Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+3 votes
in Q2A Core by
I recently installed the qa-ldap-plugin to my question2answer instance, and I went to test it out, and after logging in, I got a redirect loop on my browser. I did some diagnostics to check that my LDAP configuration was working correctly, and did not find that to be an issue. Has anyone faced a similar issue?
Q2A version: 1.6.3

2 Answers

+4 votes
Best answer

I found an answer in this thread that explains the issue I was having. 

If you are trying to log in with an LDAP account that has an email that already exists in the Q&A MySQL database, this redirect occurs. In my case, I had created an account on Q&A when I first installed it to test it out, and I used my email address. Then when I used my company's LDAP for authentication using the qa-ldap-plugin, my account had the same email address as Q&A's database, which caused this.

In the quest to get this solved, you have to delete the cookies in your browser (or just use a different browser), because the redirect will keep happening as long as Q&A thinks that you are logged in. As in, you have to "log out" first so that you can log back in as a super administrator to fix the problem.

The solution is to delete the existing user as a super admin, which you can do per these instructions, and then log out of your super admin account and log back in with your LDAP credentials. A new account is created and no redirect occurs.

This applies to version v0.4 of the qa-ldap-plugin.

thanks man, it worked for me
Thanks for this Root cause details
+3 votes

I don't have a solution to the problem, but we had the same issue and came up with a workaround that did not delete the users. We observed the rows created in the qa_userlogins table when a new user attempted to login via LDAP. With that, we re-created an entry in that table for users already in the qa_users table.

The SQL statement was simple:

mysql> INSERT INTO qa_userlogins (userid, source, identifier, identifiermd5)  SELECT userid, "ldap", email, unhex(md5(email)) FROM qa_users;

We also used a "SELECT" statement to trim the user list coming out of the qa_users table. (e.g. ... WHERE email LIKE "%@example.com"). So far this has worked for existing and new users to the Q2A site.

You are the best, that solved the problem for me.
This solution helped me