is not checked against table ccnet_db.LDAPUsers.
@daniel.pan, what do you think? Please also check my previous message, as they are related.