What type of hardware are you using: Old laptop or computer What YunoHost version are you running: 12.0.17 What app is this about: Mastodon
Describe your issue
I have three accounts on my instance and the original owner account is working fine, so I can log in and administer the instance with that.
Two other accounts are locked out though, they cannot reset their passwords. If I manually reset the password and they follow the link in the email, the following error message is shown:
You are logged in via an external service, so password and email settings are not available.
I don’t think they actually are logged in anywhere else.
What’s going on? Is there a way to force all users to logout of every session?
Because the accounts are managed by yunohost via ldap. So, you can define passwords for them so they can login to the portal and change their passwords.
The other two accounts don’t correspond to a yunohost user, they’re just web accounts in Mastodon. There is only one yunohost user account for the server itself.
I used the owner’s invite link to open a new account, which allowed me to login. I updated the password in the web settings, and logged out. I am now unable to login as that new user exactly like the other two. So passwords are entirely broken somehow.
At this point I have no idea what to do, short of reinstalling Mastodon from scratch and starting again. But I don’t know why this happened in the first place, so how can I rely on it next time?
Can anyone help? Sorry, I’m clearly out of my depth here - although I have no idea how this spontaneously happened…
OK, so am I right in thinking that under yunohost, a Mastodon user can never change their password, otherwise it breaks whatever link it has to ‘LDAP’?
So do I have no choice but to start all over again, and remember that none of my users on the instance will EVER be able to change their passwords?
There is a way to completely detach authentication from YunoHost’s LDAP, but there are a few drawbacks to consider.
=> At your own risk :
First you need to create an admin user outside of YunoHost accounts (this user will become the administrator once LDAP authentication is disabled).
Then, you need to modify the following parameter in Mastodon’s environment file:
sudo nano /var/www/mastodon/live/.env.production
changeLDAP_ENABLED=true to LDAP_ENABLED=false
restart mastodon services :
sudo yunohost service restart mastodon-web
sudo yunohost service restart mastodon-streaming
sudo yunohost service restart mastodon-sidekiq
Finally, consider than any mastodon app update will reset parameter LDAP_ENABLED to true.
Thanks for this! I have created corresponding users on the Yunhost web admin, and after a bit of cache clearing and restarting things, the two other accounts are working again.
Of course, I’m not sure how I actually implement this for other users who might join my instance - I’d basically have to give them a user account on my YH server and instruct them never to change their password…?!?
