First time LDAP user - clueless

My version of HedgeDoc is: 1.9.4

What I expected to happen:

I want to use my LDAP-Server GitHub - nitnelave/lldap: Light LDAP implementation for login.

What actually happened:

TypeError: Cannot add property 3, object is not extensible
    at Array.push (<anonymous>)
    at LdapAuth._findUser (/app/hedgedoc/node_modules/ldapauth-fork/lib/ldapauth.js:329:21)
    at LdapAuth.authenticate (/app/hedgedoc/node_modules/ldapauth-fork/lib/ldapauth.js:418:8)
    at Strategy.handleAuthentication (/app/hedgedoc/node_modules/passport-ldapauth/lib/passport-ldapauth/strategy.js:276:8)
    at Strategy.authenticate (/app/hedgedoc/node_modules/passport-ldapauth/lib/passport-ldapauth/strategy.js:344:33)
    at attempt (/app/hedgedoc/node_modules/passport/lib/middleware/authenticate.js:369:16)
    at authenticate (/app/hedgedoc/node_modules/passport/lib/middleware/authenticate.js:370:7)
    at /app/hedgedoc/lib/web/auth/ldap/index.js:88:5
    at Layer.handle [as handle_request] (/app/hedgedoc/node_modules/express/lib/router/layer.js:95:5)
    at next (/app/hedgedoc/node_modules/express/lib/router/route.js:144:13)
    at /app/hedgedoc/node_modules/body-parser/lib/read.js:137:5
    at AsyncResource.runInAsyncScope (node:async_hooks:202:9)
    at invokeCallback (/app/hedgedoc/node_modules/raw-body/index.js:231:16)
    at done (/app/hedgedoc/node_modules/raw-body/index.js:220:7)
    at IncomingMessage.onEnd (/app/hedgedoc/node_modules/raw-body/index.js:280:7)
    at IncomingMessage.emit (node:events:539:35)
    at endReadableNT (node:internal/streams/readable:1345:12)
    at processTicksAndRejections (node:internal/process/task_queues:83:21)

I already tried:

Here is my docker-compose.yml file

  hedgedoc:
    image: lscr.io/linuxserver/hedgedoc:latest
    container_name: hedgedoc
    restart: always
    depends_on:
      - mariadb
      - lldap
    volumes:
      - /home/ubuntu/docker/hedgedoc/config:/config
    environment:
      - NODE_ENV=production
      - DB_HOST=mariadb
      - DB_USER=hedgedoc
      - DB_PASS=password
      - DB_NAME=hedgedoc
      - DB_PORT=3306
      - PGID=1001
      - PUID=1001
      - TZ=Europe/Berlin
      - CMD_ALLOW_EMAIL_REGISTER=false
      - CMD_DB_URL=mysql://hedgedoc:password@hedgedoc_mariadb:3306/hedgedoc
      - CMD_DOMAIN=mydomain.com
      - CMD_URL_ADDPORT=false 
      - CMD_PROTOCOL_USESSL=true
      - CMD_PORT=3000 #optional
      - CMD_ALLOW_ANONYMOUS=false
      - CMD_LDAP_URL=ldap://lldap:3890
      - CMD_LDAP_BINDDN=cn=admin,ou=people,dc=example,dc=com
      - CMD_LDAP_BINDCREDENTIALS=abcdefghi
      - CMD_LDAP_SEARCHBASE=cn=hedgedoc,dc=example,dc=com
      - CMD_LDAP_SEARCHFILTER=(&(objectClass=person)(uid={{username}}))
      - CMD_LDAP_SEARCHATTRIBUTES=uid,displayName,mail
      - CMD_LDAP_USERNAMEFIELD=displayName
      - CMD_LDAP_USERIDFIELD=uid

This is the first time for me trying to setup and use a LDAP server.
At my LDAP i created the groupe “hedgedoc” and added a few testusers.

Hello @Hobbabobba,

welcome to the community forum.

Your issues seems to be the same as described here LDAP login failure · Issue #2561 · hedgedoc/hedgedoc · GitHub. This bug fix will be included in the next release, which should happen quite soon.

Greetings,
DerMolly

I got it working with lldap:
- CMD_LDAP_URL=ldap://lldap:3890
- CMD_LDAP_BINDDN=uid=admin,ou=people,dc=example,dc=org
- CMD_LDAP_BINDCREDENTIALS=password
- CMD_LDAP_SEARCHBASE=ou=people,dc=example,dc=org
- CMD_LDAP_SEARCHFILTER=(&(uid={{username}}))
- CMD_LDAP_USERIDFIELD=uid

Thanks so much! Finally it works.
I noticed it works for any user at the LDAP. Is it possible to work just for users, who are members of a groupe “hedgedoc”?

You should be able to acomplish that with the search filter. Some documentation for that can be found here.
If I remember correctly at least openldap needs an plugin(?) called memberOf to easily filter for members of groups, but this could be outdated information.

Got it working!

The setting to allow any user who is member of the group hedgedoc is

      - CMD_LDAP_URL=ldap://lldap:3890
      - CMD_LDAP_BINDDN=uid=admin,ou=people,dc=example,dc=com
      - CMD_LDAP_BINDCREDENTIALS=password
      - CMD_LDAP_SEARCHBASE=ou=people,dc=example,dc=com
      - CMD_LDAP_SEARCHFILTER=(&(memberOf=cn=hedgedoc,ou=groups,dc=example,dc=com)(uid={{username}}))
      - CMD_LDAP_USERIDFIELD=uid