Automatically activate LDAP Users?

Installation Issues
1

Checklist
[X] I have read intro post: About the Installation Issues category
[X] I have read the tutorials, help and searched for similar issues
[X] I provide relevant information about my server (component names and versions, etc.)
[] I provide a copy of my logs and healthcheck
[X] I describe the steps I have taken to trouble shoot the problem
[X] I describe the steps on how to reproduce the issue

Hi there, we’re using passbolt pro running in Docker. We’ve successfully connected passbolt to our LDAP server & pulled users in. However when the users login they are prompted to check their e-mail and click a link to activate - this is an offline environment and will never have SMTP or e-mail. Can we manually activate these users so they can just login with their LDAP username & password?

Thanks in advance

2

Hi @jibsec :wave: and welcome to passbolt community forum :handshake:

You must be aware than LDAP plugin is not a kind of single-sign-on and is only used to provision passbolt database with your users and their associated groups.

Once users and groups created, each user has to connect to passbolt with the link provided in email.
This link is to achieve user registration:

  • a PGP key-pair will be created by the web browser extension.
  • User will have to define a passphrase to protect the private key: this passphrase is not related to LDAP credentials and can be different.
  • The public key will be registered in passbolt database
  • The private key will be stored locally in passbolt browser extension
  • User must keep a backup of his private key in a safe place. If the private key is lost, non-shared password are lost
  • The private key will be needed if the user want to connect to his passbolt account from another browser or computer, he can’t connect with LDAP credentials

Finally, you can generate a list of users with pending registration and the associated passbolt link with this SQL request (replace passbolt.domain.tld with your passbolt domain):

SELECT u.username AS EMAIL, CONCAT('https://passbolt.domain.tld/setup/install/', u.id, '/', at.token) as URL 
FROM users u
INNER JOIN authentication_tokens at ON at.user_id = u.id
WHERE at.active = 1;