Mattermost doesn't pull in users or authenticate


#1

Hi,

I have 3 users in Univention that have been tagged as Mattermost users. When I do an AD/LDAP sync via Mattermost, it pulls in a single user only. That user cannot login to Mattermost.

Does anyone have this running? Is it working for them?

Gerald


#2

Hi @gbr,

I heard of a similar report already, but did not yet have time to dive deeper into this. At the moment I unfortunately do not have a valid license at the moment.

Maybe the folks over at https://forum.mattermost.org/ have an idea what could be wrong.

Mattermost is configured for ldap in https://stash.z-hub.io/projects/K4U/repos/mattermost/browse/inst#150-166

Mattermosts LDAP configuration is explained in https://docs.mattermost.com/administration/config-settings.html#ad-ldap and https://docs.mattermost.com/deployment/sso-ldap.html


#3

Thanks for the response. I looked at those pages already, but didn’t want to change too much of the autp config. I’ll be working on that now.

I have a support ticket in with them as well, so we’ll see where that goes.

Gerald


#4

I changed the LDAP settings to what Mattermost recommends, and everything works fine. I lose the Univention Mattermost flag, but that’s not an issue here.


#5

To the benefit of others: these recommendations are?


#6

This lets everyone in my domain login.

image
image
image


#7

hm… with a more simple user filter my Mattermost (version 5.8.0) crashes now.

I reached out to my mattermost contacts to get behind this.


#8

how do you get there?


#9

found ldap test here

wget https://raw.githubusercontent.com/mattermost/mattermost-server/master/scripts/ldap-check.sh

and ldap is working, but users cant login?

any idea

ldapsearch -LLL -x -h 192.168.50.10 -p 7389 -D “cn=matte-73503033,cn=memberserver,cn=computers,dc=sysops,dc=local” -w “551aec32df68df060f5c66558b864d48c33291cf892e476508f0c823a15555ee” -b “dc=sysops,dc=local” “(&(uidnumber=pl-info)(&(objectClass=mattermostUser)(mattermostActivated=1)))” uidnumber uid mailPrimaryAddress

tried login with pl-info and primary email


#10

Sorry. All I know is that my setting above work for me. Everyone from my domain can now use Mattermost.

Gerald


#11

seems i need a license for ldap!
applied for a evaluation and waitung


#12

That’s correct. The LDAP integration of Mattermost is one of the paid-only features. See this page for a full feature comparison between the three editions.


#13

The app description mentions this as well. Including a link to request a trial key.