Question about the AD/LDAP integration
-
My new users can not sign into my rocket.chat instance. They have tried the following
username
username@domain.com
cloudronemail@domain.comBut nothing is working.
Nextcloud works flawlessly with the LDAP integration, am I missing something here?
-
@privsec Same issue here. Just tried Rocket.chat because of my nextcloud talk issues. Turns out LDAP is messed up. Even with a manual sync it brings in every user BUT mine...
-
@atrilahiji @privsec Did you name the initial admin user as
admin
or did you give the Cloudron's username? If it's the latter, then the usernames with conflict with LDAP and it won't work. -
@girish I made it admin
-
This still seems to be working fine for me.
@thetomester13 is a new user on my Cloudron and he managed to login to https://chat.uniteddiversity.coop fine yesterday.
-
I just created a brand new user, and had them try to sign in, and its not working. I have my main account for rocket.chat as admin.
-
@privsec So it seems like its not just a blanket issue with LDAP. Likely config on those specific apps? Just tried verdaccio and it works just fine.
-
@atrilahiji Good point. Likely an issue with specific apps config files.
-
A Former Userreplied to privsec on Dec 17, 2020, 5:10 PM last edited by A Former User Dec 17, 2020, 5:10 PM
@privsec Heh I goofed. Should have been obvious. Did you by chance register the admin account using the same email you have for your cloudron admin account? That will cause this issue. It tries to map the email and can't because theres a duplicate.
-
@atrilahiji To be clear, my cloudron sign in email needs to be the same email as my admin account for rocket.chat?
Is that the same for all apps?
-
A Former Userreplied to privsec on Dec 17, 2020, 5:13 PM last edited by A Former User Dec 17, 2020, 5:13 PM
@privsec No no no. It should not be. Make your initial admin account have an email like admin@local.com (doesn't need to be real) and ensure it has a username that does not match any account pulled in VIA LDAP
-
girish Staffreplied to A Former User on Dec 17, 2020, 5:16 PM last edited by girish Dec 17, 2020, 5:17 PM
@atrilahiji said in Question about the AD/LDAP integration:
It tries to map the email and can't because theres a duplicate
Yup, exactly. I actually put the message in the post install dialog but it's easy to miss it. You can also see this text in the top right of the app configure view. In the drop down select, First time setup instructions.
Please follow the following guidelines to complete the Rocket.Chat admin setup: * Use `admin` as the admin username in Rocket.Chat. This will avoid any conflict with Cloudron usernames. * Use an email address that is different from the Cloudron primary email. This will avoid any conflict with Cloudron email ids.
-
@atrilahiji Then it is set up correctly.
My admin account is not tied to any real account in cloudron and the email is tied to email account that was created specifically for this app. -
-
@privsec The cloudron email server and the user email ids are totally separate things (i.e Cloudron LDAP integration point of view). The mailboxes is just local to the Cloudron Email and is not part of the LDAP directory and thus apps have no idea about it.
The email id that apps know about is the one in the Users page. Users can also change this email in their profile page.
This doesn't answer why you are unable to login as
testuser
though. I am not sure what is happening, can you send us an email on support@cloudron.io, so we can look into this? Our own rocket.chat instance seems to be working fine. I also tried a new local instance and that too works fine.
6/22