starred/wiki-requarks
1
0
Fork 0
mirror of https://github.com/requarks/wiki.git synced 2026-03-02 22:06:55 -05:00
Code Issues 131 Projects Packages Wiki Activity

LDAP Configuration Error #1942

New issue
Closed
opened 2026-02-20 18:24:25 -05:00 by deekerman · 11 comments
deekerman commented 2026-02-20 18:24:25 -05:00
Owner
Copy link

Originally created by @alyfilipe on GitHub (Aug 31, 2020).

Question
Hello. We are having difficulty configuring LDAP. We added all the necessary fields and received the error message below when trying to login:

insert into "users" ("createdAt", "email", "isActive", "isSystem", "isVerified", "localeCode", "name", "pictureUrl", "providerId", "providerKey", "tfaIsActive", "updatedAt") values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) returning "id" - invalid byte sequence for encoding "UTF8": 0x00

LDAP Debug is enable and self-registration too.

Host Info
OS: [Docker]
Wiki.js version: [2.4.107]
Database engine: [postgres:11-alpine]
LDAP: FreeIPA

Active Configurations:

LDAP URL
ldap://x-x-x-x:389

Admin Bind DN
uid=xxxxx,cn=users,cn=accounts,dc=xxxx,dc=local

Admin Bind Credentials
x-x-x-x

Search Base
cn=users,cn=accounts,dc=xxxx,dc=local

Search Filter
(uid={{username}})

Unique ID Field Mapping
uid

Email Field Mapping
mail

Display Name Field Mapping
cn

Avatar Picture Field Mapping
jpegPhoto

This configuration is functional in many internal systems.

Thanks.

Originally created by @alyfilipe on GitHub (Aug 31, 2020). **Question** Hello. We are having difficulty configuring LDAP. We added all the necessary fields and received the error message below when trying to login: insert into "users" ("createdAt", "email", "isActive", "isSystem", "isVerified", "localeCode", "name", "pictureUrl", "providerId", "providerKey", "tfaIsActive", "updatedAt") values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) returning "id" - invalid byte sequence for encoding "UTF8": 0x00 LDAP Debug is enable and self-registration too. **Host Info** OS: [Docker] Wiki.js version: [2.4.107] Database engine: [postgres:11-alpine] LDAP: FreeIPA **Active Configurations**: LDAP URL ldap://x-x-x-x:389 ​ Admin Bind DN uid=xxxxx,cn=users,cn=accounts,dc=xxxx,dc=local ​ Admin Bind Credentials x-x-x-x ​ Search Base cn=users,cn=accounts,dc=xxxx,dc=local ​ Search Filter (uid={{username}}) ​ Unique ID Field Mapping uid ​ Email Field Mapping mail ​ Display Name Field Mapping cn ​ Avatar Picture Field Mapping jpegPhoto This configuration is functional in many internal systems. Thanks.
deekerman commented 2026-02-20 18:24:30 -05:00
Author
Owner
Copy link

@BuhtigithuB commented on GitHub (Sep 2, 2020):

I had difficulty with ldap vs ldapS at first when I try you might make sure you didn't try to authenticate to 389 with ldapS and 636 with ldap... There is also the check box for TLS and for cert TLS to uncheck in case of 389 (ldap)...

Then make sure you user "uid" AD field and not "sAMAccountName"... You seems to user FreeIPA, don't know it and how well support it is...

Finally, I didn't get LDAP authentication working with TLS/LDAPS/636 no verification, yet and I try rely hard...

@BuhtigithuB commented on GitHub (Sep 2, 2020): I had difficulty with ldap vs ldapS at first when I try you might make sure you didn't try to authenticate to 389 with ldapS and 636 with ldap... There is also the check box for TLS and for cert TLS to uncheck in case of 389 (ldap)... Then make sure you user "uid" AD field and not "sAMAccountName"... You seems to user FreeIPA, don't know it and how well support it is... Finally, I didn't get LDAP authentication working with TLS/LDAPS/636 no verification, yet and I try rely hard...
deekerman commented 2026-02-20 18:24:30 -05:00
Author
Owner
Copy link

@alyfilipe commented on GitHub (Sep 3, 2020):

I can't use ldaps. He complains about the self-signed certificate -> "warn: LDAP LOGIN ERROR (c1): self signed certificate in certificate chain"

And using ldap on port 389, it seems to work, but some field goes empty for the bank and gives the mentioned error -> warn: LDAP LOGIN ERROR (c2): update "users" set "email" = $1, "name" = $2, "pictureUrl" = $3, "updatedAt" = $4 where "users"."id" = $5 - invalid byte sequence for encoding "UTF8": 0x00

There is no possibility to work without LDAP. So I'm already selling other wiki alternatives, in case wikijs don't work

@alyfilipe commented on GitHub (Sep 3, 2020): I can't use ldaps. He complains about the self-signed certificate -> "warn: LDAP LOGIN ERROR (c1): self signed certificate in certificate chain" And using ldap on port 389, it seems to work, but some field goes empty for the bank and gives the mentioned error -> warn: LDAP LOGIN ERROR (c2): update "users" set "email" = $1, "name" = $2, "pictureUrl" = $3, "updatedAt" = $4 where "users"."id" = $5 - invalid byte sequence for encoding "UTF8": 0x00 There is no possibility to work without LDAP. So I'm already selling other wiki alternatives, in case wikijs don't work
deekerman commented 2026-02-20 18:24:30 -05:00
Author
Owner
Copy link

@rafacouto commented on GitHub (Sep 4, 2020):

I can confirm the bug reported by @alyfilipe with similar configurations (dockers requarks/wiki:2 and postgres:11) and LDAP / Active Directory authentication module.

Anyway, I think it is not related to LDAP module but the problem seems with postgresql when trying to do auto registration the first time the user is authenticated. I have done a valid installation with mariadb (ldap and ldaps+certificate running OK).

@rafacouto commented on GitHub (Sep 4, 2020): I can confirm the bug reported by @alyfilipe with similar configurations (dockers requarks/wiki:2 and **postgres**:11) and LDAP / Active Directory authentication module. Anyway, I think it is not related to LDAP module but [the problem seems with **postgresql when trying to do auto registration**](https://stackoverflow.com/questions/1347646/postgres-error-on-insert-error-invalid-byte-sequence-for-encoding-utf8-0x0) the first time the user is authenticated. I have done a valid installation with mariadb (ldap and ldaps+certificate running OK).
deekerman commented 2026-02-20 18:24:30 -05:00
Author
Owner
Copy link

@rafacouto commented on GitHub (Sep 4, 2020):

Related: #849

@rafacouto commented on GitHub (Sep 4, 2020): Related: #849
deekerman commented 2026-02-20 18:24:30 -05:00
Author
Owner
Copy link

@rafacouto commented on GitHub (Sep 4, 2020):

Confirmed: it is a problem with Postgresql and the Avatar Picture Field Mapping (maybe with any non existent attribute for the user in the LDAP). It is working now after using displayName (existing attribute for that field):

working mapping

@rafacouto commented on GitHub (Sep 4, 2020): Confirmed: it is a problem with Postgresql and the _Avatar Picture Field Mapping_ (maybe with any non existent attribute for the user in the LDAP). It is working now after using _displayName_ (existing attribute for that field): ![working mapping](https://i.imgur.com/AYlMzP7.png)
deekerman commented 2026-02-20 18:24:30 -05:00
Author
Owner
Copy link

@alyfilipe commented on GitHub (Sep 4, 2020):

Perfect. Using the informed parameter it worked without problems. I appreciate the help

@alyfilipe commented on GitHub (Sep 4, 2020): Perfect. Using the informed parameter it worked without problems. I appreciate the help
deekerman commented 2026-02-20 18:24:30 -05:00
Author
Owner
Copy link

@rafacouto commented on GitHub (Sep 4, 2020):

Well, the problem is just a trick to avoid the fatal error. The bug must be arranged to do the avatar picture mapping...

@rafacouto commented on GitHub (Sep 4, 2020): Well, the problem is just a trick to avoid the fatal error. The bug must be arranged to do the avatar picture mapping...
deekerman commented 2026-02-20 18:24:31 -05:00
Author
Owner
Copy link

@NGPixel commented on GitHub (Sep 6, 2020):

@rafacouto See #849

@NGPixel commented on GitHub (Sep 6, 2020): @rafacouto See #849
deekerman commented 2026-02-20 18:24:31 -05:00
Author
Owner
Copy link

@rafacouto commented on GitHub (Sep 8, 2020):

@NGPixel Why both issues are closed? It is clearly a bug and it should be solved. The explained trick is a bypass to avoid the error with postgresql and auto-registration with the avatar: the postgresql wikijs layer must manage binaries with avatar field or it must be deactivated with this database engine. Do you prefer to open a new one to treat the bug?

@rafacouto commented on GitHub (Sep 8, 2020): @NGPixel Why both issues are closed? It is clearly a bug and it should be solved. The explained trick is a bypass to avoid the error with postgresql and auto-registration with the avatar: the **postgresql wikijs layer must manage binaries with avatar field** or it must be deactivated with this database engine. Do you prefer to open a new one to treat the bug?
deekerman commented 2026-02-20 18:24:31 -05:00
Author
Owner
Copy link

@NGPixel commented on GitHub (Sep 8, 2020):

@rafacouto Have you actually read the last reply #849 or you just assumed it was closed for no reason?

@NGPixel commented on GitHub (Sep 8, 2020): @rafacouto Have you actually read the last reply #849 or you just assumed it was closed for no reason?
deekerman commented 2026-02-20 18:24:31 -05:00
Author
Owner
Copy link

@rafacouto commented on GitHub (Sep 8, 2020):

Sorry, your commit was 11 hours ago and this issue was closed 2 days ago... Updated and tested: it allows autoregister with postgresql 👍

@rafacouto commented on GitHub (Sep 8, 2020): Sorry, your commit was 11 hours ago and this issue was closed 2 days ago... Updated and tested: it allows autoregister with postgresql :+1:
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
scarlett
vega
feat-toc
v2.5.312
v2.5.311
v2.5.310
v2.5.309
v2.5.308
v2.5.307
v2.5.306
v2.5.305
v2.5.304
v2.5.303
v2.5.302
v2.5.301
v2.5.300
v2.5.299
v2.5.298
v2.5.297
v2.5.296
v2.5.295
v2.5.294
v2.5.293
v2.5.292
v2.5.291
v2.5.290
v2.5.289
v2.5.288
v2.5.287
v2.5.286
v2.5.285
v2.5.284
v2.5.283
v2.5.282
v2.5.281
v2.5.280
v2.5.279
v2.5.278
v2.5.277
v2.5.276
v2.5.275
2.5.274
2.5.272
2.5.268
2.5.264
2.5.260
2.5.255
2.5.254
2.5.219
2.5.214
2.5.201
2.5.197
2.5.191
2.5.170
2.5.159
2.5.144
2.5.136
2.5.132
2.5.126
2.5.121
2.5.117
2.5.105
2.4.107
2.4.105
2.4.75
2.3.81
2.3.77
2.3.72
2.3.71
2.2.51
2.2.50
2.1.113
2.0.12
2.0.1
2.0.0-rc.17
2.0.0-rc.1
2.0.0-beta.303
2.0.0-beta.275
2.0.0-beta.268
2.0.0-beta.267
2.0.0-beta.241
2.0.0-beta.230
2.0.0-beta.208
2.0.0-beta.203
2.0.0-beta.180
2.0.0-beta.174
2.0.0-beta.148
2.0.0-beta.147
2.0.0-beta.115
2.0.0-beta.91
2.0.0-beta.84
2.0.0-beta.68
2.0.0-beta.42
2.0.0-beta.11
v1.0.102
v1.0.78
v1.0.76
v1.0.68
v1.0.66
v1.0.12
v1.0.11
v1.0.10
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.1
v1.0.0-beta.13
v1.0.0-beta.12
v1.0.0-beta.11
v1.0.0-beta.10
v1.0.0-beta.9
v1.0.0-beta.8
v1.0.0-beta.7
v1.0.0-beta.6
v1.0-beta.5
v1.0-beta.4
v1.0-beta.3
v1.0-beta.2
v1.0-beta.1
v1.0-alpha.7
v1.0-alpha.6
v1.0-alpha.5
v1.0-alpha.4
v1.0-alpha.3
v1.0-alpha.2
v1.0-alpha.1
Labels
Clear labels   
BETA

   
BETA

   
accessibility

   
backlog

   
bug

   
can't replicate

   
contrib-easy

   
contrib-hard

   
contrib-medium

   
deferred

   
documentation

   
duplicate

   
duplicate

   
editors

   
enhancement

   
invalid

   
localization

   
migrate

   
ui

   
under review

   
v3
No labels
BETA
BETA
accessibility
backlog
bug
can't replicate
contrib-easy
contrib-hard
contrib-medium
deferred
documentation
duplicate
duplicate
editors
enhancement
invalid
localization
migrate
ui
under review
v3
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/wiki-requarks#1942
No description provided.