I’ve encountered an issue while using LDAP authentication with OTP enabled, and I’d like to report it in case others are facing the same problem or if there’s a possible fix.
Issue description:
I have successfully configured LDAP for user authentication, and it’s working perfectly.
I’ve enabled OTP 2FA by configuring it in the .env file.
The OTP functionality works fine for local accounts.
However, when attempting to log in with an LDAP account, it fails though it continues to work without issues for local accounts.
Steps to reproduce:
Configure LDAP authentication (LDAP works as expected).
Enable OTP by setting it in the .env file (local accounts work as expected).
Attempt to log in with an LDAP account — the login fail with this error
Please enter a correct Username and password. Note that both fields may be case-sensitive.
Current Python and Django authentication libraries are not sufficiently integrated to cover the needs serviced by Mayan EDMS.
Since version 4.2 we’ve included our own authentication plugin system and custom multi-factor authentication pipeline, views, and forms. This system that allows stacking and combing different authentication methods like OIDC + local OTP.
LDAP authentication is not yet integrated into this system and enabling LDAP bypasses Mayan’s native authentication. Therefore when using LDAP, all other authentication integrations will not work as expected because Mayan no longer controls the authentication process.
LDAP authentication has not yet been integrated because of all the possible configuration iterations it requires specially when used in Active Directory which is a subset, non standard proprietary addition by Microsoft. Due to these incompatibilities, it is not yet determined if LDAP authentication will be integrated into the new system.
Here is the Knowledge Base tutorial on how to properly enable OTP: