starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 13:05:53 +03:00

[GH-ISSUE #1481] 💬 [Question] How to config LDAP auth #664

New issue

Closed

opened 2026-02-25 21:35:37 +03:00 by kerem · 7 comments

kerem commented

2026-02-25 21:35:37 +03:00

Owner

Originally created by @kevinend51 on GitHub (Mar 24, 2025).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1481

Originally assigned to: @IrAlfred on GitHub.

💬 Question

I want to login cypht with my ldap server, here is my docker-compose.yml:

services:
  db:
    image: mariadb:10
    volumes:
      - ./mysql:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=<db_root_password>
      - MYSQL_DATABASE=cypht
      - MYSQL_USER=cypht
      - MYSQL_PASSWORD=<db_password>
  cypht:
    image: cypht/cypht:2.4.0
    ports:
      - "50210:80"
    environment:
      - DB_CONNECTION_TYPE=host
      - DB_DRIVER=mysql
      - DB_HOST=db
      - DB_NAME=cypht
      - DB_USER=cypht
      - DB_PASS=<db_password>
      - SESSION_TYPE=DB
      - USER_CONFIG_TYPE=DB
      - AUTH_TYPE=LDAP
      - LDAP_AUTH_PORT=50061
      - LDAP_AUTH_SERVER=<ldap_server_domain>
      - LDAP_AUTH_TLS=
      - LDAP_AUTH_BASE_DN="dc=ldap,dc=goauthentik,dc=io"

While I am able to bind the user with the following command:

ldapsearch \
  -x \
  -H ldap://<ldap_server_domain>:50061 \
  -D 'cn=<username>,ou=users,dc=ldap,dc=goauthentik,dc=io' \
  -w '<password>' \
  -b 'dc=ldap,dc=goauthentik,dc=io'

I'm not able to login cypht with the same username and password, as the following screenshot:

And from my ldap server's (authentik ldap outpost) log, it seems that cypht is not reaching out to ldap server. Is there an example about how to config cyptht to login with ldap server?

Originally created by @kevinend51 on GitHub (Mar 24, 2025). Original GitHub issue: https://github.com/cypht-org/cypht/issues/1481 Originally assigned to: @IrAlfred on GitHub.    ## 💬 Question  I want to login cypht with my ldap server, here is my docker-compose.yml: ``` services: db: image: mariadb:10 volumes: - ./mysql:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=<db_root_password> - MYSQL_DATABASE=cypht - MYSQL_USER=cypht - MYSQL_PASSWORD=<db_password> cypht: image: cypht/cypht:2.4.0 ports: - "50210:80" environment: - DB_CONNECTION_TYPE=host - DB_DRIVER=mysql - DB_HOST=db - DB_NAME=cypht - DB_USER=cypht - DB_PASS=<db_password> - SESSION_TYPE=DB - USER_CONFIG_TYPE=DB - AUTH_TYPE=LDAP - LDAP_AUTH_PORT=50061 - LDAP_AUTH_SERVER=<ldap_server_domain> - LDAP_AUTH_TLS= - LDAP_AUTH_BASE_DN="dc=ldap,dc=goauthentik,dc=io" ``` While I am able to bind the user with the following command: ``` ldapsearch \ -x \ -H ldap://<ldap_server_domain>:50061 \ -D 'cn=<username>,ou=users,dc=ldap,dc=goauthentik,dc=io' \ -w '<password>' \ -b 'dc=ldap,dc=goauthentik,dc=io' ``` I'm not able to login cypht with the same username and password, as the following screenshot: ![Image](https://github.com/user-attachments/assets/7e4e1071-acba-4b28-90f6-9c3863473e66) And from my ldap server's (authentik ldap outpost) log, it seems that cypht is not reaching out to ldap server. Is there an example about how to config cyptht to login with ldap server?

kerem

2026-02-25 21:35:37 +03:00

closed this issue
added the
question
label

kerem commented

2026-02-25 21:35:38 +03:00

Author

Owner

@marclaporte commented on GitHub (Apr 21, 2025):

@kevinend51

I don't use Cypht this way. And because it involves another piece of software, it's tricky to reproduce for developers.

Could you do a screenshare with a Cypht developer about this? Ideally they could have access to a system without confidential data, which exhibits the issue.

Please join us in the community chat room:
https://gitter.im/cypht-org/community

@marclaporte commented on GitHub (Apr 21, 2025): @kevinend51 I don't use Cypht this way. And because it involves another piece of software, it's tricky to reproduce for developers. Could you do a screenshare with a Cypht developer about this? Ideally they could have access to a system without confidential data, which exhibits the issue. Please join us in the community chat room: https://gitter.im/cypht-org/community

kerem commented

2026-02-25 21:35:38 +03:00

Author

Owner

@tablebird commented on GitHub (Jul 17, 2025):

you config

  - LDAP_AUTH_PORT=50061
  - LDAP_AUTH_SERVER=<ldap_server_domain>
  - LDAP_AUTH_TLS=
  - LDAP_AUTH_BASE_DN="dc=ldap,dc=goauthentik,dc=io"

In cypht it is actually similar to

ldapsearch \
  -x \
  -H ldap://<ldap_server_domain>:50061 \
  -D 'cn=<username>,dc=ldap,dc=goauthentik,dc=io' \ # binddn rule 'cn=<username>,<LDAP_AUTH_BASE_DN>'
  -w '<password>' \

And the official cypht image does not install the ldap support library, you need to modify Dockerfile to add ldap dependency. You can refer to the changes to Dockerfile in this commit

If you want to log in by searching for sub-users, you can use my modified image,

https://hub.docker.com/r/tablebird/cypht

If you want to log in by searching for sub-users, you can use my modified image. To use my image, you need to configure the following environment variables

Instructions for configuration can be found in ldap.php

AUTH_TYPE=LDAP
#ldap.php
LDAP_SERVER=localhost
LDAP_ENABLE_TLS=true
LDAP_PORT=389
LDAP_BASE_DN="dc=example,dc=com"
LDAP_SEARCH_TERM="objectclass=inetOrgPerson"
LDAP_AUTH=false
LDAP_USER=''
LDAP_PASS=''
LDAP_OBJECT_CLASS="top,person,organizationalperson,inetorgperson"
LDAP_READ_WRITE=true

@tablebird commented on GitHub (Jul 17, 2025): you config ```conf - LDAP_AUTH_PORT=50061 - LDAP_AUTH_SERVER=<ldap_server_domain> - LDAP_AUTH_TLS= - LDAP_AUTH_BASE_DN="dc=ldap,dc=goauthentik,dc=io" ``` In cypht it is actually similar to ```bash ldapsearch \ -x \ -H ldap://<ldap_server_domain>:50061 \ -D 'cn=<username>,dc=ldap,dc=goauthentik,dc=io' \ # binddn rule 'cn=<username>,<LDAP_AUTH_BASE_DN>' -w '<password>' \ ``` And the official cypht image does not install the ldap support library, you need to modify [Dockerfile](https://github.com/cypht-org/cypht/blob/master/docker/Dockerfile) to add ldap dependency. You can refer to the changes to Dockerfile in this [commit](https://github.com/tablebird/cypht/commit/86f253f2fc0f79612a46f4090ed6fcd7fc6ce2c7#diff-f34da55ca08f1a30591d8b0b3e885bcc678537b2a9a4aadea4f190806b374ddc) If you want to log in by searching for sub-users, you can use my modified image, https://hub.docker.com/r/tablebird/cypht If you want to log in by searching for sub-users, you can use my modified image. To use my image, you need to configure the following environment variables Instructions for configuration can be found in [ldap.php](https://github.com/tablebird/cypht/blob/master/config/ldap.php) ```conf AUTH_TYPE=LDAP #ldap.php LDAP_SERVER=localhost LDAP_ENABLE_TLS=true LDAP_PORT=389 LDAP_BASE_DN="dc=example,dc=com" LDAP_SEARCH_TERM="objectclass=inetOrgPerson" LDAP_AUTH=false LDAP_USER='' LDAP_PASS='' LDAP_OBJECT_CLASS="top,person,organizationalperson,inetorgperson" LDAP_READ_WRITE=true ```

kerem commented

2026-02-25 21:35:38 +03:00

Author

Owner

@kevinend51 commented on GitHub (Jul 21, 2025):

@marclaporte May I ask why the official image doesn’t support LDAP login out of the box, and requires additional patches like the one provided by tablebird to make it work? Based solely on the official documentation, it seems LDAP is already supported, but after configuration it appears to have no effect.

@kevinend51 commented on GitHub (Jul 21, 2025): @marclaporte May I ask why the official image doesn’t support LDAP login out of the box, and requires additional patches like the one provided by tablebird to make it work? Based solely on the official documentation, it seems LDAP is already supported, but after configuration it appears to have no effect.

kerem commented

2026-02-25 21:35:38 +03:00

Author

Owner

@marclaporte commented on GitHub (Jul 21, 2025):

@kevinend51 I have no objection to add LDAP out of the box.

Can you prepare a PR or do you need a developer to help you?

@marclaporte commented on GitHub (Jul 21, 2025): @kevinend51 I have no objection to add LDAP out of the box. Can you prepare a PR or do you need a developer to help you?

kerem commented

2026-02-25 21:35:38 +03:00

Author

Owner

@kevinend51 commented on GitHub (Jul 23, 2025):

@kevinend51 I have no objection to add LDAP out of the box.

Can you prepare a PR or do you need a developer to help you?

By looking at this line:
https://github.com/cypht-org/cypht/blob/master/config/app.php#L56
I think cypht has LDAP support out of the box via proper configuration

Am I mistaking something?

@kevinend51 commented on GitHub (Jul 23, 2025): > [@kevinend51](https://github.com/kevinend51) I have no objection to add LDAP out of the box. > > Can you prepare a PR or do you need a developer to help you? By looking at this line: https://github.com/cypht-org/cypht/blob/master/config/app.php#L56 I think cypht has LDAP support out of the box via proper configuration Am I mistaking something?

kerem commented

2026-02-25 21:35:38 +03:00

Author

Owner

@IrAlfred commented on GitHub (Aug 26, 2025):

@kevinend51 I have no objection to add LDAP out of the box.
Can you prepare a PR or do you need a developer to help you?

By looking at this line: https://github.com/cypht-org/cypht/blob/master/config/app.php#L56 I think cypht has LDAP support out of the box via proper configuration

Am I mistaking something?

https://github.com/cypht-org/cypht/wiki/How-to-setup-LDAP-Authentication

@IrAlfred commented on GitHub (Aug 26, 2025): > > [@kevinend51](https://github.com/kevinend51) I have no objection to add LDAP out of the box. > > Can you prepare a PR or do you need a developer to help you? > > By looking at this line: https://github.com/cypht-org/cypht/blob/master/config/app.php#L56 I think cypht has LDAP support out of the box via proper configuration > > Am I mistaking something? [https://github.com/cypht-org/cypht/wiki/How-to-setup-LDAP-Authentication](https://github.com/cypht-org/cypht/wiki/How-to-setup-LDAP-Authentication)

kerem commented

2026-02-25 21:35:38 +03:00

Author

Owner

@IrAlfred commented on GitHub (Sep 24, 2025):

Hello @kevinend51,

We have a good news for you !

We have addressed this issue. The required LDAP libraries have been added to the docker image configuration on development branch (master), and the underlying LDAP authentication logic has also been improved.

It would be great if you can retest and provide your feedback. Here are your options to get a working LDAP setup:

Test with the Latest Daily Docker Image (Easiest Option)

We now publish daily Docker images from the master branch to our Docker Hub registry. This is the quickest and easiest way to test the latest fixes without building the image yourself. You can update your docker-compose.yml file to use the cypht/cypht:daily image. Please note that while these images contain the latest code, they are considered "unstable" as they are development builds.

Build the Docker Image Locally
If you are comfortable building a Docker image yourself, you can test the fix immediately. You would need to:

Clone the master branch from the GitHub repository.
Build the Docker image locally.
Update your docker-compose.yml to use your locally built image.
While this is the fastest way to verify the fix, we acknowledge it's not straightforward for all users.

Wait for the Next Official Release

The simpler option is to wait for the next official Docker image release, which will include both the LDAP dependency and the authentication fixes. This will provide a stable, ready-to-use solution without any extra steps on your part. The release is scheduled for the near future https://github.com/cypht-org/cypht/issues/1624.

Meanwhile, we are closing this issue as the fix has been implemented. Please feel free to reopen the issue if you still encounter the error after testing with the daily Docker image or the official release. We appreciate you sharing your findings with us.

Thank you for your contribution to improving Cypht !

@IrAlfred commented on GitHub (Sep 24, 2025): Hello @kevinend51, **We have a good news for you !** We have addressed this issue. The required LDAP libraries have been added to the docker image configuration on development branch (master), and the underlying LDAP authentication logic has also been improved. It would be great if you can retest and provide your feedback. Here are your options to get a working LDAP setup: 1. Test with the Latest Daily Docker Image (Easiest Option) We now publish daily Docker images from the master branch to our Docker Hub registry. This is the quickest and easiest way to test the latest fixes without building the image yourself. You can update your docker-compose.yml file to use the `cypht/cypht:daily` image. Please note that while these images contain the latest code, they are considered "unstable" as they are development builds. 2. Build the Docker Image Locally If you are comfortable building a Docker image yourself, you can test the fix immediately. You would need to: - Clone the master branch from the GitHub repository. - Build the Docker image locally. - Update your docker-compose.yml to use your locally built image. While this is the fastest way to verify the fix, we acknowledge it's not straightforward for all users. 3. Wait for the Next Official Release The simpler option is to wait for the next official Docker image release, which will include both the LDAP dependency and the authentication fixes. This will provide a stable, ready-to-use solution without any extra steps on your part. The release is scheduled for the near future [https://github.com/cypht-org/cypht/issues/1624](https://github.com/cypht-org/cypht/issues/1624). **Meanwhile, we are closing this issue as the fix has been implemented**. Please feel free to reopen the issue if you still encounter the error after testing with the daily Docker image or the official release. We appreciate you sharing your findings with us. *Thank you for your contribution to improving Cypht !*