I am working on version 8.4 with LDAP enabled. It works fine when I am in our domain. However, if I work out of the domain and try to login on https://localhost:44301/Ui/Login, I always get an unhandled exception:” LdapException: The LDAP server is unavailable”.
As I remembered, if the LDAP is unavailable, it should use standard login automatically. Am I correct? Can you advise what I possibly missed and how to fix it?
I am working on localhost for server side code with Swagger UI or GraphQL Playground.
I actually tried to login via Angular app from "localhost:4200/account/login", but it still got error of "Failed to load resource: the server responded with a status of 500 ()". It is because of server side exception from log: The server could not be contacted. The LDAP server is unavailable.
It is still on development stage for this version. I am not sure if it works on production. Do you think so?
Is it easy to implement something to automatically fall down to standard login when LDAP fails? Even hardcoded is helpfull.
Could you override https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.ZeroCore/Authorization/AbpLoginManager.cs#L313 and see where the exception is thrown ? You may supress the message by overriding this method.
You can do it in the LoginManager.cs in your project.
I am not too sure how to do it. It looks too complicated to me. I would to manually disable LDAP while working out of domain for development.
However, it seems a bug even running in domain network. I tested to login with an user who is not a domain user and its user.AuthenticationSource = NULL. I also tested to login with different tenant, even the built-in firstname.lastname@example.org. All got the same exception: The LDAP server is unavailable. As my test, if our LDAP server was down by any reason, the whole application would be crashed.
The LDAP setting seems working application wide. If it is enabled by one tenant, it impacts all other tenants and all users, no matter what user's AuthenticationSource setting. Any logins trigger "System.DirectoryServices.Protocols.LdapConnection.Connect()". If it is true, I think the logic needs to change: before LdapConnection, check the user's AuthenticationSource setting. If it is not "LDAP", just pass without connection.
I am not able to go too deep into aspnetboilerplate assembly to verify my guess. I am just thinking a simple patch on my application for now. Can you tell me where the "tenant settings" data persistent stored? I couldn't find it from database or files on disk.
Thank you! Look forward to seeing the improvement on version 9.
For now, while developing out of domain, I manually set "Abp.Zero.Ldap.IsEnabled=false" on database table AbpSettings:
update AbpSettings set [Value]='false' where [Name]='Abp.Zero.Ldap.IsEnabled'
I may set it back from client side by enabling "LDAP Authentication", before deploy it to production server.