Hi to all,
I try to configure SSO LDAP Authentication,
In my LDAP server are registered some users with mail and others without mail.
I can log through LDAP auth only users with email configured and not the users without email,
I tried to put the following configuration:
USER FILTER (&(|(displayName={login})))
FIRST NAME ATTRIBUTE displayName
but the login is allowed only to users registered with email, if the user is without mail, Metabase send a ‘password not valid’ message.
Instead, with the following configuration:
USER FILTER (&(|(displayName={login})(givenName={login})))
EMAIL ATTRIBUTE givenName
FIRST NAME ATTRIBUTE displayName
when I try to log by LDAP a user that have any email setted, i obtain the following message:
Input to create-new-ldap-auth-user! does not match schema: e[0;33m [(named {:email (not (“Valid email address” ))} new-user)] e[0m
Unfortunately I can’t assign a mail to the users that I want to login.
There is any way to bypass the mail control during the LDAP authentication?
I also thought to that, but i’m really newbie both with metabase and ldap
What I tried is that when mb have to log a new user, it creates a new user, passing a mail as you say (i.e. user@example.com)
to do that I tried to put following attributes:
EMAIL ATTRIBUTE givenName + ‘@example.com’
EMAIL ATTRIBUTE givenName , ‘@example.com’
EMAIL ATTRIBUTE givenName ‘@example.com’
nothing of these tricks seems to work and I didn’t find anythink about how to do something like this on web.
Anyway it’s a bad solution and I prefer something like that configure mb to not require a mail address
Doing some searching, it doesn’t seem like it’s possible.
Since I don’t use LDAP - then I’ll attach a link to another forum post and ask a super user. LDAP Debugging
@PGianlu no it’s not posible by configuration to not have Metabase require emails.
It is due to this hard coded check:
You may remove the check - but I’m unsure what else will break then. For sure sending emails to those users
Depending on your setup some options I can think of are:
modifying the Metabase source where you possibly have to maintain your own fork. Alternatively contribute a solution back that is both simple AND behaves well for empty emails.
Find a way through some background task to inject dummy valid email addresses to the LDAP to an alternative field, like you tried with pointing to givenName.
——
@flamber WOOT a fellow Dane in here? Glæder mig at se dig her