Changes to WordPress apps
-
@jdaviescoates In the meantime, people can reproduce most of what multi-site does with these plugins for those wanting each site to stay contained and portable for resources:
I do intend to have another look at multi-site at some point as a way of quickly firing up demo instances, so I agree on the need, we just wanted to solve the same things in a more segregated way to keep options open.
@marcusquinn And that's the one area you and I diverge in which, I think, is good. You keep me thinking of the benefits of single site and I'll keep you thinking of the benefits of multisite.
-
For interest, these aliases are all the same Cloudron app:
I'll ask the team for more details while we wait for an official option.
-
I have pushed the fixes for the WordPress (Developer) app. See https://forum.cloudron.io/post/16775 . It now has LDAP support as well. New doc pages is at https://docs.cloudron.io/apps/wordpress-developer/
-
I have pushed the fixes for the WordPress (Developer) app. See https://forum.cloudron.io/post/16775 . It now has LDAP support as well. New doc pages is at https://docs.cloudron.io/apps/wordpress-developer/
@girish said in Changes to WordPress apps:
I have pushed the fixes for the WordPress (Developer) app. See https://forum.cloudron.io/post/16775 . It now has LDAP support as well. New doc pages is at https://docs.cloudron.io/apps/wordpress-developer/
Can you activate LDAP post-installation or would I have to re-install? I broke Cloudron rn so I can't test an app to try and see if it's in the configuration settings.
-
@girish said in Changes to WordPress apps:
I have pushed the fixes for the WordPress (Developer) app. See https://forum.cloudron.io/post/16775 . It now has LDAP support as well. New doc pages is at https://docs.cloudron.io/apps/wordpress-developer/
Can you activate LDAP post-installation or would I have to re-install? I broke Cloudron rn so I can't test an app to try and see if it's in the configuration settings.
@Lonk said in Changes to WordPress apps:
Can you activate LDAP post-installation or would I have to re-install?
Exactly what I'm thinking... I'll go and see...
-
@Lonk said in Changes to WordPress apps:
Can you activate LDAP post-installation or would I have to re-install?
Exactly what I'm thinking... I'll go and see...
@jdaviescoates I’ve updated one of my wp apps, installed the ldap plugin used the managed ldap settings and (just to be sure) after a restart of the app ldap works!
-
@jdaviescoates I’ve updated one of my wp apps, installed the ldap plugin used the managed ldap settings and (just to be sure) after a restart of the app ldap works!
@imc67 said in Changes to WordPress apps:
installed the ldap plugin used the managed ldap settings
Aha, I also just updated and didn't see any LDAP support, but this is the step I'm missing!
@girish be nice if updating Unmanaged to the new Developer version auto-magically installed the LDAP plugin and settings!
-
@jdaviescoates I’ve updated one of my wp apps, installed the ldap plugin used the managed ldap settings and (just to be sure) after a restart of the app ldap works!
@imc67 said in Changes to WordPress apps:
@jdaviescoates I’ve updated one of my wp apps, installed the ldap plugin used the managed ldap settings and (just to be sure) after a restart of the app ldap works!
When you go to Access Control in your updated app are you now seeing this? (as per how it looks if you install and choose LDAP on install)
-
@imc67 said in Changes to WordPress apps:
installed the ldap plugin used the managed ldap settings
Aha, I also just updated and didn't see any LDAP support, but this is the step I'm missing!
@girish be nice if updating Unmanaged to the new Developer version auto-magically installed the LDAP plugin and settings!
@jdaviescoates said in Changes to WordPress apps:
@imc67 said in Changes to WordPress apps:
installed the ldap plugin used the managed ldap settings
Aha, I also just updated and didn't see any LDAP support, but this is the step I'm missing!
@girish be nice if updating Unmanaged to the new Developer version auto-magically installed the LDAP plugin and settings!
I would have missed that necessary step myself. The only reason I didn't check on my own install is because @girish made a "hot fix" for me for my development and I had a VM issue so I re-installed and was refusing to go through the setup because I was afraid cloudron-machine wouldn't work after setup. But @girish confirmed today it does work after setup so I'm going to have fun testing out this LDAP integration with WP and figure out how
cloudron-machineworks later. -
@jdaviescoates What @imc67 did should not be possible, so I am not sure how it works for him. The LDAP will only be available for new installations since this flag is chosen at install time and there is no way to change it post installation without tinkering with the database. Might be easier to export/import into a new install. Just backup current app, make a new LDAP based install and import that backup into new app.
-
@jdaviescoates What @imc67 did should not be possible, so I am not sure how it works for him. The LDAP will only be available for new installations since this flag is chosen at install time and there is no way to change it post installation without tinkering with the database. Might be easier to export/import into a new install. Just backup current app, make a new LDAP based install and import that backup into new app.
-
-
@jdaviescoates What @imc67 did should not be possible, so I am not sure how it works for him. The LDAP will only be available for new installations since this flag is chosen at install time and there is no way to change it post installation without tinkering with the database. Might be easier to export/import into a new install. Just backup current app, make a new LDAP based install and import that backup into new app.
@girish said in Changes to WordPress apps:
@jdaviescoates What @imc67 did should not be possible, so I am not sure how it works for him. The LDAP will only be available for new installations since this flag is chosen at install time and there is no way to change it post installation without tinkering with the database. Might be easier to export/import into a new install. Just backup current app, make a new LDAP based install and import that backup into new app.
Oh, gotcha, it can only be set at install time. So, do you think your suggestion to "set the flag without DB voodoo" (which I'm gonna do because I can't get the cloudron app db to work with remote sql, I've tried a lot). Do you think that method will clash with multisite database URL location changes (Wordpress storing the URL in a different place than single site)?
-
@imc67 Ah, "installed the ldap plugin used the managed ldap settings". I missed this. So you put the credentials of managed LDAP app into this existing unmanaged app? Note that this will stop working when the managed app goes away!
-
@imc67 Ah, "installed the ldap plugin used the managed ldap settings". I missed this. So you put the credentials of managed LDAP app into this existing unmanaged app? Note that this will stop working when the managed app goes away!
-
-
@Lonk credentials are generated per app, he copied one app's LDAP credentials.
If that app goes away, so do the unique credentials.
-
@girish huh why? These “codes” / settings are even from a managed app on another Cloudron, aren’t they the same for all?
@imc67 Ah yes, I see why it works.
From a security perspective, each app gets it's own addon credentials (database, redis, ldap etc). When app is installed/uninstalled, we create/destroy a separate username/password/database for each app. Now, Cloudron could have gone a step further and implemented a security measure that these credentials will work only when the specific app uses it. This can be done because each app has it's own IP address internally (via Docker). We haven't implemented this, and as a result, the credentials of one app (say mysql username/password/database) can be copied over to another app and it will work. But it will only work until the other app exists. When the other app is uninstalled or repaired/restored etc, the credentials are regenerated.
In the case of LDAP addon, there is a so called "bind" password which allows apps to make LDAP queries. We generate a bind password per app. However, currently, we don't enforce this password since some apps do not support it. This WordPress LDAP plugin we use is one such case (probably one of the remaining 3-4 apps in Cloudron). Because, it doesn't use a bind username/password, all you are copying over is the LDAP server credentials (server name/port which is the same across all cloudrons). So, this happens to work now. But later when we fix the plugin to use LDAP credentials, it will stop working.
Also, you will see inconsistency in the UI since Cloudron is not aware that LDAP is enabled for the app. You will see a different access control view than what @jdaviescoates posted. You also can't control which users have access to ldap from the Cloudron UI. In fact, I am going to guess only admins can access your WP install (since they are allowed by default).
-
@imc67 Ah yes, I see why it works.
From a security perspective, each app gets it's own addon credentials (database, redis, ldap etc). When app is installed/uninstalled, we create/destroy a separate username/password/database for each app. Now, Cloudron could have gone a step further and implemented a security measure that these credentials will work only when the specific app uses it. This can be done because each app has it's own IP address internally (via Docker). We haven't implemented this, and as a result, the credentials of one app (say mysql username/password/database) can be copied over to another app and it will work. But it will only work until the other app exists. When the other app is uninstalled or repaired/restored etc, the credentials are regenerated.
In the case of LDAP addon, there is a so called "bind" password which allows apps to make LDAP queries. We generate a bind password per app. However, currently, we don't enforce this password since some apps do not support it. This WordPress LDAP plugin we use is one such case (probably one of the remaining 3-4 apps in Cloudron). Because, it doesn't use a bind username/password, all you are copying over is the LDAP server credentials (server name/port which is the same across all cloudrons). So, this happens to work now. But later when we fix the plugin to use LDAP credentials, it will stop working.
Also, you will see inconsistency in the UI since Cloudron is not aware that LDAP is enabled for the app. You will see a different access control view than what @jdaviescoates posted. You also can't control which users have access to ldap from the Cloudron UI. In fact, I am going to guess only admins can access your WP install (since they are allowed by default).
