-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make Login work with iOS Piwik Mobile 2.2 app #79
Comments
Using the mobile app w/ LoginLdap requires that the Always Use LDAP for Authentication setting be unchecked. This is because the mobile app calculates the token auth of a user, it doesn't query Piwik for the token auth in the DB. So the token auth it uses will be different from what is in the DB unless the actual password of a user is stored in Piwik's DB. There are two ways around this:
I think neither of these solutions is ideal for you since you've removed existing user entries, so I'll keep trying to think of another way to solve this. |
Hi @diosmosis Would it be possible to document this in a FAQ in the readme of loginLdap ? it seems more and more users have this question and they could help themselves with such FAQ 👍 |
I've just seen #80 which looks similar so +1 |
@diosmosis: thanks for your explanation! For me, however, the main purpose of the LDAP plugin is the authentication at an external, central authentication point. The very last thing I want are the users' passwords being replicated to the application's db - in whatever form. I added a feature request for the Mobile App to support password authentication over TLS or the entry of a manually specified token. matomo-org/matomo-mobile-2#5326 |
Just upgraded to Piwik 2.9.1 and LoginLDAP 3.1.0 (from 2.2.7). For this, I completely re-configured the LDAP config, deleted all accounts (but my master admin) from the piwik_user table and synchronized all accounts via console. For LoginLdap, I have to following setup:
Always Use LDAP for Authentication: yes
Synchronize Users After Successful Login: yes
Use Web Server Auth: no
Generate Random token_auth For New Users: yes
Records in piwik_user have passwords starting with {LDAP}xxx and a new tokens. Within the web app, everything is working fine (thanks!). User and admin accounts can login and have their old authorizations to the websites.
However, login with the iOS MobileApp 2.2 is not possible anymore. It tells me that I should check username and password and have access to at least one website, but credentials and authorizations are correct. Any ideas?
Thanks
Martin
The text was updated successfully, but these errors were encountered: