kipjr / ldap_login Goto Github PK

On my server, Ldap login fails for password that contain the special symbol "".

The log below is for a successful login of user "test" with password "abcdefg":

2019-06-19T23:04:49+00:00: [function]> ldap_search_dn(test)
2019-06-19T23:04:49+00:00: [ldap_search_dn]> Connecting to server
2019-06-19T23:04:49+00:00: [ldap_search_dn]> make_ldap_bind_as($this->cnx,,)
2019-06-19T23:04:49+00:00: [function]> make_ldap_bind_as
2019-06-19T23:04:49+00:00: [make_ldap_bind_as]> $conn,,
2019-06-19T23:04:49+00:00: [ldap_search_dn]> @ldap_search($this->cnx,dc=directory,dc=nh,(&(objectClass=person)(uid=test)),array('dn'),0,1)
2019-06-19T23:04:49+00:00: [ldap_search_dn]> ldap_search successfull
2019-06-19T23:04:49+00:00: [ldap_search_dn]> RESULT: uid=test,ou=People,dc=directory,dc=nh
2019-06-19T23:04:49+00:00: [function]> ldap_bind_as
2019-06-19T23:04:49+00:00: [ldap_bind_as]> uid=test,ou=People,dc=directory,dc=nh,abcdefg
2019-06-19T23:04:49+00:00: [function]> make_ldap_bind_as
2019-06-19T23:04:49+00:00: [make_ldap_bind_as]> $conn,uid=test,ou=People,dc=directory,dc=nh,abcdefg
2019-06-19T23:04:49+00:00: [ldap_bind_as]> Bind was successfull
2019-06-19T23:04:49+00:00: [function]> check_ldap_group_membership('openldap','uid=test,ou=People,dc=directory,dc=nh', '', 'test')

And here is a log for an uncuccessful login, after the password was changed to "\abcdefg":

[function]> ldap_search_dn(test)
2019-06-19T23:05:28+00:00: [ldap_search_dn]> Connecting to server
2019-06-19T23:05:28+00:00: [ldap_search_dn]> make_ldap_bind_as($this->cnx,,)
2019-06-19T23:05:28+00:00: [function]> make_ldap_bind_as
2019-06-19T23:05:28+00:00: [make_ldap_bind_as]> $conn,,
2019-06-19T23:05:28+00:00: [ldap_search_dn]> @ldap_search($this->cnx,dc=directory,dc=nh,(&(objectClass=person)(uid=test)),array('dn'),0,1)
2019-06-19T23:05:28+00:00: [ldap_search_dn]> ldap_search successfull
2019-06-19T23:05:28+00:00: [ldap_search_dn]> RESULT: uid=test,ou=People,dc=directory,dc=nh
2019-06-19T23:05:28+00:00: [function]> ldap_bind_as
2019-06-19T23:05:28+00:00: [ldap_bind_as]> uid=test,ou=People,dc=directory,dc=nh,\\abcdefg
2019-06-19T23:05:28+00:00: [function]> make_ldap_bind_as
2019-06-19T23:05:28+00:00: [make_ldap_bind_as]> $conn,uid=test,ou=People,dc=directory,dc=nh,\\abcdefg

The error shown on the plugin page after running "Ldap_Login Test" is:

Binding OK, but check credentials on server ldaps://127.0.0.1 for user uid=test,ou=People,dc=directory,dc=nh

#101

Hello all ;p
i'm trying to use ldap_login , but i have a issue
the bind seems to work, but the search of a user not :

i try with and without filter on user , i use same filter for GLPI , same LDAP server, in production

i try several account, several position , and even the "bind" account is not found in test (as the bind seems to work o.O)

[2021:12:03 11:08:770937] DEBUG: [ldap_search_dn]> Connecting to server
[2021:12:03 11:08:771036] DEBUG: [ldap_search_dn]> make_ldap_bind_as($this->cnx,CN=piwigo,**** ,$this->config['ld_bindpw']
[2021:12:03 11:08:771115] DEBUG: [function]> make_ldap_bind_as
[2021:12:03 11:08:771212] DEBUG: [make_ldap_bind_as]> $conn,CN=piwigo,*****
[2021:12:03 11:08:774404] DEBUG: [make_ldap_bind_as]> Bind was successfull
[2021:12:03 11:08:774498] DEBUG: [ldap_search_dn]> @ldap_search($this->cnx,*,(&(&(objectClass=user)(sAMAccountname=))((&(objectClass=user)(objectCategory=pson)(!(userAccountControl:1.2.840.113556.1.4.803:=2))))),array('dn'),0,1)
[2021:12:03 11:08:774604] DEBUG: [ldap_search_dn]> ldap_search NOT successfull:
[2021:12:03 11:08:774694] DEBUG: [function]> check_ldap
[2021:12:03 11:08:774801] DEBUG: [function]> ldap_conn
[2021:12:03 11:08:774884] DEBUG: [function]> make_ldap_conn
[2021:12:03 11:08:774967] DEBUG: [make_ldap_conn]> ld_port is 389. Connecting using default protocol
[2021:12:03 11:08:775162] DEBUG: [make_ldap_conn]> connected (LDAP_OPT_PROTOCOL_VERSION 3)
[2021:12:03 11:08:775293] DEBUG: [ldap_conn]> true
[2021:12:03 11:08:775381] DEBUG: [function]> ldap_check_basedn
[2021:12:03 11:08:776010] DEBUG: [function]> getErrorString
[2021:12:03 11:08:776101] DEBUG: [getErrorString]> Operations error

thx for the help

Regards

Hi, I am getting this error when trying to 'refresh' the 'Sync settings':
Warning: ldap_search(): Search: Operations error in C:\inetpub\wwwroot\plugins\Ldap_Login\class.ldap.php on line 538

How can this be fixed?
I think my configuration should be correct ('test settings' works fine)

Gives no results. Unable to login. Size limit exceeded

Hi,

I've set up Piwigo with linuxserver/piwigo docker image and installed the ldap plugin on it successfully.
When saving the ldap settings with plugin admin, i'm getting the following errors on blank page.

Any ideas? Not sure if the bug is in the docker image or in the plugin. At least the error is not very user friendly. File class.ldap.php is owned by 1007:1007 which is also the UID/GID Piwigo has been set up to run as.

LDAP extension not loaded

Warning: file_put_contents(/var/log/ldap_login.log): failed to open stream: Permission denied in /config/www/gallery/plugins/Ldap_Login/class.ldap.php on line 13

Warning: file_put_contents(/var/log/ldap_login.log): failed to open stream: Permission denied in /config/www/gallery/plugins/Ldap_Login/class.ldap.php on line 13

Warning: file_put_contents(/var/log/ldap_login.log): failed to open stream: Permission denied in /config/www/gallery/plugins/Ldap_Login/class.ldap.php on line 13
LDAP extension not loaded

Fatal error: Uncaught Error: Call to undefined function ldap_err2str() in /config/www/gallery/plugins/Ldap_Login/class.ldap.php:135 Stack trace: #0 /config/www/gallery/plugins/Ldap_Login/class.ldap.php(30): Ldap->getErrorString() #1 /config/www/gallery/plugins/Ldap_Login/admin/configuration.php(59): Ldap->check_ldap() #2 /config/www/gallery/plugins/Ldap_Login/admin.php(20): include('/config/www/gal...') #3 /config/www/gallery/admin/plugin.php(68): include_once('/config/www/gal...') #4 /config/www/gallery/admin.php(312): include('/config/www/gal...') #5 {main} thrown in /config/www/gallery/plugins/Ldap_Login/class.ldap.php on line 135

• Install
• Configure as LDAP
• Test binding
• Test LDAPS
• Test login

Hi there!
I'm trying to get this to work with Cloudron (self hosting provider), but I can't save the password, I reckon it is too long (128 bytes). Is it possible to change the config from dat to something readable/maintainable like local/config/database.inc.php? Because sometimes the password changes and then I'll have to sed it via script, which is not much fun with that .dat file.

Best regards, M

Good day.
Problem reading group membership. If you do not take into account the composition of the group, the authorization of the user proceeds normally, but if you try to map the user to the desired group, during authorization it gives an error:

Warning
: ldap_search(): Search: Bad search filter in
/var/www/html/piwigo/plugins/Ldap_Login/class.ldap.php
on line
360

this method works great when emulating from powershell.

I do not understand the purpose and mechanism of the filters:
User Schema Settings -> User Object Filter:
Group Schema Settings -> Group Object Filter:

Firstly, thank you for the work on the plugin update for Piwigo 2.9.x. However, I tried to use it and I failed.

I have installed the plugin (Piwigo 2.9.4, PHP 7.0, docker container based on debian), and I see the errors in the admin page:

The configuration is also not saved. Can you hint me what it can come from? My one guess is that you develop on PHP 5.x and that these errors are because of stricter PHP 7. Can it be the case?

When a user is member of a large group, it may happen that the user is unable to login due to the pagination of ldap. However, the filter with the user DN in it will prevent this.

This is unfortunately not correctly implemented.

If I activate the ldap plugin i get this warning:

: Cannot modify header information - headers already sent by (output started at /piwigo/plugins/Ldap_Login/class.ldap.php:551) in
/piwigo/include/page_header.php
on line
86

The plugin itself works well.

Versions: php: 7.3.19-1, piwigo 2.10.2, ldap plugin: 2.10c

Risiko

Is it possible to use the plugin in current piwigo version? I have it just fresh installed, ldap is ready also and... I cannot bring it to work.

I started to receive this error recently, and LDAP authentication has stopped working for me. I was able to get back in via the admin account.

Hi,
When attempting to bind piwigo to my AD using the ldaps option, I receive the following error:
Error : Can't contact LDAP server for binding on server ldaps://dc01.el.eee.intern:636 for user ProxyAgent, check your binding!
Binding piwigo without the ldaps option works flawlessly. I also confirmed that the AD port 636 is open and have used the same service account to establish ldaps connections with other services.

Do you have any pointers on getting the secure connection established? Thanks!

Not sure if related to issue #3 .

I managed to get user binding to work and LDAP users can login to piwigo.

Problem is the groups. I've set the group DN as:
cn=admin,ou=groups,dc=example,dc=com

We have users that belong to admin group and I'd like to provide them with admin access to piwigo. LDAP server admin is also a user named admin.

After login the plugin seems to read the group members properly, for each member there is log line:
[check_ldap_group_membership]> Test user = user?
And when the user matches:
[check_ldap_group_membership]> memberUid matches user

The result is that user is created in piwigo, but it doesn't have a group assigned so nobody can do anything. I assume LDAP plugin should create the admin group to piwigo when user in the group logs in for the first time.

I suppose I'm doing something wrong but what it might be?

Hi. Long time no see.
Trying Piwigo again.

Just a small issue here. My ldap settings are surely not done yet, but im getting this error on top of page when testing connection with anonymous binding.
Notice: Undefined offset: 0 in /config/www/gallery/plugins/Ldap_Login/admin/configuration.php on line 119
Link to the faulty line
https://github.com/Kipjr/ldap_login/blob/e388bfe898eee93ae9b9c916d3cbd4976338d660/admin/configuration.php#L119
Thanks

The newest version that's available is Revision 13.6.0-be2, but 13.6.0 is already released. Please release the newest version on https://piwigo.org/ext/extension_view.php?eid=650 as well.

Hi,

I tried to activated Ldap_Login but I ran into several problems:

• signed incompatibility to 13.5
• mysqli_sql_exception when activating
• class.inc.php results in "file not found: Ldap_Login/logs"

BTW:
base: Ubuntu Server 22.04.01LTS, piwigo 13.5 (download from jan, 30, 2023), PHP 8.1.2-1ubuntu2.10 (cli) (built: Jan 16 2023 15:19:49) (NTS), ldap_login-master (2.10c (download from Feb, 02, 2023)

(0) rename the directory of the plugin to "Ldap_Login".or extract directly to "Ldap_Login"

(1) working but against some hints an probably too complicated
I tried to get around and found two (2) workarounds, but no real solution.

• could not find any mysql_report call neither to be silent (MYSQL_REPORT_OFF) nor MYSQL_REPORT_ERROR alone or in combination with MYSQL_REPORT_STRICT
• According to https://stackoverflow.com/questions/22662488/what-to-do-with-mysqli-problems-errors-like-mysqli-fetch-ar ray-argument-1-m/22662582#22662582 you should avoid using try...catch.
• despite that I used an exception handling in the function ld_table_exist of funcfion_sql.inc.php to come around the exception

This is what I tried:
replace the body of ld_table_exist by the following code:

    $r = NULL;
    $result = true;
    $query = 'select 1 from `piwigo_ldap_login_config` LIMIT 1';
    error_log('[ld_table_exist] > ' . $query);
    try {
            error_log('[ld_table_exist] > Try query on database');
            $r = pwg_query($query);
            if (!is_object($r)) {
                    $result = false;
            } else {
                    $result = true;
            }
    } catch(mysqli_sql_exception $mex) {
            error_log('[ld_table_exist] > mysqli_sql_exception caught.');
            error_log('[ld_table_exist] > ' . $mes);
            $result = false;
    }
    error_log('[ld_table_exist] > ' . $result);
    return $result;

(2) I tried a second but simple workaround. This may have an influence on the mysqli_ library. (Checked by deactivating and deleting the plugin and then reactivating.)

let ld_table_exist first call mysql_report(MYSQL_REPORT_ERROR) without the STRICT option. This avoids sending an exception.

    **mysqli_report(MYSQLI_REPORT_ERROR);**
    $query = ('select 1 from `piwigo_ldap_login_config` LIMIT 1');
    $r = pwg_query($query);
    if(is_object($r) !== TRUE)
    {
       //table not found..

       return false;
    }
    else
    {
            return true;
            //I can find it...
    }

May be this helps.
Do not know how to avoid the compatibility notification.
At the moment I can work with my LDAP-based directory service.

Regards
lp

I freshly installed slapd (OpenLDAP) on an Ubuntu 16.04 VM and added the memberof overlay using this procedure (http://www.ridingbytes.com/2017/03/06/how-to-configure-openldap-to-be-usable-for-owncloud/), which works great for OwnCloud integration. However, I'm having issues getting Piwigo to work with this. When I just add the Base DN and have the username attribute set to "uid", it works great, but I would like to be able to manage the users with groups on my OpenLDAP implementation. When I add the "DN of group for membership-check (memberOf)" it complains with the error:

"Credentials OK, Check GroupMembership for: cn=Test User,ou=Users,dc=example,dc=com"

My Piwigo LDAP_Login config is as follows:

LDAP server connection

• LDAP server host = localhost
• LDAP port = 389

Ldap attributes

• Base DN of LDAP server (e.g.: dc=example,dc=com) = dc=example,dc=com
• Attribute corresponding to the user name = uid
• DN of group for membership-check (memberOf) = cn=PiwigoUsers,ou=Groups,dc=example,dc=com

LDAP connection credentials

• Bind DN in LDAP style (e.g.: cn=admin,dc=example,dc=com) = cn=admin,dc=example,dc=com

I have attached some files that will hopefully be helpful for troubleshooting.

slapcat.txt
ldapsearch extended attributes.txt
ldapsearch.txt

The following error appears after updating the LDAP plugin on a yunohost server.

ntents(./plugins/ldap_login/logs/ldap_login.log): Failed to open stream: No such file or directory in /var/www/piwigo/plugins/Ldap_Login/class.ldap.php on line 59

... since this commit.

For add your project on https://piwigo.org/translate, can you give acces to user Piwigo-TranslationTeam and say me it's ok ;-)

Not work extenstion for piwigo.

Piwigo 2.10.1
OS: Linux
PHP: 5.6.33-0+deb8u1.netgear1
MySQL: 5.5.62-0+deb8u1
Images library: GD 2.1.1-dev

One good feature to have would be to be able to share albums to ldap users/groups.
This is not a login feature but would be useful for users who have not login yet.

While using the Ldap_Login Test for a regular user it fails with
Error : Can't contact LDAP server for binding on server ldaps://dc.ad.domain.com:636 for user piwigo, check your binding!
This is from /var/log/Ldap_login.log:

2018-09-19T14:24:16+02:00: [function]> ldap_search_dn(piwigo)
2018-09-19T14:24:16+02:00: [ldap_search_dn]> Connecting to server
2018-09-19T14:24:16+02:00: [ldap_search_dn]> make_ldap_bind_as($this->cnx,CN=piwigo ldap user,OU=system,OU=accounts,OU=items,DC=ad,DC=domain,DC=com,*mysecretpwhere*)
2018-09-19T14:24:16+02:00: [function]> make_ldap_bind_as
2018-09-19T14:24:16+02:00: [make_ldap_bind_as]> $conn,CN=piwigo ldap user,OU=system,OU=accounts,OU=items,DC=ad,DC=domain,DC=com,*mysecretpwhere*
2018-09-19T14:24:16+02:00: [ldap_search_dn]> Cannot bind to server!
2018-09-19T14:24:16+02:00: [function]> ldap_bind_as
2018-09-19T14:24:16+02:00: [ldap_bind_as]> CN=piwigo ldap user,OU=system,OU=accounts,OU=items,DC=ad,DC=domain,DC=com,*mysecretpwhere*
2018-09-19T14:24:16+02:00: [function]> make_ldap_bind_as
2018-09-19T14:24:16+02:00: [make_ldap_bind_as]> $conn,CN=piwigo ldap user,OU=system,OU=accounts,OU=items,DC=ad,DC=domain,DC=com,*mysecretpwhere*

I am running an Active Directory Domain Controller based on SAMBA 4.
I am using SSL protected LDAP. For that I have copied the ca-certificate of that DC into /usr/local/share/ca-certificates/ of the piwigo server because that was required for another webapp that successfully authenticates against the same DC (nextcloud).

Any network related issue like DNS or Firewall can be ruled out because I can see the ldap traffic on the DC side through tcpdump.

Can we make the debug log file more verbose?

• ldap_login Version: 13.6.0

Log:
PHP Fatal error: Uncaught Error: Call to undefined function str_starts_with() in /var/www/Gallery/plugins/Ldap_Login/class.ldap.php:79

Function "str_starts_with" was added in PHP 8.

In a scenario where all valid LDAP user are allowed so no need to specify an LDAP group (ld_group_user) and verify the users membership on it but have some of these users as admins or webmaster does not work because setting the variable ld_group_user_active to 0 to prevent verifying general users will also give everyone admin access regardless the variables ld_group_admin_active and ld_group_webmaster_active are set to 1 and the ld_group_admin and ld_group_webmaster have a correct group value.

following files ends with ?>

admin.php
main.inc.php
class.ldap.php

see issue:
Piwigo/Piwigo#643 (comment)
and
Piwigo/Piwigo#742

I don't know the root cause, but with ?> endings the file download is corruped with a starting /n (new Line) hex: 0x0a.

By default the plugin installs into a directory called Ldap_Login, but looks for log file in ldap_login.
One work-around was to manually install into a directory named ldap_login.

Hi,

(maybe this is a feature request, at least I did not find a configuration option for that)

is it possible to use the ldap-authenticated user as binddn?
That way, no special "service-user" is needed in LDAP as binddn for piwigo.

Thanks and kind regards,

Hi,
Would you be interested by patches that allows one to synchronize groups and/or user membership of a user at login time?
This would allows ldap users to access their photos at their first login.

This patch would need refactoring (sync_* functions moved to the ldap class). So I'm asking you before making such invasive changes if you would be ok to accept them (after review of course).

Regards
Vincent

I keep getting this error:
Error : Binding OK, but no valid DN found on server ldaps://subdomain.domain.net:636 for user

No issues when I run:
ldapsearch -x -ZZ -h subdomain.domain.net: v -D "uid=username,cn=users,cn=accounts,dc=domain,dc=net" -W

OR

ldapsearch -x -H ldaps://subdomain.domain.net:636 -D "uid=username,cn=users,cn=accounts,dc=domain,dc=net" -W -d100

I don't understand why when I do the same in Piwigo, it is giving me a "no valid DN found". I am using this as my Base DN:
cn=users,cn=accounts,dc=domain,dc=net

I have even tried just using dc=domain,dc=net but to no avail.

Please advise. Any help would be most appreciated. Thank you very much.

VSLCatena, you are my hero (almost 😉),
I've been using galery menalto in the past but as this project doesn't seem to continue I was looking for an successor. As I have a few users that almost even can't remember a single uid/pw combination it's important for me that a central user authentication (LDAP) can be used.

After installation of the Ldap_Login plugin the administration -> plugins -> ldap login page (http://XXXX/admin.php?page=plugin&section=Ldap_Login%2Fadmin.php) doesn't show anything. I've been able to trace it back and also found the solution for you.

From the admin.php file the admin/configuration.php file is included.
Here the ldap_conn() function is called (defined in class.ldap.php) and then processing of the page seems to just stop.

Root cause: When the LDAP Extension is missing, then before this warning is able to be shown on the screen the pageload is aborted by line
if ($conn = @ldap_connect($this->config['uri'])){
in file …./plugins/Ldap_Login/class.ldap.php
in function private function make_ldap_conn()

I was able to solve this by inserting following lines just in front of that line:

if (!extension_loaded('ldap')) {
   print "LDAP extension not loaded<br>";
   return false;
}

After adding these lines the ldap_connect function is not breaking the page load anymore and the warning that explains what’s wrong is shown.

Hello!

Great plugin! But I experienced that the password is not being updated if changed by the user in LDAP.
Is there a possibility to force a validity check with the LDAP server every time at login?

Kind regards
Fabian

Hi,

I have an issue with the set up page. We want to verify the users using Active Directory on a Windows Server, so far without LDAPS.

The issue seems to be with reading and processing the credentials.

The username we need to use contains a backslash and this seems to be an issue because most likely during serialization and subsequent unserialization, this backslash is treated very strangely. When looking at the log file, at various phases of the script the backslash is converted to either "5C" or another backslash. The final username saved to the db contains two backslashes instead of one. This of course leads to a failed connection.

Is there a way to make the script treat backslash correctly in username?

Hello all o/

I'm doing an internship in a company that would like to use piwigo.
The piwigo server is already set up and up to date however we cannot get the ldap_login to work.
1st off, as I update the settings in the conf. page, when I hit "Save", it will not keep all the settings update.
For example, it keeps on rolling back to use a "ldaps" protocol when I want to use a simple ldap.

Any work around on this ?

Hi,
I'm very new to Piwigo and LDAP, but I got the plugin working. I can now log in with my LDAP username and password and a new user in Piwigo is created.
But I got an issue with the group sync feature. When I try to sync the groups with my LDAP server, every time I hit "submit" or "refresh" the field "Group Base DN" is reset to the default value. There is no error displayed and the Logs are the following:

[2020:05:02 18:28:000000] DEBUG: [function]> ldap_conn
[2020:05:02 18:28:000000] DEBUG: [function]> make_ldap_conn
[2020:05:02 18:28:000000] DEBUG: [make_ldap_conn]> ld_port is 389. Connecting using default protocol
[2020:05:02 18:28:000000] DEBUG: [make_ldap_conn]> connected (LDAP_OPT_PROTOCOL_VERSION 3)
[2020:05:02 18:28:000000] DEBUG: [ldap_conn]> true

I hope you can help me.
(I hope you can understand my problem, my English is not the best)

I am setting up a new piwigo install, my unprivileged bind user has a DN of cn=ldapclient service,ou=people,dc=theta42,dc=com and can not bind, how ever, if I change the bind user to something with out a space, it works.

When clicking the "Activate" button for the plugin I end up with this message:

Notice: Use of undefined constant LDAP_LOGIN_PATH - assumed 'LDAP_LOGIN_PATH' in /var/www/piwigo/plugins/Ldap_Login/maintain.inc.php on line 39

Fatal error: Uncaught Error: Call to undefined method Ldap::load_default_config() in /var/www/piwigo/plugins/Ldap_Login/maintain.inc.php:44 
Stack trace: 
#0 /var/www/piwigo/admin/include/plugins.class.php(141): Ldap_Login_maintain->install('2.2', Array)
#1 /var/www/piwigo/admin/include/plugins.class.php(181): plugins->perform_action('install', 'Ldap_Login')
#2 /var/www/piwigo/admin/plugins_installed.php(73): plugins->perform_action('activate', 'Ldap_Login')
#3 /var/www/piwigo/admin/plugins.php(46): include('/var/www/piwigo...')
#4 /var/www/piwigo/admin.php(312): include('/var/www/piwigo...')
#5 {main} thrown in /var/www/piwigo/plugins/Ldap_Login/maintain.inc.php on line 44

My configuration:

    Piwigo 2.9.4
    Operating system: Linux
    PHP: 7.0.30-0+deb9u1 (Show info) [2018-09-18 23:21:31]
    MySQL: 5.5.5-10.1.26-MariaDB-0+deb9u1 [2018-09-18 23:21:31]
    Graphics Library: GD 2.2.4

Ldap_Login ver 2.2

I have tried to delete the plugin and install again but the error persists.

In a normal Piwigo installation, the plugin folders are not blocked. Therefore everyone can view every file in the directories. This is especially serious for the data.dat file which may contain sensible data like an AD password.

To see if you are affected, open http(s)://<your_piwigo_installation>/plugins/Ldap_Login/data.dat in your browser.

As a workaround you should advise users to block the access to the file (or the whole plugins(/Ldap_Login) directory) in the server settings or with an .htaccess file.

A better way would be to store the plugin settings in a php file which will be interpreted by the server and not just displayed.