Content
View differences
Updated by Oliver Günther 4 days ago
### Steps to reproduce
1. On first install, seed an LDAP auth source from env vars: `OPENPROJECT_SEED_LDAP_<name>_<key>`.
2. Use keys following the usual `OPENPROJECT_*` double-underscore convention (e.g. `..._TLS__MODE`, `..._ACCOUNT`, `..._BASE__DN`) and single-underscore mapping keys (e.g. `..._LOGIN_MAPPING`).
3. Run the seeder (`db:seed`).
### What is the buggy behavior?
* - Keys not matching the **literal options-hash name** are silently ignored:
*
- `..._TLS__MODE` ignored → seeder fails with **"TLS **"TLS mode is invalid or missing"** missing"** (the correct key is `SECURITY`).
*
- `..._LOGIN_MAPPING` (single underscore) → `options["login_mapping"]` is nil → **"Username **"Username attribute can't can't be blank"** blank"** (must be `LOGIN__MAPPING`, doubled).
*
- The convention is undocumented and internally inconsistent: single-token keys stay single (`BINDUSER`, `BINDPASSWORD`, `BASEDN`, `SECURITY`), but underscore-bearing keys must be doubled (`LOGIN__MAPPING`, `TLS__VERIFY`). `..._NAME` is a silent no-op.
### What is the expected behavior?
* - Document the exact keys (`BINDUSER`, `BINDPASSWORD`, `BASEDN`, `SECURITY`, `TLS_VERIFY`, `*_MAPPING`) and the single-vs-double-underscore rule; validate/warn on unknown keys at seed time instead of silently ignoring them; ideally accept intuitive aliases (`ACCOUNT`, `BASE__DN`, `TLS__MODE`, …).
### Root cause / proposed fix
* - `LdapSeeder` reads `Setting.seed_ldap[<name>][<key>]` where `<key>` is the literal options-hash key, while the env-var → nested-hash parser splits the nested portion on single underscores. Verified against v17.4.0 `app/seeders/env_data/ldap_seeder.rb`.
* The LDAP seeder should run a test connection, and output warning if the connection cannot be established
### Logs
```text ```
TLS mode is invalid or missing
Username attribute can't be blank
```
### Environment information
**OpenProject installation type**
*
- [x] Other (please specify): **Kubernetes — official OpenProject Helm chart (opf/helm-charts 13.5.1), deployed via ArgoCD on EC DIGIT CaaS (private cloud)**
**OpenProject version**
v17.3.1 (chart 13.5.1). Verified still present on v17.4.0.
**Browser**
*
- [x] Other (please specify): **N/A — server-side (seeder)**
**Operating System**
*
- [x] Linux (please specify distro): **Debian (OpenProject slim container base), on Kubernetes**
**Language**
Browser English (en); OpenProject user language English.
1. On first install, seed an LDAP auth source from env vars: `OPENPROJECT_SEED_LDAP_<name>_<key>`.
*
*
-
*
-
*
-
*
*
* The LDAP seeder should run a test connection, and output warning if the connection cannot be established
```text
TLS mode is invalid or missing
Username attribute can't be blank
```
### Environment information
**OpenProject installation type**
*
-
**OpenProject version**
**Browser**
*
-
**Operating System**
*
-
**Language**