Authentication problem

[Vasyl Ostrovskyi]

Dear friends,,

About a year ago, I migrated my GL to v3. I keep userdata on ldap, so I set up keycloak for user federation, and all worked fine. Then I several times upgraded GL to the latest versions. Since some time ago, some of my users have problems with entering to GL: they enter their credentials, keycloak accepts them, but GL says that the user cannot be authenticated and that they must contact sysadmin.

I made a dump of the database, and noticed that greenlight database 'users' has data in non-uniform format. Namely, the 'external_id' field for some users contains just username, for some users it contains ldap string like 'uid=username,ou=people...', and for some users it contains string like '82a5d513-e7d4-496c-b59f-697bff37a283'

Only the users from the third category can login to their account.

However, other users could successfully login to older v3 versions.

Any help how to fix this?

Thanks in advance,

 Vasyl

[Free Scholar]

Creepy. 

I do have a similar issue but without keycloak. Nice to get some details.

[ahmad....@blindsidenetworks.com]

Try setting USE_EMAIL_AS_EXTERNAL_ID_FALLBACK=truein your .env