Dolibarr OIDC

charlesnw

Hello.

I was doing some research and I see Dolibarr supports OIDC.

https://wiki.dolibarr.org/index.php?title=Authentication,_SSO_and_SSL

Any possibility of switching to that from LDAP?

Dolibarr is my only Cloudron app using LDAP and not 2fa protected.

nebulon

It is on our list, but the OAuth2 integration which we have to use here still has issues. We keep an eye on that though!

charlesnw

Looks like it’s OIDC ?

nebulon

@vladimir.d has looked into this these days, he may have more insights. However you can also try to get it to work as a Cloudron OpenID client and if it works let us know, then we can integrate it into the package quickly. So far we hit issues around OAuth grants if I recall correctly.

charlesnw

I will wait for @vladimir.d to reply Otherwise I'll attempt to set it up as a Cloudron OIDC client in next couple days.

charlesnw

Hello all.

I have :

• Edited the conf file:

$dolibarr_main_authentication='openid_connect,dolibarr';

• Enabled the OpenID module:

(I suppose when the package is deployed, you'll want that module enabled by default?) https://www.dolibarr.org/forum/t/help-needed-using-doli-enable-modules-in-docker-installation/29945 seems relevant for that.

I am now at the settings screen:

Hopefully I will shortly have OIDC working. Once I do, should I send some kind of pull request or?

charlesnw

If anyone has some time to help me hack on this, it would be greatly appreciated.

I attempted to map the Dollibar OIDC bits to the Cloudron OpenID fields. Not sure if I got it correct. Also, I suppose that the sync script will need to be run even with OIDC?

nebulon

@vladimir.d also has a branch with an attempt to get it working at https://git.cloudron.io/packages/dolibarr-app/-/tree/oidc-v21?ref_type=heads

vladimir.d

Unfortunately I'm not sure if OpenID auth is working properly in Dolibarr at the moment.
We are facing into same errors as explained at https://github.com/Dolibarr/dolibarr/issues/33974

charlesnw

Can you share a config which will get me to that error? I’m happy to troubleshoot it.

charlesnw

I see the latest Cloudron Dolibarr update supports OIDC! Thanks! This is awesome. It was my last app to not support OIDC login.

charlesnw

I have a number of Dolibar instances deployed on my Cloudron. Post OIDC update all of them work for OIDC login. All but 1 work for the local admin login.

i get the error:

Not an OpenID Connect flow

The configuration of all of them (on the filesystem/cloudron side) is stock / identical. I've got custom groups etc inside the instances to support the various lines of business. However I haven't made any major global or code etc changes to any of them, just customized modules/perms etc via the GUI.

Any ideas?

joseph

Dolibarr being the beast it is, might be worth disabling the customizations one by one and figure out what change breaks.

charlesnw

I can't do that. I can't login as admin.

joseph

Rough.. But I think you can maybe delete the plugin from the filesystem in /app/data/ . I don't know the exact directory but I am guessing there is a plugins subdirectory somewhere inside it from where you can delete/move the plugin one by one .

charlesnw

I’ll take a look. Thanks for the suggestion.

I don’t think that will solve my issue. I’ll update this thread with the results either way

charlesnw

Did not work. I made the

/app/data/dolibarr

directory identical to a working instance. I restarted the instance that I can't login to as admin and get exact same error. Any way to increase the logging?